Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da (https://www.trojaner-board.de/116887-live-security-platinum-malwarebytes-meldet-loeschung-3-infizierten-dateien.html)

Magnetiseur 08.06.2012 22:09

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da
 
Hallo,

ich bitte um eure Hilfe. Heute mittag meldetet sich plötzlich ein Programm namens "Live Security Platinum" auf dem PC meiner Freundin. Nach chaotischer Googlesuche (ich habe leider sehr wenig PC-Kompetenz) bin ich auf dieses Forum gestoßen. Ich hab dann Malwarebytes AntiMalware runtergeladen (bzw. aktualisiert, da es schon auf dem Rechner war. Hab mehrmals den vollständigen Scan durchlaufen lassen, es meldet danach zwar immer, dass die Dateien erfolgreich gelöscht wurden, aber nach dem Neustart tauchen sie beim nächsten Scan wieder auf :(

Avira Antivir ist auch auf dem Rechner, habe da auch schon mehrmals auf "Entfernen" geklickt - ohne Erfolg...

Der Report von Malwarebytes:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [Administrator]

Schutz: Aktiviert

08.06.2012 21:16:14
mbam-log-2012-06-08 (21-16-14).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 341960
Laufzeit: 1 Stunde(n), 11 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich hoffe, ich habe das jetzt richtig gemacht mit dem Thema erstellen und mich an die Forumregeln gehalten und hoffe auf eine Antwort...

Magnetiseur

Nachtrag: Ich habs noch so einen OTL-Scan gemacht - hier der Report:OTL Logfile:
Code:

OTL logfile created on: 6/8/2012 11:20:02 PM - Run 2
OTL by OldTimer - Version 3.2.47.0    Folder = C:\Users\Sarah\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 46.01% Memory free
5.86 Gb Paging File | 4.14 Gb Available in Paging File | 70.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 87.26 Gb Free Space | 61.67% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 133.38 Gb Free Space | 94.27% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sarah\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\madagaskar\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\madagaskar\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\madagaskar\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\ZipArchive.dll ()
MOD - C:\Program Files\OpenOffice.org 3\Basis\program\NSLDAP32V50.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\ScanWizard 5\SFRes.dll ()
MOD - C:\Program Files\ScanWizard 5\ScannerFinder.exe ()
MOD - C:\Program Files\OpenOffice.org 3\Basis\program\libxslt.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtCore4.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtNetwork4.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtGui4.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\madagaskar\mbamservice.exe (Malwarebytes Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (agec7qc3) --  File not found
DRV - (lech) -- C:\Windows\System32\drivers\pfij.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=3F90046A-94C7-4F50-BB58-39C953D61641&apn_sauid=4E6FD525-F3A4-44C5-B053-F0075E8A4470
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE353
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 15:49:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 21:24:59 | 000,000,000 | ---D | M]
 
[2009/11/14 15:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2012/05/02 22:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\x6grzyfh.default\extensions
[2011/05/23 00:55:46 | 000,002,396 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\searchplugins\askcom.xml
[2012/05/06 15:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/09/15 23:59:18 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/19 16:40:21 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\mozilla firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2012/03/28 14:52:13 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/06 15:49:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/19 23:22:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/15 20:36:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/15 20:36:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/15 20:36:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/15 20:36:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/15 20:36:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/15 20:36:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\madagaskar\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKCU..\Run: [CPN Notifier] C:\Program Files\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F84A043-FD63-43E5-8299-06DDA3ED9C9F}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D0DCD6-B7E1-4D82-916B-816B68ACA0C5}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9539C053-D6E2-4FA1-A6F6-49629EE48D8E}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEEEF2AB-EDE4-4BD2-A76D-15A1B293ADDA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell\AutoRun\command - "" = H:\GSLoader.exe
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/08 21:14:49 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/06/08 19:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/08 12:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\madagaskar
[2012/06/08 12:37:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/08 12:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\madagaskar
[2012/06/08 12:34:18 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/06/08 11:55:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012/06/08 11:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1
[2012/06/03 15:34:59 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/08 23:21:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/08 23:00:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/08 22:36:52 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\pfij.sys
[2012/06/08 21:32:41 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 21:32:41 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 21:14:49 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/06/08 21:14:08 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/08 21:13:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/08 21:13:49 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/08 12:37:43 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/03 15:34:59 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/06/03 15:34:59 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/05/10 13:10:34 | 000,438,648 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/06/08 22:39:51 | 000,018,944 | ---- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@
[2012/06/08 22:39:51 | 000,012,288 | ---- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@
[2012/06/08 22:39:50 | 000,001,648 | ---- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@
[2012/06/08 22:36:52 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\pfij.sys
[2012/06/08 12:37:43 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/03 15:34:59 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/01/11 20:28:40 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\@
[2011/02/11 14:44:11 | 000,293,712 | ---- | C] () -- C:\windows\System32\Tbsql03.dll
[2011/02/11 14:44:11 | 000,246,368 | ---- | C] () -- C:\windows\System32\Tbqry03.dll
[2011/02/11 14:44:11 | 000,145,696 | ---- | C] () -- C:\windows\System32\Tblib.dll
[2011/02/11 14:44:11 | 000,090,688 | ---- | C] () -- C:\windows\System32\Tbutl03.dll
[2011/02/11 14:44:11 | 000,014,512 | ---- | C] () -- C:\windows\System32\Tbgui03.dll
[2011/02/11 14:44:11 | 000,005,488 | ---- | C] () -- C:\windows\System32\Tbmds03.dll
[2010/10/27 20:36:47 | 000,090,112 | ---- | C] () -- C:\windows\System32\nccad432.dll
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
 
========== LOP Check ==========
 
[2012/03/26 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canneverbe Limited
[2010/04/19 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DAEMON Tools Lite
[2011/12/04 13:30:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FolderSync
[2010/10/27 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\kosy
[2009/11/15 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2011/12/04 13:29:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OTi
[2011/12/04 13:52:52 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OutlookSync
[2010/06/19 17:04:10 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies
[2010/06/19 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies Inc
[2012/05/03 10:22:20 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID

< End of report >

--- --- ---

cosinus 10.06.2012 18:33

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Magnetiseur 10.06.2012 19:12

Älteres Log von malwarebytes und OTL
 
Hallo Arne,

ok - ich habe noch jeweils ein älteres Log von malwarebytes und OTL gefunden...
Vielen Dank schonmal für die Hilfe!

Viele Grüße
Magnetiseur

P.S Ein Freund meinte, von McAfee gäbe es ein Tool (missile oder rocket?), das mir vielleicht helfen könnte. Nach den Ratschlägen, die ich hier gelesen habe, möchte ich das aber nicht einfach ausprobieren. Hast du [ist duzen ok im Forum, oder?] Erfahrungen damit bzw. Empfehlungen dazu?

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [Administrator]

Schutz: Aktiviert

19.03.2012 22:32:35
mbam-log-2012-03-19 (22-32-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349059
Laufzeit: 1 Stunde(n), 16 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL Logfile:
Code:

OTL logfile created on: 3/19/2012 8:16:06 PM - Run 1
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Sarah\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 51.34% Memory free
5.86 Gb Paging File | 4.29 Gb Available in Paging File | 73.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 87.55 Gb Free Space | 61.87% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 133.38 Gb Free Space | 94.27% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/03/19 20:15:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe
PRC - [2012/03/19 19:38:48 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/01/05 12:44:20 | 001,053,992 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
PRC - [2010/01/05 12:43:46 | 011,154,728 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
PRC - [2010/01/05 12:43:34 | 005,981,480 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe
PRC - [2010/01/05 12:43:26 | 001,811,752 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe
PRC - [2010/01/05 12:43:24 | 003,372,328 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/08 00:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/09/07 11:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/08/23 05:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/08/06 08:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/26 15:25:24 | 000,356,352 | ---- | M] () -- C:\Program Files\ScanWizard 5\ScannerFinder.exe
PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/01/16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/03/19 19:38:48 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/02 23:23:25 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/12/15 18:57:38 | 000,425,984 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\ZipArchive.dll
MOD - [2009/08/18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/07/22 17:22:20 | 000,249,856 | ---- | M] () -- C:\Program Files\ScanWizard 5\SFRes.dll
MOD - [2009/06/26 15:25:24 | 000,356,352 | ---- | M] () -- C:\Program Files\ScanWizard 5\ScannerFinder.exe
MOD - [2009/02/27 16:42:30 | 000,049,152 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\weblink.DEU
MOD - [2009/02/27 16:42:26 | 000,005,120 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU
MOD - [2009/02/27 16:41:54 | 001,060,864 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.DEU
MOD - [2009/02/27 16:41:50 | 000,008,192 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\reflow.DEU
MOD - [2009/02/27 16:41:26 | 000,011,264 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\PDDom.DEU
MOD - [2009/02/27 16:41:06 | 000,090,112 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.DEU
MOD - [2009/02/27 16:40:40 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU
MOD - [2009/02/27 16:40:12 | 001,712,128 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2009/02/27 16:40:10 | 000,274,432 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\DigSig.DEU
MOD - [2009/02/27 16:39:46 | 000,999,424 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.DEU
MOD - [2009/02/27 16:39:22 | 000,081,920 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.DEU
MOD - [2009/02/27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008/02/27 07:09:18 | 001,536,000 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\QtCore4.dll
MOD - [2008/02/19 11:37:32 | 000,561,152 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\QtNetwork4.dll
MOD - [2008/02/19 11:36:06 | 006,230,016 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\QtGui4.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/10/19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/01/16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a6g2p5io)
DRV - [2012/02/15 13:25:09 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/19 09:44:41 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/12/15 19:46:58 | 000,014,120 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2009/12/15 19:46:54 | 000,013,440 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2009/12/15 19:46:54 | 000,011,048 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2009/12/07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/12/07 19:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/10/12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/11/16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/10/28 16:35:14 | 000,583,128 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007/10/26 14:53:46 | 000,250,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=3F90046A-94C7-4F50-BB58-39C953D61641&apn_sauid=4E6FD525-F3A4-44C5-B053-F0075E8A4470
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE353
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 19:38:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 20:24:59 | 000,000,000 | ---D | M]
 
[2009/11/14 14:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2011/05/23 11:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\x6grzyfh.default\extensions
[2011/05/22 23:55:46 | 000,002,396 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\searchplugins\askcom.xml
[2011/11/16 12:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/09/15 22:59:18 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/19 15:40:21 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\mozilla firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2012/03/19 19:38:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/15 19:36:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/15 19:36:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/15 19:36:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/15 19:36:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/15 19:36:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/15 19:36:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKCU..\Run: [CPN Notifier] C:\Program Files\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F84A043-FD63-43E5-8299-06DDA3ED9C9F}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D0DCD6-B7E1-4D82-916B-816B68ACA0C5}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9539C053-D6E2-4FA1-A6F6-49629EE48D8E}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEEEF2AB-EDE4-4BD2-A76D-15A1B293ADDA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell\AutoRun\command - "" = H:\GSLoader.exe
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/18 18:24:03 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Dine
[2012/03/15 16:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2012/03/15 16:01:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terzio
[2012/03/15 16:01:23 | 000,000,000 | ---D | C] -- C:\Terzio
[2012/03/06 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cake Poker 2.0
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/19 19:55:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/19 17:05:45 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 17:05:45 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 16:55:37 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/19 16:55:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/19 16:55:14 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 13:11:46 | 000,700,836 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/03/18 13:11:46 | 000,653,898 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/18 13:11:46 | 000,149,920 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/03/18 13:11:46 | 000,121,090 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/15 20:57:28 | 000,014,585 | ---- | M] () -- C:\Users\Sarah\Desktop\Kündigung BvB.odt
[2012/03/15 16:02:16 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\0000079D.LCS
[2012/03/15 16:01:51 | 000,001,627 | ---- | M] () -- C:\Users\Sarah\Desktop\Ritter Rost - Die Eiserne Burg.lnk
[2012/03/15 02:14:07 | 000,438,648 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/03/08 23:46:18 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/03/06 21:46:13 | 000,001,014 | ---- | M] () -- C:\Users\Sarah\Desktop\Cake Poker 2.0.lnk
 
========== Files Created - No Company Name ==========
 
[2012/03/15 20:57:27 | 000,014,585 | ---- | C] () -- C:\Users\Sarah\Desktop\Kündigung BvB.odt
[2012/03/15 16:02:04 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\0000079D.LCS
[2012/03/15 16:01:51 | 000,001,627 | ---- | C] () -- C:\Users\Sarah\Desktop\Ritter Rost - Die Eiserne Burg.lnk
[2012/03/08 23:46:18 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2011/02/11 13:44:11 | 000,293,712 | ---- | C] () -- C:\windows\System32\Tbsql03.dll
[2011/02/11 13:44:11 | 000,246,368 | ---- | C] () -- C:\windows\System32\Tbqry03.dll
[2011/02/11 13:44:11 | 000,145,696 | ---- | C] () -- C:\windows\System32\Tblib.dll
[2011/02/11 13:44:11 | 000,090,688 | ---- | C] () -- C:\windows\System32\Tbutl03.dll
[2011/02/11 13:44:11 | 000,014,512 | ---- | C] () -- C:\windows\System32\Tbgui03.dll
[2011/02/11 13:44:11 | 000,005,488 | ---- | C] () -- C:\windows\System32\Tbmds03.dll
[2010/10/27 19:36:47 | 000,090,112 | ---- | C] () -- C:\windows\System32\nccad432.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010/05/03 22:04:02 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/03/23 12:26:48 | 000,201,512 | ---- | C] () -- C:\windows\System32\vpnapi.dll
 
========== LOP Check ==========
 
[2010/04/19 10:20:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DAEMON Tools Lite
[2011/12/04 12:30:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FolderSync
[2010/10/27 19:37:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\kosy
[2009/11/15 21:22:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2011/12/04 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OTi
[2011/12/04 12:52:52 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OutlookSync
[2010/06/19 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies
[2010/06/19 15:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies Inc
[2012/01/11 19:19:29 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID

< End of report >

--- --- ---

Oh ich hab am 8.6. noch mehr Logs:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.02

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [Administrator]

08.06.2012 12:38:32
mbam-log-2012-06-08 (12-38-32).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 339201
Laufzeit: 37 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|F4D55F3B00017A63000BC0D3B4EB23C1 (Trojan.LameShield) -> Daten: C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1\F4D55F3B00017A63000BC0D3B4EB23C1.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Bösartig: (C:\Users\Sarah\AppData\Local\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\n.) Gut: (%SystemRoot%\system32\shdocvw.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1\F4D55F3B00017A63000BC0D3B4EB23C1.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3EPAKUI\soft3[1].exe (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S9AAI38Y\soft4[1].exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sarah\AppData\Local\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\n (Rootkit.0Access) -> Löschen bei Neustart.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\n (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sarah\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [Administrator]

Schutz: Aktiviert

08.06.2012 13:29:02
mbam-log-2012-06-08 (13-29-02).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342063
Laufzeit: 1 Stunde(n), 6 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [Administrator]

Schutz: Aktiviert

08.06.2012 19:21:49
mbam-log-2012-06-08 (19-21-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342126
Laufzeit: 1 Stunde(n), 17 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 10.06.2012 20:22

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

Magnetiseur 10.06.2012 23:40

Eset Log
 
Hallo Arne,

ok, hier das Log von Eset und danke...

