Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU/ BKA Trojaner (https://www.trojaner-board.de/118565-gvu-bka-trojaner.html)

andra45 14.07.2012 16:28

Hallo Arne,
nichts gefunden sieht wohl gut aus

Code:

17:21:23.0767 1308        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
17:21:23.0861 1308        ============================================================
17:21:23.0861 1308        Current date / time: 2012/07/14 17:21:23.0861
17:21:23.0861 1308        SystemInfo:
17:21:23.0861 1308       
17:21:23.0861 1308        OS Version: 6.0.6002 ServicePack: 2.0
17:21:23.0861 1308        Product type: Workstation
17:21:23.0861 1308        ComputerName: ***-PC
17:21:23.0861 1308        UserName: ***
17:21:23.0861 1308        Windows directory: C:\Windows
17:21:23.0861 1308        System windows directory: C:\Windows
17:21:23.0861 1308        Processor architecture: Intel x86
17:21:23.0861 1308        Number of processors: 2
17:21:23.0861 1308        Page size: 0x1000
17:21:23.0861 1308        Boot type: Normal boot
17:21:23.0861 1308        ============================================================
17:21:25.0093 1308        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:21:25.0202 1308        ============================================================
17:21:25.0202 1308        \Device\Harddisk0\DR0:
17:21:25.0202 1308        MBR partitions:
17:21:25.0202 1308        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x186A0000
17:21:25.0202 1308        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x249F0000
17:21:25.0202 1308        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3D090800, BlocksNum 0x37675800
17:21:25.0202 1308        ============================================================
17:21:25.0233 1308        C: <-> \Device\Harddisk0\DR0\Partition0
17:21:25.0265 1308        D: <-> \Device\Harddisk0\DR0\Partition1
17:21:25.0311 1308        E: <-> \Device\Harddisk0\DR0\Partition2
17:21:25.0311 1308        ============================================================
17:21:25.0311 1308        Initialize success
17:21:25.0311 1308        ============================================================
17:23:12.0044 0480        ============================================================
17:23:12.0044 0480        Scan started
17:23:12.0044 0480        Mode: Manual; SigCheck; TDLFS;
17:23:12.0044 0480        ============================================================
17:23:12.0949 0480        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:23:13.0027 0480        ACPI - ok
17:23:13.0105 0480        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:23:13.0121 0480        AdobeARMservice - ok
17:23:13.0183 0480        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:23:13.0199 0480        AdobeFlashPlayerUpdateSvc - ok
17:23:13.0261 0480        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:23:13.0277 0480        adp94xx - ok
17:23:13.0324 0480        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:23:13.0339 0480        adpahci - ok
17:23:13.0355 0480        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:23:13.0355 0480        adpu160m - ok
17:23:13.0370 0480        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:23:13.0386 0480        adpu320 - ok
17:23:13.0402 0480        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:23:13.0480 0480        AeLookupSvc - ok
17:23:13.0511 0480        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:23:13.0558 0480        AFD - ok
17:23:13.0589 0480        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:23:13.0589 0480        agp440 - ok
17:23:13.0620 0480        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:23:13.0620 0480        aic78xx - ok
17:23:13.0636 0480        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:23:13.0714 0480        ALG - ok
17:23:13.0729 0480        aliide          (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
17:23:13.0745 0480        aliide - ok
17:23:13.0745 0480        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:23:13.0760 0480        amdagp - ok
17:23:13.0760 0480        amdide          (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
17:23:13.0776 0480        amdide - ok
17:23:13.0792 0480        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:23:13.0885 0480        AmdK7 - ok
17:23:13.0916 0480        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
17:23:13.0948 0480        AmdK8 - ok
17:23:13.0979 0480        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:23:14.0010 0480        Appinfo - ok
17:23:14.0057 0480        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:23:14.0072 0480        Apple Mobile Device - ok
17:23:14.0088 0480        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:23:14.0104 0480        arc - ok
17:23:14.0104 0480        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:23:14.0119 0480        arcsas - ok
17:23:14.0135 0480        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:23:14.0182 0480        AsyncMac - ok
17:23:14.0197 0480        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:23:14.0197 0480        atapi - ok
17:23:14.0228 0480        AtiPcie        (a356e45e8432432c06981ea63a1e0fe8) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:23:14.0228 0480        AtiPcie - ok
17:23:14.0275 0480        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:23:14.0306 0480        AudioEndpointBuilder - ok
17:23:14.0322 0480        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:23:14.0338 0480        Audiosrv - ok
17:23:14.0353 0480        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:23:14.0384 0480        Beep - ok
17:23:14.0416 0480        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:23:14.0447 0480        BFE - ok
17:23:14.0509 0480        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:23:14.0587 0480        BITS - ok
17:23:14.0603 0480        blbdrive - ok
17:23:14.0650 0480        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:23:14.0681 0480        Bonjour Service - ok
17:23:14.0696 0480        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:23:14.0728 0480        bowser - ok
17:23:14.0743 0480        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:23:14.0774 0480        BrFiltLo - ok
17:23:14.0774 0480        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:23:14.0806 0480        BrFiltUp - ok
17:23:14.0837 0480        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:23:14.0884 0480        Browser - ok
17:23:14.0884 0480        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:23:14.0946 0480        Brserid - ok
17:23:14.0962 0480        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:23:15.0008 0480        BrSerWdm - ok
17:23:15.0024 0480        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:23:15.0086 0480        BrUsbMdm - ok
17:23:15.0118 0480        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:23:15.0164 0480        BrUsbSer - ok
17:23:15.0180 0480        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:23:15.0227 0480        BTHMODEM - ok
17:23:15.0258 0480        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:23:15.0274 0480        cdfs - ok
17:23:15.0289 0480        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:23:15.0336 0480        cdrom - ok
17:23:15.0352 0480        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:23:15.0383 0480        CertPropSvc - ok
17:23:15.0398 0480        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:23:15.0445 0480        circlass - ok
17:23:15.0461 0480        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:23:15.0476 0480        CLFS - ok
17:23:15.0523 0480        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:23:15.0539 0480        clr_optimization_v2.0.50727_32 - ok
17:23:15.0570 0480        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:23:15.0570 0480        clr_optimization_v4.0.30319_32 - ok
17:23:15.0586 0480        cmdide          (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
17:23:15.0601 0480        cmdide - ok
17:23:15.0617 0480        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
17:23:15.0617 0480        Compbatt - ok
17:23:15.0617 0480        COMSysApp - ok
17:23:15.0632 0480        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:23:15.0632 0480        crcdisk - ok
17:23:15.0648 0480        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:23:15.0695 0480        Crusoe - ok
17:23:15.0742 0480        CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
17:23:15.0757 0480        CryptSvc - ok
17:23:15.0804 0480        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:23:15.0851 0480        DcomLaunch - ok
17:23:15.0866 0480        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:23:15.0898 0480        DfsC - ok
17:23:15.0991 0480        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:23:16.0147 0480        DFSR - ok
17:23:16.0225 0480        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:23:16.0241 0480        Dhcp - ok
17:23:16.0272 0480        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:23:16.0288 0480        disk - ok
17:23:16.0319 0480        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:23:16.0350 0480        Dnscache - ok
17:23:16.0381 0480        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:23:16.0397 0480        dot3svc - ok
17:23:16.0412 0480        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
17:23:16.0444 0480        Dot4 - ok
17:23:16.0459 0480        Dot4Print      (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:23:16.0490 0480        Dot4Print - ok
17:23:16.0490 0480        dot4usb        (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
17:23:16.0522 0480        dot4usb - ok
17:23:16.0553 0480        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:23:16.0568 0480        DPS - ok
17:23:16.0584 0480        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:23:16.0615 0480        drmkaud - ok
17:23:16.0662 0480        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:23:16.0693 0480        DXGKrnl - ok
17:23:16.0724 0480        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:23:16.0771 0480        E1G60 - ok
17:23:16.0802 0480        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:23:16.0818 0480        EapHost - ok
17:23:16.0849 0480        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:23:16.0865 0480        Ecache - ok
17:23:16.0896 0480        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:23:16.0943 0480        ehRecvr - ok
17:23:16.0958 0480        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:23:16.0990 0480        ehSched - ok
17:23:17.0005 0480        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:23:17.0021 0480        ehstart - ok
17:23:17.0036 0480        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:23:17.0052 0480        elxstor - ok