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=62e5d98496e7b24aa192337d0006b9b8
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-10 08:20:15
# local_time=2012-06-10 10:20:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 17819599 17819599 0 0
# compatibility_mode=5893 16776574 66 94 209326 90989337 0 0
# compatibility_mode=8192 67108863 100 0 280 280 0 0
# scanned=15724
# found=0
# cleaned=0
# scan_time=1470
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=62e5d98496e7b24aa192337d0006b9b8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-10 09:55:14
# local_time=2012-06-10 11:55:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 17821347 17821347 0 0
# compatibility_mode=5893 16776574 66 94 211074 90991085 0 0
# compatibility_mode=8192 67108863 100 0 2028 2028 0 0
# scanned=148450
# found=2
# cleaned=0
# scan_time=5419
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@ a variant of Win32/Sirefef.FA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan (unable to clean) 00000000000000000000000000000000 I

Hallo Arne,

noch ein kleiner Nachtrag, der zumindest mir wichtig vorkommt. Habe auch noch festgestellt, dass Windows Defender angehalten wurde und ich nicht darauf zugreifen kann. Ebensowenig auf Windows Firewall (derselbe Fehlercode: 0x80070424), aber die läuft noch irgendwie bzw. fragt bei Sachen nach, ob sie aufs Internet zugreifen dürfen... Avira Antivir scheint zu funktionieren...

Viele Grüße
Magnetiseur

cosinus 11.06.2012 11:40

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Magnetiseur 11.06.2012 19:46

OTL Log
 
Ok, hier das Log:

OTL Logfile:
Code:

OTL logfile created on: 6/11/2012 8:28:11 PM - Run 3
OTL by OldTimer - Version 3.2.47.0    Folder = C:\Users\Sarah\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 68.39% Memory free
5.86 Gb Paging File | 4.65 Gb Available in Paging File | 79.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 86.49 Gb Free Space | 61.13% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 133.38 Gb Free Space | 94.27% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sarah\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\madagaskar\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\madagaskar\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
MOD - C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\ZipArchive.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\ScanWizard 5\SFRes.dll ()
MOD - C:\Program Files\ScanWizard 5\ScannerFinder.exe ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtCore4.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtNetwork4.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtGui4.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\madagaskar\mbamservice.exe (Malwarebytes Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (amqfou7s) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=3F90046A-94C7-4F50-BB58-39C953D61641&apn_sauid=4E6FD525-F3A4-44C5-B053-F0075E8A4470
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE353
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=3F90046A-94C7-4F50-BB58-39C953D61641&apn_sauid=4E6FD525-F3A4-44C5-B053-F0075E8A4470
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE353
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/09 13:32:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 21:24:59 | 000,000,000 | ---D | M]
 
[2009/11/14 15:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2012/05/02 22:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\x6grzyfh.default\extensions
[2011/05/23 00:55:46 | 000,002,396 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\searchplugins\askcom.xml
[2012/05/06 15:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/09/15 23:59:18 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/19 16:40:21 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\mozilla firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2012/03/28 14:52:13 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/09 13:32:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/19 23:22:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/15 20:36:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/15 20:36:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/15 20:36:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/15 20:36:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/15 20:36:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/15 20:36:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\madagaskar\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1001..\Run: [CPN Notifier] C:\Program Files\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1006..\Run: [CPN Notifier] C:\Program Files\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F84A043-FD63-43E5-8299-06DDA3ED9C9F}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D0DCD6-B7E1-4D82-916B-816B68ACA0C5}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9539C053-D6E2-4FA1-A6F6-49629EE48D8E}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEEEF2AB-EDE4-4BD2-A76D-15A1B293ADDA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell\AutoRun\command - "" = H:\GSLoader.exe
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/10 21:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/08 19:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/08 12:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\madagaskar
[2012/06/08 12:37:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/08 12:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\madagaskar
[2012/06/08 12:34:18 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/06/08 11:55:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012/06/08 11:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/11 20:21:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/11 20:19:44 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 20:19:44 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 20:13:03 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/11 20:12:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/11 20:12:17 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/11 02:00:01 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/08 12:37:43 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
 
========== Files Created - No Company Name ==========
 
[2012/06/11 20:25:44 | 000,001,648 | ---- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@
[2012/06/09 13:38:06 | 000,018,944 | ---- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@
[2012/06/08 23:47:46 | 000,012,288 | ---- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@
[2012/06/08 12:37:43 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/03 15:34:59 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/01/11 20:28:40 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\@
[2011/02/11 14:44:11 | 000,293,712 | ---- | C] () -- C:\windows\System32\Tbsql03.dll
[2011/02/11 14:44:11 | 000,246,368 | ---- | C] () -- C:\windows\System32\Tbqry03.dll
[2011/02/11 14:44:11 | 000,145,696 | ---- | C] () -- C:\windows\System32\Tblib.dll
[2011/02/11 14:44:11 | 000,090,688 | ---- | C] () -- C:\windows\System32\Tbutl03.dll
[2011/02/11 14:44:11 | 000,014,512 | ---- | C] () -- C:\windows\System32\Tbgui03.dll
[2011/02/11 14:44:11 | 000,005,488 | ---- | C] () -- C:\windows\System32\Tbmds03.dll
[2010/10/27 20:36:47 | 000,090,112 | ---- | C] () -- C:\windows\System32\nccad432.dll
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
 
========== LOP Check ==========
 
[2012/03/26 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canneverbe Limited
[2010/04/19 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DAEMON Tools Lite
[2011/12/04 13:30:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FolderSync
[2010/10/27 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\kosy
[2009/11/15 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2011/12/04 13:29:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OTi
[2011/12/04 13:52:52 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OutlookSync
[2010/06/19 17:04:10 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies
[2010/06/19 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies Inc
[2012/05/03 10:22:20 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009/11/15 21:22:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Adobe
[2011/11/17 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Avira
[2012/03/26 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canneverbe Limited
[2010/01/07 11:06:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Corel
[2010/04/19 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DAEMON Tools Lite
[2011/12/04 13:30:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FolderSync
[2009/11/15 03:30:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Google
[2009/11/13 01:47:14 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Identities
[2010/10/27 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\kosy
[2009/11/15 03:32:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Macromedia
[2012/03/19 23:31:22 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2009/09/18 01:16:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Media Center Programs
[2012/03/15 17:01:49 | 000,000,000 | --SD | M] -- C:\Users\Sarah\AppData\Roaming\Microsoft
[2009/11/14 15:43:51 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla
[2009/11/15 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2011/12/04 13:29:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OTi
[2011/12/04 13:52:52 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OutlookSync
[2012/06/06 00:23:09 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Skype
[2011/09/13 00:08:30 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\skypePM
[2010/06/19 17:04:10 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies
[2010/06/19 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies Inc
[2011/10/20 12:12:32 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012/03/15 17:01:49 | 000,021,630 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{9997E665-A18A-11DC-AA67-00E07DDCAF19}\AppName_9997E665A18A11DCAA6700E07DDCAF19.exe
[2012/03/15 17:01:49 | 000,021,630 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{9997E665-A18A-11DC-AA67-00E07DDCAF19}\ARPPRODUCTICON.exe
[2009/05/27 06:08:46 | 000,303,104 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{3736403A-A3EB-477f-AA96-00EEA43C76E6}\FileSync.exe
[2009/02/16 04:26:48 | 000,326,144 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{3736403A-A3EB-477f-AA96-00EEA43C76E6}\GoTip.exe
[2009/02/16 04:26:48 | 000,326,144 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{5E24AB31-F734-48ec-879E-C4B8C30F9ACD}\GoTip.exe
[2009/05/13 05:50:57 | 000,133,632 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{5E24AB31-F734-48ec-879E-C4B8C30F9ACD}\OutlookSyncM.exe
[2009/05/26 08:38:58 | 000,851,968 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GO!Bridge.exe
[2009/05/27 12:06:48 | 000,290,816 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GO!Net.exe
[2009/05/25 13:01:08 | 000,086,016 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GoNetDispatch.exe
[2009/02/16 04:26:48 | 000,326,144 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GoTip.exe
[2009/05/20 04:58:22 | 000,298,496 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\LinkEngine.exe
[2009/05/18 11:50:58 | 000,032,256 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\ntrights.exe
[2009/02/16 04:26:48 | 000,018,944 | R--- | M] (Ours Technology Inc.) -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\StopLE.exe
[2009/05/26 07:37:22 | 000,836,608 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\MainExe\GSLoader.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\madagaskar\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/04/19 10:44:41 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID

< End of report >

--- --- ---

[/code]

Danke
Magnetiseur

cosinus 11.06.2012 21:13

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
DRV - (amqfou7s) --  File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15003&l=dis
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=3F90046A-94C7-4F50-BB58-39C953D61641&apn_sauid=4E6FD525-F3A4-44C5-B053-F0075E8A4470
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15003&l=dis
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=3F90046A-94C7-4F50-BB58-39C953D61641&apn_sauid=4E6FD525-F3A4-44C5-B053-F0075E8A4470
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://ecosia.de/"
[2011/05/23 00:55:46 | 000,002,396 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\searchplugins\askcom.xml
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell\AutoRun\command - "" = H:\GSLoader.exe
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2012/06/08 11:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID
:Files
C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\@
C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U
C:\Program Files\Winload
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Magnetiseur 12.06.2012 07:00

Ok, hab es so gemacht, herzlichen Dank für die Erstellung des Skripts!

Code:

All processes killed
========== OTL ==========
Error: No service named amqfou7s was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amqfou7s deleted successfully.
File  File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
C:\Program Files\Winload\tbWinl.dll moved successfully.
HKU\S-1-5-21-1131658597-4005637612-88016806-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
HKU\S-1-5-21-1131658597-4005637612-88016806-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://ecosia.de/" removed from browser.startup.homepage
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9111432d-1e3c-11e1-9063-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9111432d-1e3c-11e1-9063-00245414c382}\ not found.
File H:\GSLoader.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91135f73-0505-11e0-a71b-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91135f73-0505-11e0-a71b-00245414c382}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a2e23c-0492-11e0-8054-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a2e23c-0492-11e0-8054-00245414c382}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a2e27c-0492-11e0-8054-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a2e27c-0492-11e0-8054-00245414c382}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2498641-06e3-11e0-abb4-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2498641-06e3-11e0-abb4-00245414c382}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Folder C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1\ not found.
ADS C:\Program Files\Cake Poker 2.0:MID deleted successfully.
========== FILES ==========
C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\@ moved successfully.
C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U folder moved successfully.
C:\Program Files\Winload folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
User: Sarah
->Temp folder emptied: 623280781 bytes
->Temporary Internet Files folder emptied: 709230681 bytes
->Java cache emptied: 9337454 bytes
->FireFox cache emptied: 100609457 bytes
->Flash cache emptied: 102856 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18155160 bytes
RecycleBin emptied: 3057363527 bytes
 
Total Files Cleaned = 4,309.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: postgres
 
User: Public
 
User: Sarah
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.47.0 log created on 06122012_075340

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Gruß,
Magnetiseur

Hallo,

ich habe noch eine andere Frage. Ein USB-Stick ist ziemlich sicher auch infiziert (ist seit einigen Tagen nicht mehr lesbar) und bei zwei anderen ist das auch möglich. Habe versucht, hier im Forum Tipps zu finden, wie ich da vorgehe, bin aber nach wie vor unsicher: Kann/darf ich die jetzt in diesen PC stecken und kann ich sie dann mit Antivir (geht das damit?) überprüfen (oder gibts bessere Programme?). Und kann/darf ich den nicht mehr lesbaren an diesem Rechner gefahrlos formatieren? Wenns dafür schon das genau passende Thema hier im Forum gibt, hab ich es nicht gefunden und wäre sehr dankbar für den Link.

Und natürlich - wie gehts jetzt mit dem Rechner weiter?

Vielen Dank und viele Grüße,
Magnetiseur

cosinus 12.06.2012 13:42

Automatische Wiedergabe deaktivieren

Windows XP: Zur Vereinfachung hab ich mal die noautoplay.reg hochgeladen. Lad das auf dem Desktop herunter, führ die Datei aus und bestätige mit ja. Nach einem Neustart des Rechners ist die automatische Wiedergabe (von Datenträgern) auf allen Laufwerken deaktiviert, d.h. keine CD, kein Stick oder sonstwas startet nach dem Einstecken mehr automatisch.

Windows Vista/7: In der Systemsteuerung unter automatische Wiedergabe von CDs und anderen Medien alles deaktivieren. => siehe auch Einstellungen für automatische Wiedergabe ändern


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Magnetiseur 13.06.2012 07:50

Ok, hier das LOG von TDSS - davor nochmal eine Frage zu den USB-Sticks. Hab die autom. Wiedergabe deaktiviert, kann ich sie nun mit einem von den Tools checken? (ich möcht nicht nerven, aber meine Freundin muss relativ dringend einen der Sticks benutzen und ich habe Angst vor weiteren Infizierungen...)

Vielen Dank für die Hilfe,
Magnetiseur

Code:

08:44:14.0541 5208        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:44:14.0791 5208        ============================================================
08:44:14.0791 5208        Current date / time: 2012/06/13 08:44:14.0791
08:44:14.0791 5208        SystemInfo:
08:44:14.0791 5208       
08:44:14.0791 5208        OS Version: 6.1.7601 ServicePack: 1.0
08:44:14.0791 5208        Product type: Workstation
08:44:14.0791 5208        ComputerName: SARAH-PC
08:44:14.0791 5208        UserName: Sarah
08:44:14.0791 5208        Windows directory: C:\windows
08:44:14.0791 5208        System windows directory: C:\windows
08:44:14.0791 5208        Processor architecture: Intel x86
08:44:14.0791 5208        Number of processors: 2
08:44:14.0791 5208        Page size: 0x1000
08:44:14.0791 5208        Boot type: Normal boot
08:44:14.0791 5208        ============================================================
08:44:15.0259 5208        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:44:15.0274 5208        ============================================================
08:44:15.0274 5208        \Device\Harddisk0\DR0:
08:44:15.0274 5208        MBR partitions:
08:44:15.0274 5208        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
08:44:15.0274 5208        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x11AFD000
08:44:15.0274 5208        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1392F800, BlocksNum 0x11AFE800
08:44:15.0274 5208        ============================================================
08:44:15.0305 5208        C: <-> \Device\Harddisk0\DR0\Partition1
08:44:15.0337 5208        D: <-> \Device\Harddisk0\DR0\Partition2
08:44:15.0337 5208        ============================================================
08:44:15.0337 5208        Initialize success
08:44:15.0337 5208        ============================================================
08:44:46.0552 5952        ============================================================
08:44:46.0552 5952        Scan started
08:44:46.0552 5952        Mode: Manual; SigCheck; TDLFS;
08:44:46.0552 5952        ============================================================
08:44:47.0629 5952        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
08:44:47.0785 5952        1394ohci - ok
08:44:47.0894 5952        acedrv10        (0059ff74927a27395c5e190f9aa392df) C:\windows\system32\drivers\acedrv10.sys
08:44:47.0972 5952        acedrv10 - ok
08:44:48.0019 5952        acehlp10        (6625a32ad17a3fa6c7f405aeac945aa7) C:\windows\system32\drivers\acehlp10.sys
08:44:48.0034 5952        acehlp10 - ok
08:44:48.0097 5952        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
08:44:48.0128 5952        ACPI - ok
08:44:48.0175 5952        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
08:44:48.0253 5952        AcpiPmi - ok
08:44:48.0378 5952        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:44:48.0409 5952        AdobeFlashPlayerUpdateSvc - ok
08:44:48.0487 5952        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
08:44:48.0518 5952        adp94xx - ok
08:44:48.0549 5952        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
08:44:48.0580 5952        adpahci - ok
08:44:48.0596 5952        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
08:44:48.0627 5952        adpu320 - ok
08:44:48.0658 5952        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
08:44:48.0736 5952        AeLookupSvc - ok
08:44:48.0799 5952        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
08:44:48.0877 5952        AFD - ok
08:44:48.0924 5952        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
08:44:48.0955 5952        agp440 - ok
08:44:49.0002 5952        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
08:44:49.0017 5952        aic78xx - ok
08:44:49.0033 5952        ALG            (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
08:44:49.0080 5952        ALG - ok
08:44:49.0095 5952        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
08:44:49.0111 5952        aliide - ok
08:44:49.0158 5952        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
08:44:49.0173 5952        amdagp - ok
08:44:49.0204 5952        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
08:44:49.0220 5952        amdide - ok
08:44:49.0236 5952        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
08:44:49.0282 5952        AmdK8 - ok
08:44:49.0298 5952        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
08:44:49.0314 5952        AmdPPM - ok
08:44:49.0360 5952        amdsata        (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
08:44:49.0376 5952        amdsata - ok
08:44:49.0407 5952        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
08:44:49.0423 5952        amdsbs - ok
08:44:49.0454 5952        amdxata        (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
08:44:49.0454 5952        amdxata - ok
08:44:49.0594 5952        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:44:49.0626 5952        AntiVirSchedulerService - ok
08:44:49.0688 5952        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:44:49.0704 5952        AntiVirService - ok
08:44:49.0750 5952        AppID          (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
08:44:49.0906 5952        AppID - ok
08:44:49.0969 5952        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
08:44:50.0016 5952        AppIDSvc - ok
08:44:50.0047 5952        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
08:44:50.0094 5952        Appinfo - ok
08:44:50.0156 5952        arc            (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
08:44:50.0172 5952        arc - ok
08:44:50.0218 5952        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
08:44:50.0234 5952        arcsas - ok
08:44:50.0281 5952        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
08:44:50.0406 5952        AsyncMac - ok
08:44:50.0468 5952        atapi          (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
08:44:50.0499 5952        atapi - ok
08:44:50.0608 5952        athr            (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys
08:44:50.0718 5952        athr - ok
08:44:50.0796 5952        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:44:50.0874 5952        AudioEndpointBuilder - ok
08:44:50.0874 5952        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:44:50.0920 5952        Audiosrv - ok
08:44:50.0998 5952        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
08:44:51.0014 5952        avgntflt - ok
08:44:51.0061 5952        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
08:44:51.0092 5952        avipbb - ok
08:44:51.0123 5952        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\windows\system32\DRIVERS\avkmgr.sys
08:44:51.0139 5952        avkmgr - ok
08:44:51.0186 5952        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
08:44:51.0248 5952        AxInstSV - ok
08:44:51.0326 5952        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
08:44:51.0404 5952        b06bdrv - ok
08:44:51.0466 5952        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
08:44:51.0529 5952        b57nd60x - ok
08:44:51.0654 5952        BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
08:44:51.0685 5952        BcmSqlStartupSvc - ok
08:44:51.0747 5952        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
08:44:51.0794 5952        BDESVC - ok
08:44:51.0856 5952        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
08:44:51.0919 5952        Beep - ok
08:44:51.0981 5952        BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
08:44:52.0044 5952        BITS - ok
08:44:52.0059 5952        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
08:44:52.0106 5952        blbdrive - ok
08:44:52.0168 5952        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
08:44:52.0200 5952        bowser - ok
08:44:52.0246 5952        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
08:44:52.0324 5952        BrFiltLo - ok
08:44:52.0356 5952        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
08:44:52.0371 5952        BrFiltUp - ok
08:44:52.0434 5952        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
08:44:52.0480 5952        Browser - ok
08:44:52.0527 5952        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
08:44:52.0605 5952        Brserid - ok
08:44:52.0621 5952        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
08:44:52.0652 5952        BrSerWdm - ok
08:44:52.0668 5952        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
08:44:52.0683 5952        BrUsbMdm - ok
08:44:52.0699 5952        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
08:44:52.0761 5952        BrUsbSer - ok
08:44:52.0792 5952        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
08:44:52.0870 5952        BTHMODEM - ok
08:44:52.0933 5952        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
08:44:52.0964 5952        bthserv - ok
08:44:52.0980 5952        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
08:44:53.0026 5952        cdfs - ok
08:44:53.0089 5952        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
08:44:53.0104 5952        cdrom - ok
08:44:53.0182 5952        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:44:53.0260 5952        CertPropSvc - ok
08:44:53.0292 5952        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
08:44:53.0307 5952        circlass - ok
08:44:53.0370 5952        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
08:44:53.0401 5952        CLFS - ok
08:44:53.0479 5952        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:44:53.0494 5952        clr_optimization_v2.0.50727_32 - ok
08:44:53.0510 5952        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
08:44:53.0526 5952        CmBatt - ok
08:44:53.0572 5952        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
08:44:53.0588 5952        cmdide - ok
08:44:53.0650 5952        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
08:44:53.0697 5952        CNG - ok
08:44:53.0728 5952        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
08:44:53.0744 5952        Compbatt - ok
08:44:53.0791 5952        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
08:44:53.0838 5952        CompositeBus - ok
08:44:53.0853 5952        COMSysApp - ok
08:44:53.0869 5952        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
08:44:53.0884 5952        crcdisk - ok
08:44:53.0931 5952        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
08:44:53.0978 5952        CryptSvc - ok
08:44:54.0025 5952        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\windows\system32\DRIVERS\CVirtA.sys
08:44:54.0072 5952        CVirtA - ok
08:44:54.0274 5952        CVPND          (66257cb4e4fb69887cddc71663741435) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
08:44:54.0321 5952        CVPND - ok
08:44:54.0462 5952        CVPNDRVA        (18994842386fd3039279d7865740abbd) C:\windows\system32\Drivers\CVPNDRVA.sys
08:44:54.0508 5952        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
08:44:54.0508 5952        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
08:44:54.0571 5952        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:44:54.0602 5952        DcomLaunch - ok
08:44:54.0649 5952        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
08:44:54.0696 5952        defragsvc - ok
08:44:54.0742 5952        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
08:44:54.0789 5952        DfsC - ok
08:44:54.0852 5952        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
08:44:54.0914 5952        Dhcp - ok
08:44:54.0945 5952        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
08:44:54.0992 5952        discache - ok
08:44:55.0023 5952        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
08:44:55.0039 5952        Disk - ok
08:44:55.0101 5952        DNE            (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\windows\system32\DRIVERS\dne2000.sys
08:44:55.0117 5952        DNE - ok
08:44:55.0164 5952        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
08:44:55.0273 5952        Dnscache - ok
08:44:55.0351 5952        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
08:44:55.0413 5952        dot3svc - ok
08:44:55.0491 5952        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
08:44:55.0538 5952        DPS - ok
08:44:55.0569 5952        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
08:44:55.0585 5952        drmkaud - ok
08:44:55.0663 5952        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
08:44:55.0710 5952        DXGKrnl - ok
08:44:55.0741 5952        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
08:44:55.0788 5952        EapHost - ok
08:44:56.0037 5952        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
08:44:56.0084 5952        ebdrv - ok
08:44:56.0193 5952        EFS            (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
08:44:56.0256 5952        EFS - ok
08:44:56.0349 5952        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
08:44:56.0412 5952        ehRecvr - ok
08:44:56.0443 5952        ehSched        (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
08:44:56.0474 5952        ehSched - ok
08:44:56.0568 5952        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
08:44:56.0614 5952        elxstor - ok
08:44:56.0646 5952        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
08:44:56.0661 5952        ErrDev - ok
08:44:56.0724 5952        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
08:44:56.0755 5952        EventSystem - ok
08:44:56.0802 5952        ewusbnet        (dafc7e1b2ffa35ccbddf95ae3e31bfae) C:\windows\system32\DRIVERS\ewusbnet.sys
08:44:56.0848 5952        ewusbnet - ok
08:44:56.0880 5952        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
08:44:56.0926 5952        exfat - ok
08:44:56.0958 5952        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
08:44:57.0004 5952        fastfat - ok
08:44:57.0082 5952        Fax            (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
08:44:57.0129 5952        Fax - ok
08:44:57.0145 5952        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
08:44:57.0160 5952        fdc - ok
08:44:57.0192 5952        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
08:44:57.0238 5952        fdPHost - ok
08:44:57.0254 5952        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
08:44:57.0285 5952        FDResPub - ok
08:44:57.0301 5952        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
08:44:57.0316 5952        FileInfo - ok
08:44:57.0332 5952        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
08:44:57.0379 5952        Filetrace - ok
08:44:57.0379 5952        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
08:44:57.0410 5952        flpydisk - ok
08:44:57.0441 5952        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
08:44:57.0472 5952        FltMgr - ok
08:44:57.0550 5952        FontCache      (fa6c66e4364d7da57aade5dcc03bb999) C:\windows\system32\FntCache.dll
08:44:57.0613 5952        FontCache - ok
08:44:57.0675 5952        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:44:57.0691 5952        FontCache3.0.0.0 - ok
08:44:57.0722 5952        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
08:44:57.0738 5952        FsDepends - ok
08:44:57.0784 5952        fssfltr        (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
08:44:57.0784 5952        fssfltr - ok
08:44:57.0925 5952        fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
08:44:57.0956 5952        fsssvc - ok
08:44:57.0987 5952        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
08:44:58.0003 5952        Fs_Rec - ok
08:44:58.0065 5952        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
08:44:58.0096 5952        fvevol - ok
08:44:58.0128 5952        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
08:44:58.0143 5952        gagp30kx - ok
08:44:58.0221 5952        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
08:44:58.0268 5952        gpsvc - ok
08:44:58.0362 5952        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
08:44:58.0377 5952        gupdate - ok
08:44:58.0393 5952        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
08:44:58.0408 5952        gupdatem - ok
08:44:58.0455 5952        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:44:58.0486 5952        gusvc - ok
08:44:58.0502 5952        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
08:44:58.0549 5952        hcw85cir - ok
08:44:58.0627 5952        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
08:44:58.0674 5952        HdAudAddService - ok
08:44:58.0705 5952        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
08:44:58.0736 5952        HDAudBus - ok
08:44:58.0752 5952        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
08:44:58.0767 5952        HidBatt - ok
08:44:58.0798 5952        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
08:44:58.0814 5952        HidBth - ok
08:44:58.0845 5952        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
08:44:58.0876 5952        HidIr - ok
08:44:58.0908 5952        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
08:44:58.0954 5952        hidserv - ok
08:44:59.0001 5952        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
08:44:59.0017 5952        HidUsb - ok
08:44:59.0048 5952        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
08:44:59.0095 5952        hkmsvc - ok
08:44:59.0126 5952        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
08:44:59.0142 5952        HomeGroupListener - ok
08:44:59.0188 5952        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
08:44:59.0220 5952        HomeGroupProvider - ok
08:44:59.0251 5952        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
08:44:59.0266 5952        HpSAMD - ok
08:44:59.0360 5952        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
08:44:59.0407 5952        HTTP - ok
08:44:59.0469 5952        hwdatacard      (1fc7a63148e4f2bd831dab0dc732026d) C:\windows\system32\DRIVERS\ewusbmdm.sys
08:44:59.0500 5952        hwdatacard - ok
08:44:59.0547 5952        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
08:44:59.0563 5952        hwpolicy - ok
08:44:59.0594 5952        hwusbdev        (a259d3619aa23d4562581067f85e2006) C:\windows\system32\DRIVERS\ewusbdev.sys
08:44:59.0625 5952        hwusbdev - ok
08:44:59.0703 5952        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
08:44:59.0719 5952        i8042prt - ok
08:44:59.0781 5952        iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
08:44:59.0797 5952        iaStor - ok
08:44:59.0875 5952        iaStorV        (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
08:44:59.0922 5952        iaStorV - ok
08:45:00.0046 5952        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:45:00.0093 5952        idsvc - ok
08:45:00.0764 5952        igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys
08:45:01.0138 5952        igfx - ok
08:45:01.0263 5952        iirsp          (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
08:45:01.0279 5952        iirsp - ok
08:45:01.0372 5952        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
08:45:01.0419 5952        IKEEXT - ok
08:45:01.0700 5952        IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
08:45:01.0794 5952        IntcAzAudAddService - ok
08:45:01.0903 5952        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
08:45:01.0934 5952        intelide - ok
08:45:01.0981 5952        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
08:45:01.0996 5952        intelppm - ok
08:45:02.0028 5952        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
08:45:02.0059 5952        IPBusEnum - ok
08:45:02.0090 5952        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:45:02.0137 5952        IpFilterDriver - ok
08:45:02.0184 5952        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
08:45:02.0199 5952        IPMIDRV - ok
08:45:02.0230 5952        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
08:45:02.0262 5952        IPNAT - ok
08:45:02.0277 5952        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
08:45:02.0324 5952        IRENUM - ok
08:45:02.0340 5952        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
08:45:02.0355 5952        isapnp - ok
08:45:02.0402 5952        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
08:45:02.0433 5952        iScsiPrt - ok
08:45:02.0464 5952        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
08:45:02.0480 5952        kbdclass - ok
08:45:02.0511 5952        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
08:45:02.0527 5952        kbdhid - ok
08:45:02.0574 5952        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:45:02.0574 5952        KeyIso - ok
08:45:02.0620 5952        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
08:45:02.0636 5952        KSecDD - ok
08:45:02.0652 5952        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
08:45:02.0683 5952        KSecPkg - ok
08:45:02.0714 5952        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
08:45:02.0776 5952        KtmRm - ok
08:45:02.0808 5952        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
08:45:02.0839 5952        LanmanServer - ok
08:45:02.0870 5952        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
08:45:02.0917 5952        LanmanWorkstation - ok
08:45:02.0964 5952        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
08:45:03.0010 5952        lltdio - ok
08:45:03.0057 5952        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
08:45:03.0088 5952        lltdsvc - ok
08:45:03.0104 5952        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
08:45:03.0135 5952        lmhosts - ok
08:45:03.0166 5952        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
08:45:03.0182 5952        LSI_FC - ok
08:45:03.0198 5952        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
08:45:03.0213 5952        LSI_SAS - ok
08:45:03.0213 5952        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
08:45:03.0229 5952        LSI_SAS2 - ok
08:45:03.0260 5952        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
08:45:03.0291 5952        LSI_SCSI - ok
08:45:03.0322 5952        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
08:45:03.0369 5952        luafv - ok
08:45:03.0385 5952        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
08:45:03.0385 5952        MBAMProtector - ok
08:45:03.0494 5952        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\madagaskar\mbamservice.exe
08:45:03.0525 5952        MBAMService - ok
08:45:03.0572 5952        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
08:45:03.0588 5952        Mcx2Svc - ok
08:45:03.0603 5952        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
08:45:03.0619 5952        megasas - ok
08:45:03.0666 5952        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
08:45:03.0697 5952        MegaSR - ok
08:45:03.0712 5952        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:45:03.0744 5952        MMCSS - ok
08:45:03.0759 5952        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
08:45:03.0806 5952        Modem - ok
08:45:03.0822 5952        monitor        (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
08:45:03.0853 5952        monitor - ok
08:45:03.0900 5952        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
08:45:03.0915 5952        mouclass - ok
08:45:03.0931 5952        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
08:45:03.0962 5952        mouhid - ok
08:45:03.0993 5952        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
08:45:04.0009 5952        mountmgr - ok
08:45:04.0071 5952        MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:45:04.0102 5952        MozillaMaintenance - ok
08:45:04.0149 5952        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
08:45:04.0149 5952        mpio - ok
08:45:04.0180 5952        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
08:45:04.0196 5952        mpsdrv - ok
08:45:04.0243 5952        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
08:45:04.0274 5952        MRxDAV - ok
08:45:04.0336 5952        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
08:45:04.0383 5952        mrxsmb - ok
08:45:04.0430 5952        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:45:04.0461 5952        mrxsmb10 - ok
08:45:04.0477 5952        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:45:04.0508 5952        mrxsmb20 - ok
08:45:04.0539 5952        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
08:45:04.0555 5952        msahci - ok
08:45:04.0602 5952        msdsm          (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
08:45:04.0617 5952        msdsm - ok
08:45:04.0648 5952        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
08:45:04.0695 5952        MSDTC - ok
08:45:04.0726 5952        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
08:45:04.0773 5952        Msfs - ok
08:45:04.0789 5952        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
08:45:04.0820 5952        mshidkmdf - ok
08:45:04.0851 5952        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
08:45:04.0867 5952        msisadrv - ok
08:45:04.0898 5952        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
08:45:04.0929 5952        MSiSCSI - ok
08:45:04.0945 5952        msiserver - ok
08:45:04.0976 5952        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
08:45:05.0007 5952        MSKSSRV - ok
08:45:05.0023 5952        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
08:45:05.0054 5952        MSPCLOCK - ok
08:45:05.0070 5952        MSPQM          (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
08:45:05.0085 5952        MSPQM - ok
08:45:05.0116 5952        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
08:45:05.0148 5952        MsRPC - ok
08:45:05.0179 5952        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
08:45:05.0179 5952        mssmbios - ok
08:45:05.0257 5952        MSSQL$MSSMLBIZ - ok
08:45:05.0319 5952        MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:45:05.0335 5952        MSSQLServerADHelper - ok
08:45:05.0335 5952        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
08:45:05.0366 5952        MSTEE - ok
08:45:05.0382 5952        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
08:45:05.0413 5952        MTConfig - ok
08:45:05.0428 5952        Mup            (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
08:45:05.0444 5952        Mup - ok
08:45:05.0491 5952        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
08:45:05.0522 5952        napagent - ok
08:45:05.0569 5952        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
08:45:05.0616 5952        NativeWifiP - ok
08:45:05.0709 5952        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
08:45:05.0740 5952        NDIS - ok
08:45:05.0772 5952        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
08:45:05.0787 5952        NdisCap - ok