17:23:17.0099 0480        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:23:17.0161 0480        EMDMgmt - ok
17:23:17.0177 0480        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:23:17.0208 0480        EventSystem - ok
17:23:17.0224 0480        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:23:17.0270 0480        exfat - ok
17:23:17.0286 0480        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:23:17.0317 0480        fastfat - ok
17:23:17.0333 0480        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:23:17.0380 0480        fdc - ok
17:23:17.0380 0480        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:23:17.0395 0480        fdPHost - ok
17:23:17.0411 0480        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:23:17.0458 0480        FDResPub - ok
17:23:17.0473 0480        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:23:17.0489 0480        FileInfo - ok
17:23:17.0489 0480        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:23:17.0520 0480        Filetrace - ok
17:23:17.0536 0480        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:23:17.0582 0480        flpydisk - ok
17:23:17.0598 0480        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:23:17.0614 0480        FltMgr - ok
17:23:17.0692 0480        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:23:17.0754 0480        FontCache - ok
17:23:17.0816 0480        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:23:17.0816 0480        FontCache3.0.0.0 - ok
17:23:17.0832 0480        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
17:23:17.0863 0480        Fs_Rec - ok
17:23:17.0879 0480        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:23:17.0894 0480        gagp30kx - ok
17:23:17.0910 0480        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:23:17.0910 0480        GEARAspiWDM - ok
17:23:17.0957 0480        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:23:18.0035 0480        gpsvc - ok
17:23:18.0066 0480        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:23:18.0113 0480        HdAudAddService - ok
17:23:18.0160 0480        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:23:18.0238 0480        HDAudBus - ok
17:23:18.0269 0480        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:23:18.0300 0480        HidBth - ok
17:23:18.0316 0480        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:23:18.0362 0480        HidIr - ok
17:23:18.0378 0480        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:23:18.0409 0480        hidserv - ok
17:23:18.0425 0480        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:23:18.0456 0480        HidUsb - ok
17:23:18.0472 0480        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:23:18.0503 0480        hkmsvc - ok
17:23:18.0503 0480        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:23:18.0518 0480        HpCISSs - ok
17:23:18.0550 0480        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:23:18.0628 0480        HTTP - ok
17:23:18.0643 0480        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:23:18.0643 0480        i2omp - ok
17:23:18.0690 0480        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:23:18.0706 0480        i8042prt - ok
17:23:18.0721 0480        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:23:18.0737 0480        iaStorV - ok
17:23:18.0846 0480        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:23:18.0908 0480        idsvc - ok
17:23:18.0955 0480        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:23:18.0971 0480        iirsp - ok
17:23:19.0002 0480        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:23:19.0033 0480        IKEEXT - ok
17:23:19.0142 0480        IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
17:23:19.0205 0480        IntcAzAudAddService - ok
17:23:19.0298 0480        intelide        (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys
17:23:19.0298 0480        intelide - ok
17:23:19.0330 0480        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
17:23:19.0361 0480        intelppm - ok
17:23:19.0392 0480        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:23:19.0408 0480        IPBusEnum - ok
17:23:19.0439 0480        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:23:19.0454 0480        IpFilterDriver - ok
17:23:19.0486 0480        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:23:19.0501 0480        iphlpsvc - ok
17:23:19.0501 0480        IpInIp - ok
17:23:19.0517 0480        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:23:19.0579 0480        IPMIDRV - ok
17:23:19.0595 0480        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:23:19.0626 0480        IPNAT - ok
17:23:19.0688 0480        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
17:23:19.0751 0480        iPod Service - ok
17:23:19.0798 0480        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:23:19.0829 0480        IRENUM - ok
17:23:19.0844 0480        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:23:19.0860 0480        isapnp - ok
17:23:19.0891 0480        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:23:19.0891 0480        iScsiPrt - ok
17:23:19.0907 0480        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:23:19.0907 0480        iteatapi - ok
17:23:19.0922 0480        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:23:19.0938 0480        iteraid - ok
17:23:19.0954 0480        JRAID          (222e263cc06e47bda386fe19b88e8583) C:\Windows\system32\drivers\jraid.sys