08:45:05.0818 5952        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
08:45:05.0865 5952        NdisTapi - ok
08:45:05.0896 5952        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
08:45:05.0928 5952        Ndisuio - ok
08:45:05.0974 5952        NdisWan        (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
08:45:06.0006 5952        NdisWan - ok
08:45:06.0052 5952        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
08:45:06.0084 5952        NDProxy - ok
08:45:06.0130 5952        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
08:45:06.0162 5952        NetBIOS - ok
08:45:06.0193 5952        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
08:45:06.0224 5952        NetBT - ok
08:45:06.0271 5952        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:45:06.0286 5952        Netlogon - ok
08:45:06.0333 5952        Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
08:45:06.0380 5952        Netman - ok
08:45:06.0411 5952        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
08:45:06.0442 5952        netprofm - ok
08:45:06.0536 5952        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:45:06.0567 5952        NetTcpPortSharing - ok
08:45:06.0598 5952        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
08:45:06.0614 5952        nfrd960 - ok
08:45:06.0692 5952        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
08:45:06.0723 5952        NlaSvc - ok
08:45:06.0754 5952        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
08:45:06.0801 5952        Npfs - ok
08:45:06.0817 5952        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
08:45:06.0864 5952        nsi - ok
08:45:06.0879 5952        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
08:45:06.0926 5952        nsiproxy - ok
08:45:07.0051 5952        Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
08:45:07.0113 5952        Ntfs - ok
08:45:07.0144 5952        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
08:45:07.0160 5952        Null - ok
08:45:07.0222 5952        nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
08:45:07.0254 5952        nvraid - ok
08:45:07.0300 5952        nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
08:45:07.0332 5952        nvstor - ok
08:45:07.0363 5952        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
08:45:07.0378 5952        nv_agp - ok
08:45:07.0472 5952        OberonGameConsoleService (b5d5da8230d3d3525839d939a9196c3e) C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
08:45:07.0488 5952        OberonGameConsoleService - ok
08:45:07.0628 5952        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:45:07.0659 5952        odserv - ok
08:45:07.0690 5952        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
08:45:07.0706 5952        ohci1394 - ok
08:45:07.0753 5952        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:45:07.0768 5952        ose - ok
08:45:07.0815 5952        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:45:07.0862 5952        p2pimsvc - ok
08:45:07.0893 5952        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
08:45:07.0924 5952        p2psvc - ok
08:45:07.0940 5952        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
08:45:07.0956 5952        Parport - ok
08:45:07.0987 5952        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
08:45:08.0002 5952        partmgr - ok
08:45:08.0018 5952        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
08:45:08.0034 5952        Parvdm - ok
08:45:08.0065 5952        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
08:45:08.0080 5952        PcaSvc - ok
08:45:08.0143 5952        pci            (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
08:45:08.0143 5952        pci - ok
08:45:08.0158 5952        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
08:45:08.0174 5952        pciide - ok
08:45:08.0190 5952        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
08:45:08.0221 5952        pcmcia - ok
08:45:08.0236 5952        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
08:45:08.0252 5952        pcw - ok
08:45:08.0314 5952        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
08:45:08.0377 5952        PEAUTH - ok
08:45:08.0486 5952        pgsql-8.3      (4e87ef38a053f02e454935c8440ec91a) C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
08:45:08.0517 5952        pgsql-8.3 ( UnsignedFile.Multi.Generic ) - warning
08:45:08.0517 5952        pgsql-8.3 - detected UnsignedFile.Multi.Generic (1)
08:45:08.0658 5952        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
08:45:08.0751 5952        pla - ok
08:45:08.0876 5952        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
08:45:08.0923 5952        PlugPlay - ok
08:45:08.0938 5952        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
08:45:08.0954 5952        PNRPAutoReg - ok
08:45:08.0985 5952        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:45:09.0016 5952        PNRPsvc - ok
08:45:09.0063 5952        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
08:45:09.0094 5952        PolicyAgent - ok
08:45:09.0141 5952        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
08:45:09.0172 5952        Power - ok
08:45:09.0235 5952        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
08:45:09.0282 5952        PptpMiniport - ok
08:45:09.0282 5952        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
08:45:09.0297 5952        Processor - ok
08:45:09.0360 5952        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
08:45:09.0406 5952        ProfSvc - ok
08:45:09.0438 5952        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:45:09.0453 5952        ProtectedStorage - ok
08:45:09.0500 5952        ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\windows\system32\PSIService.exe
08:45:09.0531 5952        ProtexisLicensing - ok
08:45:09.0578 5952        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
08:45:09.0625 5952        Psched - ok
08:45:09.0734 5952        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
08:45:09.0796 5952        ql2300 - ok
08:45:09.0906 5952        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
08:45:09.0937 5952        ql40xx - ok
08:45:09.0968 5952        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
08:45:09.0984 5952        QWAVE - ok
08:45:09.0999 5952        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
08:45:10.0030 5952        QWAVEdrv - ok
08:45:10.0046 5952        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
08:45:10.0093 5952        RasAcd - ok
08:45:10.0124 5952        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
08:45:10.0171 5952        RasAgileVpn - ok
08:45:10.0186 5952        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
08:45:10.0218 5952        RasAuto - ok
08:45:10.0233 5952        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
08:45:10.0280 5952        Rasl2tp - ok
08:45:10.0311 5952        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
08:45:10.0342 5952        RasMan - ok
08:45:10.0374 5952        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
08:45:10.0420 5952        RasPppoe - ok
08:45:10.0452 5952        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
08:45:10.0483 5952        RasSstp - ok
08:45:10.0530 5952        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
08:45:10.0592 5952        rdbss - ok
08:45:10.0623 5952        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
08:45:10.0639 5952        rdpbus - ok
08:45:10.0670 5952        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
08:45:10.0701 5952        RDPCDD - ok
08:45:10.0732 5952        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
08:45:10.0764 5952        RDPENCDD - ok
08:45:10.0779 5952        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
08:45:10.0810 5952        RDPREFMP - ok
08:45:10.0857 5952        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
08:45:10.0920 5952        RDPWD - ok
08:45:10.0966 5952        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
08:45:11.0013 5952        rdyboost - ok
08:45:11.0044 5952        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
08:45:11.0076 5952        RemoteAccess - ok
08:45:11.0107 5952        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
08:45:11.0138 5952        RemoteRegistry - ok
08:45:11.0154 5952        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
08:45:11.0185 5952        RpcEptMapper - ok
08:45:11.0216 5952        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
08:45:11.0247 5952        RpcLocator - ok
08:45:11.0294 5952        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:45:11.0325 5952        RpcSs - ok
08:45:11.0372 5952        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
08:45:11.0403 5952        rspndr - ok
08:45:11.0450 5952        RTL8167        (6465166dd9b2f841dabad16abdadbe98) C:\windows\system32\DRIVERS\Rt86win7.sys
08:45:11.0512 5952        RTL8167 - ok
08:45:11.0559 5952        SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
08:45:11.0606 5952        SABI - ok
08:45:11.0637 5952        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:45:11.0668 5952        SamSs - ok
08:45:11.0715 5952        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
08:45:11.0731 5952        sbp2port - ok
08:45:11.0762 5952        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
08:45:11.0809 5952        SCardSvr - ok
08:45:11.0824 5952        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
08:45:11.0871 5952        scfilter - ok
08:45:11.0949 5952        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
08:45:12.0012 5952        Schedule - ok
08:45:12.0043 5952        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:45:12.0074 5952        SCPolicySvc - ok
08:45:12.0105 5952        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
08:45:12.0168 5952        SDRSVC - ok
08:45:12.0199 5952        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
08:45:12.0261 5952        secdrv - ok
08:45:12.0292 5952        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
08:45:12.0324 5952        seclogon - ok
08:45:12.0324 5952        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
08:45:12.0370 5952        SENS - ok
08:45:12.0402 5952        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
08:45:12.0417 5952        SensrSvc - ok
08:45:12.0448 5952        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
08:45:12.0495 5952        Serenum - ok
08:45:12.0511 5952        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
08:45:12.0526 5952        Serial - ok
08:45:12.0573 5952        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
08:45:12.0604 5952        sermouse - ok
08:45:12.0667 5952        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
08:45:12.0729 5952        SessionEnv - ok
08:45:12.0760 5952        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
08:45:12.0792 5952        sffdisk - ok
08:45:12.0792 5952        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
08:45:12.0807 5952        sffp_mmc - ok
08:45:12.0823 5952        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
08:45:12.0838 5952        sffp_sd - ok
08:45:12.0870 5952        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
08:45:12.0901 5952        sfloppy - ok
08:45:12.0948 5952        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
08:45:12.0979 5952        ShellHWDetection - ok
08:45:13.0026 5952        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
08:45:13.0041 5952        sisagp - ok
08:45:13.0072 5952        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
08:45:13.0088 5952        SiSRaid2 - ok
08:45:13.0119 5952        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
08:45:13.0135 5952        SiSRaid4 - ok
08:45:13.0166 5952        SMARTMouseFilterx86 (9d819137bbdee71f4241706acf80fbe1) C:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys
08:45:13.0166 5952        SMARTMouseFilterx86 - ok
08:45:13.0197 5952        SMARTVHidMini2000x86 (2d362731fac8440e9d3a43f5d1dae280) C:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
08:45:13.0213 5952        SMARTVHidMini2000x86 - ok
08:45:13.0228 5952        SMARTVTabletPCx86 (cb07b494d60a0f31b12b01dee0fb251f) C:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys
08:45:13.0244 5952        SMARTVTabletPCx86 - ok
08:45:13.0291 5952        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
08:45:13.0322 5952        Smb - ok
08:45:13.0369 5952        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
08:45:13.0384 5952        SNMPTRAP - ok
08:45:13.0400 5952        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
08:45:13.0416 5952        spldr - ok
08:45:13.0478 5952        Spooler        (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
08:45:13.0509 5952        Spooler - ok
08:45:13.0759 5952        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
08:45:13.0868 5952        sppsvc - ok
08:45:13.0977 5952        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
08:45:14.0024 5952        sppuinotify - ok
08:45:14.0149 5952        sptd            (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
08:45:14.0149 5952        Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
08:45:14.0164 5952        sptd ( LockedFile.Multi.Generic ) - warning
08:45:14.0164 5952        sptd - detected LockedFile.Multi.Generic (1)
08:45:14.0258 5952        SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:45:14.0289 5952        SQLBrowser - ok
08:45:14.0320 5952        SQLWriter      (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:45:14.0352 5952        SQLWriter - ok
08:45:14.0398 5952        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
08:45:14.0476 5952        srv - ok
08:45:14.0508 5952        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
08:45:14.0539 5952        srv2 - ok
08:45:14.0554 5952        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
08:45:14.0586 5952        srvnet - ok
08:45:14.0617 5952        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
08:45:14.0648 5952        SSDPSRV - ok
08:45:14.0695 5952        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
08:45:14.0710 5952        ssmdrv - ok
08:45:14.0726 5952        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
08:45:14.0757 5952        SstpSvc - ok
08:45:14.0788 5952        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
08:45:14.0804 5952        stexstor - ok
08:45:14.0851 5952        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
08:45:14.0898 5952        StiSvc - ok
08:45:14.0913 5952        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
08:45:14.0929 5952        swenum - ok
08:45:14.0960 5952        swprv          (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
08:45:15.0007 5952        swprv - ok
08:45:15.0054 5952        SynTP          (7a9025d8f7852b06d6d08ed536135e7e) C:\windows\system32\DRIVERS\SynTP.sys
08:45:15.0069 5952        SynTP - ok
08:45:15.0194 5952        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
08:45:15.0256 5952        SysMain - ok
08:45:15.0303 5952        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
08:45:15.0334 5952        TabletInputService - ok
08:45:15.0366 5952        TapiSrv        (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
08:45:15.0412 5952        TapiSrv - ok
08:45:15.0444 5952        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
08:45:15.0475 5952        TBS - ok
08:45:15.0631 5952        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
08:45:15.0693 5952        Tcpip - ok
08:45:15.0724 5952        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
08:45:15.0756 5952        TCPIP6 - ok
08:45:15.0787 5952        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
08:45:15.0849 5952        tcpipreg - ok
08:45:15.0896 5952        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
08:45:15.0912 5952        TDPIPE - ok
08:45:15.0912 5952        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
08:45:15.0943 5952        TDTCP - ok
08:45:15.0974 5952        tdx            (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
08:45:16.0005 5952        tdx - ok
08:45:16.0052 5952        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
08:45:16.0068 5952        TermDD - ok
08:45:16.0130 5952        TermService    (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
08:45:16.0177 5952        TermService - ok
08:45:16.0208 5952        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
08:45:16.0224 5952        Themes - ok
08:45:16.0255 5952        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:45:16.0286 5952        THREADORDER - ok
08:45:16.0302 5952        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
08:45:16.0333 5952        TrkWks - ok
08:45:16.0395 5952        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
08:45:16.0458 5952        TrustedInstaller - ok
08:45:16.0489 5952        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
08:45:16.0504 5952        tssecsrv - ok
08:45:16.0567 5952        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
08:45:16.0598 5952        TsUsbFlt - ok
08:45:16.0660 5952        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
08:45:16.0723 5952        tunnel - ok
08:45:16.0754 5952        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
08:45:16.0770 5952        uagp35 - ok
08:45:16.0816 5952        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
08:45:16.0848 5952        udfs - ok
08:45:16.0879 5952        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
08:45:16.0910 5952        UI0Detect - ok
08:45:16.0941 5952        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
08:45:16.0972 5952        uliagpkx - ok
08:45:17.0019 5952        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
08:45:17.0035 5952        umbus - ok
08:45:17.0050 5952        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
08:45:17.0066 5952        UmPass - ok
08:45:17.0097 5952        upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
08:45:17.0128 5952        upnphost - ok
08:45:17.0175 5952        usbccgp        (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\drivers\usbccgp.sys
08:45:17.0191 5952        usbccgp - ok
08:45:17.0238 5952        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
08:45:17.0269 5952        usbcir - ok
08:45:17.0300 5952        usbehci        (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys
08:45:17.0347 5952        usbehci - ok
08:45:17.0409 5952        usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys
08:45:17.0472 5952        usbhub - ok
08:45:17.0518 5952        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys
08:45:17.0534 5952        usbohci - ok
08:45:17.0581 5952        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
08:45:17.0596 5952        usbprint - ok
08:45:17.0643 5952        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
08:45:17.0659 5952        usbscan - ok
08:45:17.0706 5952        USBSTOR        (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:45:17.0721 5952        USBSTOR - ok
08:45:17.0768 5952        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys
08:45:17.0784 5952        usbuhci - ok
08:45:17.0846 5952        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
08:45:17.0908 5952        usbvideo - ok
08:45:17.0940 5952        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
08:45:17.0986 5952        UxSms - ok
08:45:18.0018 5952        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:45:18.0033 5952        VaultSvc - ok
08:45:18.0096 5952        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
08:45:18.0111 5952        vdrvroot - ok
08:45:18.0174 5952        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
08:45:18.0220 5952        vds - ok
08:45:18.0252 5952        vga            (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
08:45:18.0267 5952        vga - ok
08:45:18.0283 5952        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
08:45:18.0314 5952        VgaSave - ok
08:45:18.0361 5952        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
08:45:18.0376 5952        vhdmp - ok
08:45:18.0408 5952        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
08:45:18.0423 5952        viaagp - ok
08:45:18.0454 5952        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
08:45:18.0470 5952        ViaC7 - ok
08:45:18.0470 5952        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
08:45:18.0486 5952        viaide - ok
08:45:18.0517 5952        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
08:45:18.0532 5952        volmgr - ok
08:45:18.0564 5952        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
08:45:18.0579 5952        volmgrx - ok
08:45:18.0610 5952        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
08:45:18.0642 5952        volsnap - ok
08:45:18.0673 5952        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
08:45:18.0704 5952        vsmraid - ok
08:45:18.0813 5952        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
08:45:18.0860 5952        VSS - ok
08:45:18.0876 5952        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
08:45:18.0907 5952        vwifibus - ok
08:45:18.0954 5952        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
08:45:19.0000 5952        vwififlt - ok
08:45:19.0032 5952        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
08:45:19.0047 5952        vwifimp - ok
08:45:19.0094 5952        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
08:45:19.0125 5952        W32Time - ok
08:45:19.0172 5952        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
08:45:19.0188 5952        WacomPen - ok
08:45:19.0234 5952        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:45:19.0281 5952        WANARP - ok
08:45:19.0281 5952        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:45:19.0312 5952        Wanarpv6 - ok
08:45:19.0453 5952        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
08:45:19.0531 5952        wbengine - ok
08:45:19.0546 5952        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
08:45:19.0578 5952        WbioSrvc - ok
08:45:19.0624 5952        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
08:45:19.0656 5952        wcncsvc - ok
08:45:19.0671 5952        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
08:45:19.0702 5952        WcsPlugInService - ok
08:45:19.0780 5952        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
08:45:19.0796 5952        Wd - ok
08:45:19.0843 5952        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
08:45:19.0874 5952        Wdf01000 - ok
08:45:19.0890 5952        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:45:19.0952 5952        WdiServiceHost - ok
08:45:19.0952 5952        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:45:19.0968 5952        WdiSystemHost - ok
08:45:20.0030 5952        WebClient      (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
08:45:20.0061 5952        WebClient - ok
08:45:20.0092 5952        Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
08:45:20.0124 5952        Wecsvc - ok
08:45:20.0155 5952        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
08:45:20.0186 5952        wercplsupport - ok
08:45:20.0217 5952        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
08:45:20.0248 5952        WerSvc - ok
08:45:20.0280 5952        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
08:45:20.0295 5952        WfpLwf - ok
08:45:20.0311 5952        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
08:45:20.0326 5952        WIMMount - ok
08:45:20.0326 5952        WinHttpAutoProxySvc - ok
08:45:20.0404 5952        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
08:45:20.0420 5952        Winmgmt - ok
08:45:20.0529 5952        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
08:45:20.0607 5952        WinRM - ok
08:45:20.0701 5952        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
08:45:20.0732 5952        WinUsb - ok
08:45:20.0810 5952        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
08:45:20.0857 5952        Wlansvc - ok
08:45:20.0872 5952        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
08:45:20.0888 5952        WmiAcpi - ok
08:45:20.0935 5952        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
08:45:20.0950 5952        wmiApSrv - ok
08:45:21.0075 5952        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:45:21.0138 5952        WMPNetworkSvc - ok
08:45:21.0169 5952        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
08:45:21.0200 5952        WPCSvc - ok
08:45:21.0231 5952        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
08:45:21.0278 5952        WPDBusEnum - ok
08:45:21.0340 5952        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
08:45:21.0403 5952        ws2ifsl - ok
08:45:21.0403 5952        WSearch - ok
08:45:21.0574 5952        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
08:45:21.0668 5952        wuauserv - ok
08:45:21.0793 5952        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
08:45:21.0840 5952        WudfPf - ok
08:45:21.0871 5952        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
08:45:21.0902 5952        WUDFRd - ok
08:45:21.0949 5952        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
08:45:21.0980 5952        wudfsvc - ok
08:45:22.0027 5952        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
08:45:22.0042 5952        WwanSvc - ok
08:45:22.0136 5952        MBR (0x1B8)    (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
08:45:22.0542 5952        \Device\Harddisk0\DR0 - ok
08:45:22.0542 5952        Boot (0x1200)  (f19731e6fe94b6ae3e1f3e18bd062d9a) \Device\Harddisk0\DR0\Partition0
08:45:22.0542 5952        \Device\Harddisk0\DR0\Partition0 - ok
08:45:22.0573 5952        Boot (0x1200)  (1cf201412f0213464cb101bf59833b11) \Device\Harddisk0\DR0\Partition1
08:45:22.0573 5952        \Device\Harddisk0\DR0\Partition1 - ok
08:45:22.0588 5952        Boot (0x1200)  (9dadb1f068c32f9436258323a47f7f23) \Device\Harddisk0\DR0\Partition2
08:45:22.0604 5952        \Device\Harddisk0\DR0\Partition2 - ok
08:45:22.0604 5952        ============================================================
08:45:22.0604 5952        Scan finished
08:45:22.0604 5952        ============================================================
08:45:22.0620 5456        Detected object count: 3
08:45:22.0620 5456        Actual detected object count: 3
08:45:42.0681 5456        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
08:45:42.0681 5456        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:45:42.0681 5456        pgsql-8.3 ( UnsignedFile.Multi.Generic ) - skipped by user
08:45:42.0681 5456        pgsql-8.3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:45:42.0697 5456        sptd ( LockedFile.Multi.Generic ) - skipped by user
08:45:42.0697 5456        sptd ( LockedFile.Multi.Generic ) - User select action: Skip


cosinus 13.06.2012 09:31

Ja den Stick kannst du anstecken, durch das Deaktivieren der Autowiedergabe wird auch nichts automatisch ausgeführt

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Magnetiseur 13.06.2012 10:37

Hilfe. Ich hab den Echtzeitscanner ausgeschalten. Trotzdem meldet ComboFix, dass "folgende Real-Time-Scanner aktiv sind:
antivirus: Avira Desktop
antispyware: Avira Desktop"

Habe schon in der Hilfe und in Foren nach Deaktivieren gesucht, jedoch nichts anderes gefunden, als das was ich gemacht habe. Was soll ich tun (muss ich es deinstallieren, das ist noch eine andere Möglichkeit die ich gefunden habe...)

Jetzt bin ich noch über die Systemsteuerung rein "Sytem und Sicherheit" Muss ich vielleicht hier unter Allgemeines Warnungen die Häkchen alle wegmachen?

Sorry, dass ich mich so dumm anstelle :(

Hallo,

ich habe jetzt in der Konfiguration auch bei "Allgemeines" - "Sicherheit" alle Häkchen weggemacht - dacht, das ist es und habe dann auf ok bei ComboFix geclickt. Das meldet jetzt:

"antivirus: Avira Desktop
antispyware: Avira Desktop

Die obigen Real-Time-Scanner sind immer noch aktivv aber ComboFix wird trotzdem mit dem Scuhlauf fortfahren. Bitte nehme zur Kenntnis, das dies in eigener Verantwortung geschieht"

Ich kann nur OK und nicht ABBRECHEN klicken...

Was kann ich tun?

Gruß,
Magnetiseur

Also ich denke, jetzt habe ich es doch geschafft ComboFix richtig auszuführen (habe Antivir deninstalliert) Entschuldige bitte nochmal, dass ich mit den Fragen danach - für dich wahrscheinlich Kleinigkeiten - genervt habe. Hat das jetzt auch die 2 (ziemlich sicher infizierten) USB-Sticks, die wärenddessen eingesteckt waren, gescannt und gereinigt bzw. wenn nicht, mit welchem Programm/Tool kann ich das tun?
Es folgt das ComboFix-Log:

Combofix Logfile:
Code:

ComboFix 12-06-13.01 - Sarah 13.06.2012  15:06:38.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3005.1870 [GMT 2:00]
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\windows\IsUn0407.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-13 bis 2012-06-13  ))))))))))))))))))))))))))))))
.
.
2012-06-13 13:13 . 2012-06-13 13:15        --------        d-----w-        c:\users\Sarah\AppData\Local\temp
2012-06-13 13:13 . 2012-06-13 13:13        --------        d-----w-        c:\users\postgres\AppData\Local\temp
2012-06-13 13:13 . 2012-06-13 13:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-13 10:35 . 2012-05-17 22:24        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-13 10:35 . 2012-05-17 23:21        140920        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2012-06-13 10:35 . 2012-05-17 22:31        194560        ----a-w-        c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 10:35 . 2012-05-17 22:31        194048        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2012-06-13 06:41 . 2012-04-28 03:17        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-13 06:41 . 2012-05-15 01:05        2343936        ----a-w-        c:\windows\system32\win32k.sys
2012-06-13 06:41 . 2012-04-26 04:45        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-13 06:41 . 2012-04-26 04:45        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-13 06:41 . 2012-04-26 04:41        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-12 05:53 . 2012-06-12 05:53        --------        d-----w-        C:\_OTL
2012-06-10 19:51 . 2012-06-10 19:51        --------        d-----w-        c:\program files\ESET
2012-06-09 11:32 . 2012-06-09 11:32        770384        ----a-w-        c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-09 11:32 . 2012-06-09 11:32        421200        ----a-w-        c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-08 17:36 . 2012-06-08 17:36        --------        d-----w-        c:\programdata\HitmanPro
2012-06-08 10:37 . 2012-06-08 10:37        --------        d-----w-        c:\program files\madagaskar
2012-06-08 10:37 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-08 10:34 . 2012-06-08 10:34        --------        d-sh--w-        c:\windows\system32\%APPDATA%
2012-06-08 09:53 . 2012-06-08 09:53        --------        d-----w-        c:\programdata\F4D55F3B00017A63000BC0D3B4EB23C1
2012-06-08 09:47 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADDEA680-1ACE-4137-8456-D23A24763456}\mpengine.dll
2012-06-03 13:34 . 2012-06-03 13:34        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 13:34 . 2012-02-02 22:23        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-31 04:39 . 2012-05-09 19:33        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 19:33        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-03-30 10:23 . 2012-05-09 19:34        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-03-27 18:41 . 2009-12-08 17:23        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-27 18:41 . 2010-11-05 17:35        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-27 18:41 . 2010-01-06 07:55        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-03-19 21:22 . 2010-05-04 07:35        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-19 20:59 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-03-17 07:27 . 2012-05-09 19:33        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-06-09 11:32 . 2011-05-16 19:24        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-17 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-16 98304]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-01-05 3372328]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-01-05 1053992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\madagaskar\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2010-1-7 356352]
SMART Board-Werkzeuge.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-1-5 11154728]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-5-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 257696]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 201168]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-09 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-19 691696]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-10-28 583128]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
S2 MBAMService;MBAMService;c:\program files\madagaskar\mbamservice.exe [2012-04-04 654408]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2009-12-15 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2009-12-15 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2009-12-15 13440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 13:34]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 14:32]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 14:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4F84A043-FD63-43E5-8299-06DDA3ED9C9F}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{57D0DCD6-B7E1-4D82-916B-816B68ACA0C5}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{9539C053-D6E2-4FA1-A6F6-49629EE48D8E}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-CPN Notifier - c:\program files\Cake Poker 2.0\PokerNotifier.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Umwelt Technik Arbeitsblätter 2 - c:\windows\IsUn0407.exe
AddRemove-Winload Toolbar - c:\progra~1\Winload\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(632)
c:\program files\SMART Technologies\SMART Product Drivers\UtahHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\conhost.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\WUDFHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\SMART Technologies\SMART Product Drivers\Aware.exe
c:\program files\SMART Technologies\SMART Product Drivers\Marker.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-13  15:20:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-13 13:20
.
Vor Suchlauf: 12 Verzeichnis(se), 94.420.967.424 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 94.291.087.360 Bytes frei
.
- - End Of File - - C7A489ED39E8F7822C2F1CE300F4BD47

--- --- ---

cosinus 13.06.2012 15:46

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Folder::
c:\windows\system32\%APPDATA%
c:\programdata\F4D55F3B00017A63000BC0D3B4EB23C1

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Magnetiseur 13.06.2012 20:40

Ok, hier das nächste Log:

Combofix Logfile:
Code:

ComboFix 12-06-13.04 - Sarah 13.06.2012  20:30:27.2.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3005.1743 [GMT 2:00]
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sarah\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\F4D55F3B00017A63000BC0D3B4EB23C1
c:\programdata\F4D55F3B00017A63000BC0D3B4EB23C1\F4D55F3B00017A63000BC0D3B4EB23C1
c:\windows\system32\%APPDATA%
c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-13 bis 2012-06-13  ))))))))))))))))))))))))))))))
.
.
2012-06-13 18:38 . 2012-06-13 18:38        --------        d-----w-        c:\users\Sarah\AppData\Local\temp
2012-06-13 18:38 . 2012-06-13 18:38        --------        d-----w-        c:\users\postgres\AppData\Local\temp
2012-06-13 18:38 . 2012-06-13 18:38        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-13 15:21 . 2012-06-13 15:21        4126880        ----a-w-        c:\windows\system32\FlashPlayerInstaller.exe
2012-06-13 15:08 . 2012-06-13 15:08        --------        d-----w-        c:\program files\Common Files\Skype
2012-06-13 14:54 . 2012-06-13 14:54        --------        d-----w-        c:\users\Sarah\AppData\Local\Macromedia
2012-06-13 14:51 . 2012-06-13 14:51        --------        d-----w-        c:\programdata\Apple Computer
2012-06-13 14:48 . 2012-06-13 14:48        476936        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-06-13 14:33 . 2012-06-13 14:33        --------        d-----w-        c:\users\Sarah\AppData\Local\Secunia PSI
2012-06-13 14:33 . 2012-06-13 14:33        --------        d-----w-        c:\program files\Secunia
2012-06-13 10:35 . 2012-05-17 22:24        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-13 10:35 . 2012-05-17 23:21        140920        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2012-06-13 10:35 . 2012-05-17 22:31        194560        ----a-w-        c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 10:35 . 2012-05-17 22:31        194048        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2012-06-13 06:41 . 2012-04-28 03:17        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-13 06:41 . 2012-05-15 01:05        2343936        ----a-w-        c:\windows\system32\win32k.sys
2012-06-13 06:41 . 2012-04-26 04:45        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-13 06:41 . 2012-04-26 04:45        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-13 06:41 . 2012-04-26 04:41        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-12 05:53 . 2012-06-12 05:53        --------        d-----w-        C:\_OTL
2012-06-10 19:51 . 2012-06-10 19:51        --------        d-----w-        c:\program files\ESET
2012-06-09 11:32 . 2012-06-09 11:32        770384        ----a-w-        c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-09 11:32 . 2012-06-09 11:32        421200        ----a-w-        c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-08 17:36 . 2012-06-08 17:36        --------        d-----w-        c:\programdata\HitmanPro
2012-06-08 10:37 . 2012-06-08 10:37        --------        d-----w-        c:\program files\madagaskar
2012-06-08 10:37 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-08 09:47 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADDEA680-1ACE-4137-8456-D23A24763456}\mpengine.dll
2012-06-03 13:34 . 2012-06-13 15:21        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 15:21 . 2012-02-02 22:23        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 14:48 . 2010-05-04 07:35        472840        ----a-w-        c:\windows\system32\deployJava1.dll
2012-04-18 18:56 . 2012-04-18 18:56        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2012-03-31 04:39 . 2012-05-09 19:33        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 19:33        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-03-30 10:23 . 2012-05-09 19:34        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-03-27 18:41 . 2009-12-08 17:23        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-27 18:41 . 2010-11-05 17:35        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-27 18:41 . 2010-01-06 07:55        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-03-19 20:59 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-03-17 07:27 . 2012-05-09 19:33        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-06-09 11:32 . 2011-05-16 19:24        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-17 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-01-05 3372328]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-01-05 1053992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Malwarebytes' Anti-Malware"="c:\program files\madagaskar\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2010-1-7 356352]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
SMART Board-Werkzeuge.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-1-5 11154728]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-5-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 257696]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 201168]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-09 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-19 691696]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-10-28 583128]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
S2 MBAMService;MBAMService;c:\program files\madagaskar\mbamservice.exe [2012-04-04 654408]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2009-12-15 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2009-12-15 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2009-12-15 13440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 15:21]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 14:32]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 14:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4F84A043-FD63-43E5-8299-06DDA3ED9C9F}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{57D0DCD6-B7E1-4D82-916B-816B68ACA0C5}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{9539C053-D6E2-4FA1-A6F6-49629EE48D8E}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-13  20:47:14
ComboFix-quarantined-files.txt  2012-06-13 18:47
ComboFix2.txt  2012-06-13 13:20
.
Vor Suchlauf: 15 Verzeichnis(se), 92.251.070.464 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 92.079.673.344 Bytes frei
.
- - End Of File - - 009475CDDF7289FBEACB488D2E874126

--- --- ---


Vielen Dank mal wieder und Gruß,
Magnetiseur

cosinus 13.06.2012 21:37

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Magnetiseur 14.06.2012 19:20

Gmer:

Code:

GMER Logfile:

       
Code:

       
GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2012-06-14 20:16:38
Windows 6.1.7601 Service Pack 1


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                83438AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                83438104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                834383F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                83420634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                83420898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                834381DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                83438958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                834386F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                83438F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                834391A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                83050989 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                  830704E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\spph.sys                                                                                               Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                                   94263D81 5 Bytes  JMP 871381D8
.text           am0ugcsc.SYS                                                                                                            91C01000 12 Bytes  [44, 38, 42, 83, EE, 36, 42, ...]
.text           am0ugcsc.SYS                                                                                                            91C0100D 9 Bytes  [17, 42, 83, 48, 3B, 42, 83, ...] {POP SS; INC EDX; OR DWORD [EAX+0x3b], 0x42; ADD DWORD [EAX], 0x0}
.text           am0ugcsc.SYS                                                                                                            91C01017 20 Bytes  [00, DE, 27, B1, 8B, E6, 25, ...]
.text           am0ugcsc.SYS                                                                                                            91C0102C 149 Bytes  [00, 00, 00, 00, D0, B7, 04, ...]
.text           am0ugcsc.SYS                                                                                                            91C010C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                    
.text           peauth.sys                                                                                                              AF4B5C9E 27 Bytes  [18, 82, 0D, 11, 20, AE, 61, ...]
.text           peauth.sys                                                                                                              AF4B5CC2 27 Bytes  [18, 82, 0D, 11, 20, AE, 61, ...]

---- User code sections - GMER 1.0.15 ----

.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtCreateFile + 6                  76E155CE 4 Bytes  [28, 00, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtCreateFile + B                  76E155D3 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtCreateKey + 6                   76E1560E 4 Bytes  [68, 01, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtCreateKey + B                   76E15613 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtCreateMutant + 6                76E1564E 4 Bytes  [68, 02, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtCreateMutant + B                76E15653 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtCreateSection + 6               76E156EE 4 Bytes  [A8, 02, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtCreateSection + B               76E156F3 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtMapViewOfSection + 6            76E15C2E 4 Bytes  CALL 75E17B37 C:\windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtMapViewOfSection + B            76E15C33 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenFile + 6                    76E15CDE 4 Bytes  [68, 00, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenFile + B                    76E15CE3 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenKey + 6                     76E15D0E 4 Bytes  [A8, 01, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenKey + B                     76E15D13 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenKeyEx + 6                   76E15D1E 4 Bytes  CALL 75E17C24 C:\windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenKeyEx + B                   76E15D23 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenMutant + 6                  76E15D5E 4 Bytes  [28, 02, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenMutant + B                  76E15D63 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenProcess + 6                 76E15D8E 1 Byte  [68]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenProcess + 6                 76E15D8E 4 Bytes  [68, 03, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenProcess + B                 76E15D93 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenProcessToken + 6            76E15D9E 1 Byte  [A8]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenProcessToken + 6            76E15D9E 4 Bytes  [A8, 03, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenProcessToken + B            76E15DA3 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenProcessTokenEx + 6          76E15DAE 4 Bytes  [68, 04, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenProcessTokenEx + B          76E15DB3 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenSection + 6                 76E15DCE 4 Bytes  CALL 75E17CD5 C:\windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenSection + B                 76E15DD3 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenThread + 6                  76E15E0E 1 Byte  [28]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenThread + 6                  76E15E0E 4 Bytes  [28, 03, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenThread + B                  76E15E13 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenThreadToken + 6             76E15E1E 4 Bytes  [28, 04, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenThreadToken + B             76E15E23 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenThreadTokenEx + 6           76E15E2E 4 Bytes  [A8, 04, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtOpenThreadTokenEx + B           76E15E33 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtQueryAttributesFile + 6         76E15F3E 4 Bytes  [A8, 00, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtQueryAttributesFile + B         76E15F43 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtQueryFullAttributesFile + 6     76E15FEE 4 Bytes  CALL 75E17EF3 C:\windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtQueryFullAttributesFile + B     76E15FF3 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtSetInformationFile + 6          76E1663E 4 Bytes  [28, 01, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtSetInformationFile + B          76E16643 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtSetInformationThread + 6        76E1669E 1 Byte  [E8]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtSetInformationThread + 6        76E1669E 4 Bytes  CALL 75E185A6 C:\windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtSetInformationThread + B        76E166A3 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtUnmapViewOfSection + 6          76E169BE 4 Bytes  [28, 05, 1F, 00]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ntdll.dll!NtUnmapViewOfSection + B          76E169C3 1 Byte  [E2]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] kernel32.dll!CreateProcessW                 763D204D 5 Bytes  JMP 00010030
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] kernel32.dll!CreateProcessA                 763D2082 5 Bytes  JMP 00010070
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!DeleteObject                      764B5F14 5 Bytes  JMP 004901B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!SelectObject                      764B6640 5 Bytes  JMP 004905F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!SetTextColor                      764B6906 5 Bytes  JMP 004909F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!SetBkMode                         764B69B1 5 Bytes  JMP 004908B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!DeleteDC                          764B6EAA 5 Bytes  JMP 00490170
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!GetDeviceCaps                     764B6F7F 5 Bytes  JMP 004903B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!ExtSelectClipRgn                  764B7114 5 Bytes  JMP 004902F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!SelectClipRgn                     764B7242 5 Bytes  JMP 004905B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!SetStretchBltMode                 764B7705 5 Bytes  JMP 00490670
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!GetCurrentObject                  764B7917 5 Bytes  JMP 00490370
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!GetTextMetricsW                   764B7B8F 5 Bytes  JMP 00490DF0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!GetTextAlign                      764B7DAF 5 Bytes  JMP 00490D30
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!IntersectClipRect                 764B7DFE 5 Bytes  JMP 004903F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!ExtTextOutW                       764B8192 5 Bytes  JMP 00490930
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!SetTextAlign                      764B828E 5 Bytes  JMP 004909B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!GetClipBox                        764B8525 5 Bytes  JMP 00490330
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!MoveToEx                          764B8C21 5 Bytes  JMP 00490470
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!StretchDIBits                     764BA53E 5 Bytes  JMP 00490730
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!RestoreDC                         764BA67B 5 Bytes  JMP 00490530
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!SaveDC                            764BA74B 5 Bytes  JMP 00490570
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!GetTextExtentPoint32W             764BB4B5 5 Bytes  JMP 00490630
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!GetTextFaceW                      764BB73A 2 Bytes  JMP 00490CF0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!GetTextFaceW + 3                  764BB73D 2 Bytes  [FD, 89]
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!GetFontData                       764BBCC4 5 Bytes  JMP 00490C30
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!SetWorldTransform                 764BC90A 5 Bytes  JMP 004906B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!CreateDCA                         764BCCA9 5 Bytes  JMP 004900B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!CreateDCW                         764BCF79 5 Bytes  JMP 004900F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!CreateICW                         764BCFD0 5 Bytes  JMP 00490130
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!GetTextMetricsA                   764BD0F2 5 Bytes  JMP 00490DB0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!Rectangle                         764BF1FF 5 Bytes  JMP 00490970
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!LineTo                            764BF59B 5 Bytes  JMP 00490430
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!SetICMMode                        764BFAA4 5 Bytes  JMP 00490D70
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!ExtTextOutA                       764C03F9 5 Bytes  JMP 004908F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!ExtEscape                         764C2949 5 Bytes  JMP 004902B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!Escape                            764C3939 5 Bytes  JMP 00490270
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!GetTextFaceA                      764C3E6A 5 Bytes  JMP 00490CB0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!SetPolyFillMode                   764CD851 5 Bytes  JMP 00490AF0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!SetMiterLimit                     764CDA0D 5 Bytes  JMP 00490B30
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!EndPage                           764D00D7 5 Bytes  JMP 00490230
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!ResetDCW                          764D050D 5 Bytes  JMP 00490A70
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!GetGlyphOutlineW                  764DC1BA 5 Bytes  JMP 00490C70
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!CreateScalableFontResourceW       764DE817 5 Bytes  JMP 00490B70
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!AddFontResourceW                  764DEC13 5 Bytes  JMP 00490BB0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!RemoveFontResourceW               764DF109 5 Bytes  JMP 00490BF0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!AbortDoc                          764E4C63 5 Bytes  JMP 00490030
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!EndDoc                            764E50AA 5 Bytes  JMP 004901F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!StartPage                         764E5195 5 Bytes  JMP 004906F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!StartDocW                         764E5BB0 5 Bytes  JMP 004907B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!BeginPath                         764E635D 5 Bytes  JMP 004907F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!SelectClipPath                    764E63B4 5 Bytes  JMP 00490AB0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!CloseFigure                       764E640F 5 Bytes  JMP 00490070
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!EndPath                           764E6466 5 Bytes  JMP 00490A30
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!StrokePath                        764E6699 5 Bytes  JMP 00490770
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!FillPath                          764E6726 5 Bytes  JMP 00490830
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!PolylineTo                        764E6B94 5 Bytes  JMP 004904F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!PolyBezierTo                      764E6C25 5 Bytes  JMP 004904B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] GDI32.dll!PolyDraw                          764E6CD7 5 Bytes  JMP 00490870
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!ActivateKeyboardLayout           76508203 5 Bytes  JMP 004A04F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!ScreenToClient                   7650A506 7 Bytes  JMP 004A0670
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!RegisterClipboardFormatA         7650C091 5 Bytes  JMP 004A02F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!RegisterClipboardFormatW         7650DF8D 5 Bytes  JMP 004A02B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!SetCursor                        76513075 5 Bytes  JMP 004A0530
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!MonitorFromWindow                76513622 7 Bytes  JMP 004A0630
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!PostMessageW                     7651447B 5 Bytes  JMP 004A05F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!IsWindowVisible                  76514D69 7 Bytes  JMP 004A06B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!GetClientRect                    765154DD 7 Bytes  JMP 004A05B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!MapWindowPoints                  76515CAA 5 Bytes  JMP 004A0570
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!GetParent                        76516029 7 Bytes  JMP 004A06F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!EmptyClipboard                   7652290C 5 Bytes  JMP 004A0130
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!SetClipboardData                 76522962 5 Bytes  JMP 004A0170
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!GetClipboardData                 76522BA7 5 Bytes  JMP 004A0030
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!GetClipboardFormatNameW          76525FD2 5 Bytes  JMP 004A0230
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!SetClipboardViewer               76526FF6 5 Bytes  JMP 004A04B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!GetClipboardFormatNameA          7652700A 5 Bytes  JMP 004A0270
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!ChangeClipboardChain             7653147C 5 Bytes  JMP 004A0430
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!GetTopWindow                     765324D9 7 Bytes  JMP 004A0730
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!CloseClipboard                   7653446C 5 Bytes  JMP 004A00B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!OpenClipboard                    7653447E 5 Bytes  JMP 004A0070
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!IsClipboardFormatAvailable       765344FF 5 Bytes  JMP 004A00F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!GetClipboardSequenceNumber       76534513 5 Bytes  JMP 004A0330
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!GetClipboardOwner                76534525 5 Bytes  JMP 004A0370
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!CountClipboardFormats            7653470A 5 Bytes  JMP 004A01F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!EnumClipboardFormats             765347EC 5 Bytes  JMP 004A01B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!GetOpenClipboardWindow           7653480B 5 Bytes  JMP 004A03F0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!SetCursorPos                     7654C1B0 5 Bytes  JMP 004A0770
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!GetClipboardViewer               76564AF7 5 Bytes  JMP 004A0470
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] USER32.dll!GetPriorityClipboardFormat       76564BF9 5 Bytes  JMP 004A03B0
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ole32.dll!OleSetClipboard                   762D0045 5 Bytes  JMP 004B0030
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ole32.dll!OleIsCurrentClipboard             762D36B2 5 Bytes  JMP 004B0070
.text           C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe[4128] ole32.dll!OleGetClipboard                   762FFDCD 5 Bytes  JMP 004B00B0
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4136] USER32.dll!SetWindowLongA                                   76508BA3 5 Bytes  JMP 663CFB5F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4136] USER32.dll!SetWindowLongW                                   76514449 5 Bytes  JMP 663CFAEE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4136] USER32.dll!GetWindowInfo                                    76514B5E 5 Bytes  JMP 661AA76C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4136] USER32.dll!TrackPopupMenu                                   76522228 5 Bytes  JMP 661AAD79 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4720] ntdll.dll!LdrLoadDll                                                 76E3223E 5 Bytes  JMP 6602696F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4720] kernel32.dll!MapViewOfFile                                           764193DB 5 Bytes  JMP 662D0219 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4720] kernel32.dll!VirtualAlloc                                            7641C43A 5 Bytes  JMP 662D0240 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4720] GDI32.dll!CreateDIBSection                                           764B8850 5 Bytes  JMP 662D01A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice]                                                       [8BA40DDC] \SystemRoot\System32\Drivers\spph.sys
IAT             \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                          [8BA40E30] \SystemRoot\System32\Drivers\spph.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                [8BA16042] \SystemRoot\System32\Drivers\spph.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                               [8BA166D6] \SystemRoot\System32\Drivers\spph.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                        [8BA16800] \SystemRoot\System32\Drivers\spph.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                         [8BA1613E] \SystemRoot\System32\Drivers\spph.sys
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortNotification]                                              00147880
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortQuerySystemTime]                                           78800C75
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortReadPortUchar]                                             06750015
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortStallExecution]                                            C25DC033
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortWritePortUchar]                                            458B0008
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortWritePortUlong]                                            6A006A08
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                        50056A24
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                             005AB7E8
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                      0001B800
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortGetParentBusType]                                          C25D0000
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortRequestCallback]                                           CCCC0008
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                     CCCCCCCC
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                      CCCCCCCC
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortCompleteRequest]                                           CCCCCCCC
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortCopyMemory]                                                53EC8B55
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortEtwTraceLog]                                               800C5D8B
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                 [7500117B] \Windows\System32\KernelBase.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                    127B806A
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                      80647500
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                      [7500137B] \Windows\System32\KernelBase.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortInitialize]                                                157B805E
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortGetDeviceBase]                                             56587500
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[ataport.SYS!AtaPortDeviceStateChange]                                         8008758B
IAT             \SystemRoot\System32\Drivers\am0ugcsc.SYS[NTOSKRNL.exe!KeTickCount]                                                     78801875

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\windows\System32\rundll32.exe[3792] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                   [74E9FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\windows\System32\rundll32.exe[3792] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                    [74E9FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\windows\System32\rundll32.exe[3792] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                 [74E9FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\windows\System32\rundll32.exe[3792] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                  [74E9FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                  856211F8
Device          \FileSystem\fastfat \FatCdrom                                                                                           8875B1F8
Device          \Driver\USBSTOR \Device\0000008e                                                                                        870061F8
Device          \Driver\USBSTOR \Device\0000008f                                                                                        870061F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\sptd \Device\3919484750                                                                                         spph.sys
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                        871371F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                        871371F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                        871371F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                        87122500
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                        871371F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                        871371F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{E366DA8A-EC55-4CAC-9A1B-0C76A4645162}                                                870AC1F8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                        871371F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{EEEEF2AB-EDE4-4BD2-A76D-15A1B293ADDA}                                                870AC1F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                  8561B1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\usbehci \Device\USBPDO-7                                                                                        87122500
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                  8561B1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                            86FFA388
Device          \Driver\ACPI_HAL \Device\00000059                                                                                       halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                  8561B1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom1                                                                                            86FFA388
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                  8561B1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\PCI_PNP8748 \Device\00000067                                                                                    spph.sys
Device          \Driver\volmgr \Device\HarddiskVolume5                                                                                  8561B1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume6                                                                                  8561B1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000090                                                                                        870061F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                 870AC1F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                        871371F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                        871371F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                        871371F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                        87122500
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                        871371F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                        871371F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                        871371F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                        87122500
Device          \Driver\am0ugcsc \Device\Scsi\am0ugcsc1Port1Path0Target0Lun0                                                            871CE1F8
Device          \Driver\am0ugcsc \Device\Scsi\am0ugcsc1                                                                                 871CE1F8
Device          \Driver\USBSTOR \Device\0000008d                                                                                        870061F8
Device          \FileSystem\fastfat \Fat                                                                                                8875B1F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4A5CA166-60F7-4DCA-8306-8EB9C8AA11E3}@InterfaceName  isatap.{8BDC05D5-E6EA-4AAE-91E5-21E400887E5D}
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4A5CA166-60F7-4DCA-8306-8EB9C8AA11E3}@ReusableType   0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                      771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                      285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                      1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                       
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xBA 0xF6 0x7D 0x63 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                              
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xC3 0xA3 0x88 0xC9 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xE6 0xF3 0x54 0x28 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                           
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0xBA 0xF6 0x7D 0x63 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0xC3 0xA3 0x88 0xC9 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                             
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0xE6 0xF3 0x54 0x28 ...

---- EOF - GMER 1.0.15 ----


--- --- ---

Der angegebene OSAM-Link funktioniert leider nicht. Kann es auch sonst nicht finden (gegenwärtig nur auf Russisch verfügbar). Kann ich den Schritt überspringen und mit aswMBR.exe fortfahren?

Gruß und danke,
Magnetiseur

cosinus 15.06.2012 12:04

OSAM sollte wieder gehen => http://www2.online-solutions.ru/en/d...e.php?p=131115

Magnetiseur 18.06.2012 11:46

Danke für den neuen Link. Hier das Osam-Log (hoffe ich hab das richtige bei der Onlineabfrage übersprungen...)

Code:

OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:43:29 on 18.06.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 13.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"SMARTBoardCPL" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardCPL.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv10" (acedrv10) - "Protect Software GmbH" - C:\windows\system32\drivers\acedrv10.sys
"acehlp10" (acehlp10) - "Protect Software GmbH" - C:\windows\system32\drivers\acehlp10.sys
"af61p3zx" (af61p3zx) - "Microsoft Corporation" - C:\windows\system32\drivers\af61p3zx.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"catchme" (catchme) - ? - C:\Users\Sarah\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\windows\system32\Drivers\CVPNDRVA.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys
"PSI" (PSI) - "Secunia" - C:\windows\System32\DRIVERS\psi_mf.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Click to call with Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe
"PokerStars.fr" - "PokerStars" - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{67BCF957-85FC-4036-8DC4-D4D80E00A77B} "CIEDownload Object" - "SMART Technologies ULC." - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.1.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Scanner Finder.lnk" - ? - C:\Program Files\ScanWizard 5\ScannerFinder.exe  (Shortcut exists | File exists)
"Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)
"SMART Board-Werkzeuge.lnk" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe  (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\madagaskar\mbamgui.exe" /starttray
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SMART Board Service" - "SMART Technologies" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
"SMART SNMP Agent" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"SMART Local Port" - "SMART Technologies ULC" - C:\windows\system32\smrtlocalmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\madagaskar\mbamservice.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Oberon Media Game Console service" (OberonGameConsoleService) - ? - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PostgreSQL Database Server 8.3" (pgsql-8.3) - "PostgreSQL Global Development Group" - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\windows\system32\PSIService.exe
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files\Secunia\PSI\sua.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===


--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

danke und Gruß
Magnetiseur

und noch das log von aswMBR:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-18 12:47:37
-----------------------------
12:47:37.108    OS Version: Windows 6.1.7601 Service Pack 1
12:47:37.108    Number of processors: 2 586 0x170A
12:47:37.108    ComputerName: SARAH-PC  UserName: Sarah
12:47:58.574    Initialize success
12:49:06.539    AVAST engine defs: 12061800
12:49:38.659    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:49:38.659    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
12:49:38.691    Disk 0 MBR read successfully
12:49:38.691    Disk 0 MBR scan
12:49:38.706    Disk 0 unknown MBR code
12:49:38.706    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
12:49:38.737    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
12:49:38.753    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      144890 MB offset 31664128
12:49:38.784    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      144893 MB offset 328398848
12:49:38.800    Disk 0 scanning sectors +625139712
12:49:38.878    Disk 0 scanning C:\windows\system32\drivers
12:49:49.361    Service scanning
12:50:07.753    Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
12:50:13.635    Modules scanning
12:50:22.215    Disk 0 trace - called modules:
12:50:22.230    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spxg.sys halmacpi.dll >>UNKNOWN [0x855f6938]<<
12:50:22.230    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e0f670]
12:50:22.246    3 CLASSPNP.SYS[8c37259e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8635c028]
12:50:23.260    AVAST engine scan C:\windows
12:50:25.943    AVAST engine scan C:\windows\system32
12:53:04.783    AVAST engine scan C:\windows\system32\drivers
12:53:18.433    AVAST engine scan C:\Users\Sarah
12:58:00.419    AVAST engine scan C:\ProgramData
13:02:20.814    Scan finished successfully
13:06:13.988    Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
13:06:13.988    The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR18.06..txt"


cosinus 18.06.2012 14:12

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Magnetiseur 02.07.2012 10:27

Hallo,

hier ein neues Log von aswMBR nach dem FixMBR und Neustart:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-02 11:06:24
-----------------------------
11:06:24.916    OS Version: Windows 6.1.7601 Service Pack 1
11:06:24.916    Number of processors: 2 586 0x170A
11:06:24.916    ComputerName: SARAH-PC  UserName: Sarah
11:06:49.907    Initialize success
11:06:58.316    AVAST engine defs: 12070200
11:07:03.900    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:07:03.900    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
11:07:03.916    Disk 0 MBR read successfully
11:07:03.916    Disk 0 MBR scan
11:07:03.932    Disk 0 Windows 7 default MBR code
11:07:03.947    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
11:07:03.963    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
11:07:03.978    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      144890 MB offset 31664128
11:07:04.010    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      144893 MB offset 328398848
11:07:04.010    Disk 0 scanning sectors +625139712
11:07:04.088    Disk 0 scanning C:\windows\system32\drivers
11:07:15.632    Service scanning
11:07:38.111    Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
11:07:44.180    Modules scanning
11:07:53.555    Disk 0 trace - called modules:
11:07:53.586    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sppe.sys halmacpi.dll >>UNKNOWN [0x855f6938]<<
11:07:53.586    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e0f848]
11:07:53.602    3 CLASSPNP.SYS[8c39d59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86346028]
11:07:54.694    AVAST engine scan C:\windows
11:07:57.440    AVAST engine scan C:\windows\system32
11:10:44.859    AVAST engine scan C:\windows\system32\drivers
11:11:00.194    AVAST engine scan C:\Users\Sarah
11:17:40.101    AVAST engine scan C:\ProgramData
11:22:07.969    Scan finished successfully
11:23:26.187    Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
11:23:26.187    The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR02.07.12.log"

Und danke mal wieder!

Gruß
Magnetiseur

cosinus 02.07.2012 13:30

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Magnetiseur 02.07.2012 17:32

1. Teil - Malwarebytes:

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [Administrator]

Schutz: Aktiviert

02.07.2012 17:29:51
mbam-log-2012-07-02 (18-29-34).log

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343326
Laufzeit: 47 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\_OTL\MovedFiles\06122012_075340\C_windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\06122012_075340\C_windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\06122012_075340\C_windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)

Soll ich die infizierten Dateien entfernen?
Und die in Quarantäne löschen?

Danke und Gruß,
Magnetiseur

so hier die Analyse von SUPERantispyware - werde sie aber nochmal laufen lassen, da ich das mit der Scan-Kontrolle erst nach dem Scan entdeckt habe...

Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/02/2012 at 07:22 PM

Application Version : 5.5.1006

Core Rules Database Version : 8829
Trace Rules Database Version: 6641

Scan type      : Complete Scan
Total Scan Time : 00:34:31

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 781
Memory threats detected  : 0
Registry items scanned    : 38253
Registry threats detected : 0
File items scanned        : 36876
File threats detected    : 206

Adware.Tracking Cookie
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@adx.chip[1].txt [ /adx.chip ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\EM1CF0NH.txt [ /www.zanox-affiliate.de ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\O4QJ7UM2.txt [ /zanox-affiliate.de ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\ZGBXCD0L.txt [ /mediaplex.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\MWGRTTOP.txt [ /zanox.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\6WHO36EA.txt [ /fastclick.net ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\VWAS81NM.txt [ /adfarm1.adition.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\CPXQNVCZ.txt [ /imrworldwide.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\2Z9CJMX0.txt [ /apmebf.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\Z44F6O44.txt [ /dyntracker.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\UMDZ7A3F.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\RFNE60AL.txt [ /atdmt.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\68LL45J6.txt [ /adform.net ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\9RAJSZ15.txt [ /tracking.quisma.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\35I9ZFE7.txt [ /c.atdmt.com ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPNF0S2D.txt [ Cookie:sarah@mediaplex.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@content.yieldmanager[1].txt [ Cookie:sarah@content.yieldmanager.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\PCXPBGHO.txt [ Cookie:sarah@doubleclick.net/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@webmasterplan[2].txt [ Cookie:sarah@webmasterplan.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\SW51CH46.txt [ Cookie:sarah@banners.victor.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\J5M42J46.txt [ Cookie:sarah@apmebf.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@tracking.mlsat02[1].txt [ Cookie:sarah@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@bs.serving-sys[1].txt [ Cookie:sarah@bs.serving-sys.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@serving-sys[1].txt [ Cookie:sarah@serving-sys.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\BUHVLCXI.txt [ Cookie:sarah@ad.yieldmanager.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\LW09YIY4.txt [ Cookie:sarah@atdmt.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\3UPVARMP.txt [ Cookie:sarah@rambler.ru/ ]
        C:\USERS\SARAH\Cookies\EM1CF0NH.txt [ Cookie:sarah@www.zanox-affiliate.de/ ]
        C:\USERS\SARAH\Cookies\O4QJ7UM2.txt [ Cookie:sarah@zanox-affiliate.de/ ]
        C:\USERS\SARAH\Cookies\ZGBXCD0L.txt [ Cookie:sarah@mediaplex.com/ ]
        C:\USERS\SARAH\Cookies\MWGRTTOP.txt [ Cookie:sarah@zanox.com/ ]
        C:\USERS\SARAH\Cookies\VWAS81NM.txt [ Cookie:sarah@adfarm1.adition.com/ ]
        C:\USERS\SARAH\Cookies\CPXQNVCZ.txt [ Cookie:sarah@imrworldwide.com/cgi-bin ]
        C:\USERS\SARAH\Cookies\2Z9CJMX0.txt [ Cookie:sarah@apmebf.com/ ]
        C:\USERS\SARAH\Cookies\Z44F6O44.txt [ Cookie:sarah@dyntracker.com/ ]
        C:\USERS\SARAH\Cookies\UMDZ7A3F.txt [ Cookie:sarah@ad1.adfarm1.adition.com/ ]
        C:\USERS\SARAH\Cookies\RFNE60AL.txt [ Cookie:sarah@atdmt.com/ ]
        C:\USERS\SARAH\Cookies\68LL45J6.txt [ Cookie:sarah@adform.net/ ]
        C:\USERS\SARAH\Cookies\35I9ZFE7.txt [ Cookie:sarah@c.atdmt.com/ ]
        mediathek.daserste.de [ C:\USERS\SARAH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WKTPPLEB ]
        .e-2dj6wgkosiczokq.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfk4qpcpebo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        adsrv.admediate.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        adsrv.admediate.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjlogmdzsaq.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjmiqjd5cfp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .nextag.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfkikpd5eeo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wmmywod5wlo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjloupajagq.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdmyghdzglp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wgliknczsfp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wnmiwgdjgco.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .xm.xtendmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .adcentriconline.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .medialand.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .medialand.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .medialand.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .tns-counter.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        tracking.11880.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        tracking.11880.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfmiuod5mco.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .engine.goodadvert.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjkoegdzeho.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .creativdiscount.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wnlyqkc5sgo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wbkowgdzshq.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjlyqmczcbp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfkowjazcao.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.office-discount.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjkoshd5mfp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdl4wpcjsbo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6aekikid5cfp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjk4smdzehp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        count.cross-solution.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www6.addfreestats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.office-discount.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www8.addfreestats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6aekiukd5mao.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdl4kpajwfp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wnl4ulczeep.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfmioncpwap.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjlysmcjkkp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .traffichaus.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdlicndpelo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        dfb.stats.yum.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.ad-track.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .secmedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .c.gigcount.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        tracking.gameforge.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        ads20.wwe-media.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        publishers.domainadvertising.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.track-visits.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .harrenmedianetwork.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wgkiejdjidp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        ads2.zeusclicks.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        tracking.sim-technik.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .gostats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .velmedia.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .quartermedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .bizrate.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wakowld5klq.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .tto2.traffictrack.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .banners.victor.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .azjmp.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        dc.tremormedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wnlysnd5oco.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wgmyggczccp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .openstat.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .spylog.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .olympiaverlag.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        mediathek.daserste.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.ardmediathek.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]

und noch einmal korrekt durchgeführt:

Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/02/2012 at 08:57 PM

Application Version : 5.5.1006

Core Rules Database Version : 8830
Trace Rules Database Version: 6642

Scan type      : Complete Scan
Total Scan Time : 01:15:37

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 786
Memory threats detected  : 0
Registry items scanned    : 38253
Registry threats detected : 0
File items scanned        : 126806
File threats detected    : 208

Adware.Tracking Cookie
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@adx.chip[1].txt [ /adx.chip ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\EM1CF0NH.txt [ /www.zanox-affiliate.de ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\O4QJ7UM2.txt [ /zanox-affiliate.de ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\ZGBXCD0L.txt [ /mediaplex.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\MWGRTTOP.txt [ /zanox.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\6WHO36EA.txt [ /fastclick.net ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\VWAS81NM.txt [ /adfarm1.adition.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\CPXQNVCZ.txt [ /imrworldwide.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\2Z9CJMX0.txt [ /apmebf.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\Z44F6O44.txt [ /dyntracker.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\UMDZ7A3F.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\RFNE60AL.txt [ /atdmt.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\68LL45J6.txt [ /adform.net ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\9RAJSZ15.txt [ /tracking.quisma.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\35I9ZFE7.txt [ /c.atdmt.com ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPNF0S2D.txt [ Cookie:sarah@mediaplex.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@content.yieldmanager[1].txt [ Cookie:sarah@content.yieldmanager.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\PCXPBGHO.txt [ Cookie:sarah@doubleclick.net/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@webmasterplan[2].txt [ Cookie:sarah@webmasterplan.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\SW51CH46.txt [ Cookie:sarah@banners.victor.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\J5M42J46.txt [ Cookie:sarah@apmebf.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@tracking.mlsat02[1].txt [ Cookie:sarah@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@bs.serving-sys[1].txt [ Cookie:sarah@bs.serving-sys.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@serving-sys[1].txt [ Cookie:sarah@serving-sys.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\BUHVLCXI.txt [ Cookie:sarah@ad.yieldmanager.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\LW09YIY4.txt [ Cookie:sarah@atdmt.com/ ]
        C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\3UPVARMP.txt [ Cookie:sarah@rambler.ru/ ]
        C:\USERS\SARAH\Cookies\EM1CF0NH.txt [ Cookie:sarah@www.zanox-affiliate.de/ ]
        C:\USERS\SARAH\Cookies\O4QJ7UM2.txt [ Cookie:sarah@zanox-affiliate.de/ ]
        C:\USERS\SARAH\Cookies\ZGBXCD0L.txt [ Cookie:sarah@mediaplex.com/ ]
        C:\USERS\SARAH\Cookies\MWGRTTOP.txt [ Cookie:sarah@zanox.com/ ]
        C:\USERS\SARAH\Cookies\VWAS81NM.txt [ Cookie:sarah@adfarm1.adition.com/ ]
        C:\USERS\SARAH\Cookies\CPXQNVCZ.txt [ Cookie:sarah@imrworldwide.com/cgi-bin ]
        C:\USERS\SARAH\Cookies\2Z9CJMX0.txt [ Cookie:sarah@apmebf.com/ ]
        C:\USERS\SARAH\Cookies\Z44F6O44.txt [ Cookie:sarah@dyntracker.com/ ]
        C:\USERS\SARAH\Cookies\UMDZ7A3F.txt [ Cookie:sarah@ad1.adfarm1.adition.com/ ]
        C:\USERS\SARAH\Cookies\RFNE60AL.txt [ Cookie:sarah@atdmt.com/ ]
        C:\USERS\SARAH\Cookies\68LL45J6.txt [ Cookie:sarah@adform.net/ ]
        C:\USERS\SARAH\Cookies\35I9ZFE7.txt [ Cookie:sarah@c.atdmt.com/ ]
        mediathek.daserste.de [ C:\USERS\SARAH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WKTPPLEB ]
        C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@AD.ADC-SERV[1].TXT [ /AD.ADC-SERV ]
        C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@ADX.CHIP[2].TXT [ /ADX.CHIP ]
        .e-2dj6wgkosiczokq.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfk4qpcpebo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        adsrv.admediate.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        adsrv.admediate.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjlogmdzsaq.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjmiqjd5cfp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .nextag.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfkikpd5eeo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wmmywod5wlo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjloupajagq.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdmyghdzglp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wgliknczsfp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wnmiwgdjgco.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .xm.xtendmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .adcentriconline.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .medialand.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .medialand.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .medialand.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .tns-counter.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        tracking.11880.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        tracking.11880.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfmiuod5mco.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .engine.goodadvert.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjkoegdzeho.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .creativdiscount.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wnlyqkc5sgo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wbkowgdzshq.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjlyqmczcbp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfkowjazcao.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.office-discount.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjkoshd5mfp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdl4wpcjsbo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6aekikid5cfp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjk4smdzehp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        count.cross-solution.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www6.addfreestats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.office-discount.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www8.addfreestats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6aekiukd5mao.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdl4kpajwfp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wnl4ulczeep.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfmioncpwap.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjlysmcjkkp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .traffichaus.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdlicndpelo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        dfb.stats.yum.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.ad-track.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .secmedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .c.gigcount.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        tracking.gameforge.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        ads20.wwe-media.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        publishers.domainadvertising.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.track-visits.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .harrenmedianetwork.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wgkiejdjidp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        ads2.zeusclicks.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        tracking.sim-technik.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .gostats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .velmedia.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .pokertracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .quartermedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .bizrate.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wakowld5klq.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .tto2.traffictrack.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .banners.victor.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .azjmp.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        dc.tremormedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wnlysnd5oco.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wgmyggczccp.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .openstat.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .spylog.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .olympiaverlag.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        mediathek.daserste.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.ardmediathek.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\COOKIES.SQLITE ]


cosinus 03.07.2012 11:19

Sieht ok aus, da wurden nur Cookies gefunden. Die anderen Funde sind harmlos weil die in der Q von OTL gefunden wurden
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Magnetiseur 03.07.2012 14:59

Hallo Arne,

erstmal vielen und herzlichen Dank für deine Hilfe - ich hätte sonst keine Ahnung gehabt, was ich machen soll! Ich spende euch gerne etwas! PC bzw. System scheinen wieder einwandfrei zu sein.

Eine Frage habe ich aber noch - vielleicht gibts da auch nen Extrathread, den icht nicht gefunden habe. Welche/welches der Programme (OTL, Antimalware, SUPERantispyware...) kann oder soll ich den benutzen um eventuell infizierte USB-Sticks zu checken? Oder steck ich die rein und mach nen ganzen Systemcheck? Und kann ich die Logs hier oder woanders posten?

Viele Grüße,
Magnetiseur

Und soll ich die von Malware gefundenen moved Files von OTL entfernen bzw. ist das egal?

cosinus 03.07.2012 15:50

Zitat:

infizierte USB-Sticks zu checken?
Erstmal Automatische Wiedergabe (Autorun) komplett stillegen, danach kannste mit Malwarebytes oder einem Scanner rübergehen.
Mit Autorunwürmern infizierte Sticks haben auch immer eine autorun.inf Datei drauf, direkt im Hauptverzeichnis des Sticks

Automatische Wiedergabe deaktivieren

Windows XP: Zur Vereinfachung hab ich mal die noautoplay.reg hochgeladen. Lad das auf dem Desktop herunter, führ die Datei aus und bestätige mit ja. Nach einem Neustart des Rechners ist die automatische Wiedergabe (von Datenträgern) auf allen Laufwerken deaktiviert, d.h. keine CD, kein Stick oder sonstwas startet nach dem Einstecken mehr automatisch.

Windows Vista/7: In der Systemsteuerung unter automatische Wiedergabe von CDs und anderen Medien alles deaktivieren. => siehe auch Einstellungen für automatische Wiedergabe ändern



Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => http://www.adobe.com/software/flash/about/
Downloadlinks => http://www.adobe.com/products/flashp...ribution3.html

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Magnetiseur 03.07.2012 18:54

Hallo Arne,
Vielen, vielen Dank!!! :) :)
Ich glaub tatsächlich, jetzt ist alles gut.

Danke für die Sicherheitstipps, Secunia PSI hab ich bereits vor einigen Wochen beim Stöbern nach PRÄVENTIVEN Sicherheitstipps auf eurem Trojanerboard auf allen Rechnern meiner WG installiert :)

(Konstruktiver Vorschlag zum Schluss: Auf diese Tipps könntet ihr so wie auf das Spendenkonto oder auf das KEINE HILFE PER PN hinweisen)

Die Spende, die ich mir leisten kann, ist unterwegs.

Herzliche Grüße,
Magnetiseur

cosinus 04.07.2012 16:49

Die Signatur ist auf eine bestimmte Anzahl von Zeichen beschränkt
Man kann einfach nicht alles Mögliche in die Signatur klatschen


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:36 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58