17:23:19.0985 0480        JRAID - ok
17:23:20.0016 0480        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:23:20.0016 0480        kbdclass - ok
17:23:20.0047 0480        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:23:20.0063 0480        kbdhid - ok
17:23:20.0094 0480        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:23:20.0110 0480        KeyIso - ok
17:23:20.0156 0480        KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
17:23:20.0172 0480        KSecDD - ok
17:23:20.0219 0480        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:23:20.0250 0480        KtmRm - ok
17:23:20.0266 0480        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:23:20.0297 0480        LanmanServer - ok
17:23:20.0328 0480        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:23:20.0359 0480        LanmanWorkstation - ok
17:23:20.0390 0480        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:23:20.0406 0480        lltdio - ok
17:23:20.0453 0480        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:23:20.0468 0480        lltdsvc - ok
17:23:20.0484 0480        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:23:20.0531 0480        lmhosts - ok
17:23:20.0562 0480        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:23:20.0562 0480        LSI_FC - ok
17:23:20.0578 0480        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:23:20.0578 0480        LSI_SAS - ok
17:23:20.0609 0480        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:23:20.0609 0480        LSI_SCSI - ok
17:23:20.0624 0480        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:23:20.0656 0480        luafv - ok
17:23:20.0687 0480        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:23:20.0702 0480        Mcx2Svc - ok
17:23:20.0718 0480        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:23:20.0734 0480        megasas - ok
17:23:20.0749 0480        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:23:20.0780 0480        MMCSS - ok
17:23:20.0812 0480        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:23:20.0843 0480        Modem - ok
17:23:20.0858 0480        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:23:20.0874 0480        monitor - ok
17:23:20.0890 0480        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:23:20.0905 0480        mouclass - ok
17:23:20.0921 0480        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:23:20.0936 0480        mouhid - ok
17:23:20.0952 0480        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:23:20.0952 0480        MountMgr - ok
17:23:20.0999 0480        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:23:20.0999 0480        MozillaMaintenance - ok
17:23:21.0046 0480        MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
17:23:21.0061 0480        MpFilter - ok
17:23:21.0092 0480        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:23:21.0108 0480        mpio - ok
17:23:21.0124 0480        MpKsld96b4d87  (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00D3692-DA15-4DDD-9475-3A468B56A98F}\MpKsld96b4d87.sys
17:23:21.0139 0480        MpKsld96b4d87 - ok
17:23:21.0155 0480        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:23:21.0186 0480        mpsdrv - ok
17:23:21.0217 0480        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:23:21.0264 0480        MpsSvc - ok
17:23:21.0264 0480        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:23:21.0280 0480        Mraid35x - ok
17:23:21.0295 0480        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:23:21.0311 0480        MRxDAV - ok
17:23:21.0326 0480        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:23:21.0358 0480        mrxsmb - ok
17:23:21.0389 0480        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:23:21.0404 0480        mrxsmb10 - ok
17:23:21.0420 0480        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:23:21.0436 0480        mrxsmb20 - ok
17:23:21.0451 0480        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
17:23:21.0482 0480        msahci - ok
17:23:21.0498 0480        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:23:21.0514 0480        msdsm - ok
17:23:21.0545 0480        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:23:21.0576 0480        MSDTC - ok
17:23:21.0592 0480        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:23:21.0623 0480        Msfs - ok
17:23:21.0638 0480        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:23:21.0638 0480        msisadrv - ok
17:23:21.0670 0480        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:23:21.0685 0480        MSiSCSI - ok
17:23:21.0701 0480        msiserver - ok
17:23:21.0716 0480        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:23:21.0748 0480        MSKSSRV - ok
17:23:21.0779 0480        MsMpSvc        (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:23:21.0794 0480        MsMpSvc - ok
17:23:21.0826 0480        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:23:21.0841 0480        MSPCLOCK - ok
17:23:21.0857 0480        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:23:21.0872 0480        MSPQM - ok
17:23:21.0888 0480        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:23:21.0904 0480        MsRPC - ok
17:23:21.0919 0480        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:23:21.0935 0480        mssmbios - ok
17:23:21.0935 0480        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:23:21.0966 0480        MSTEE - ok
17:23:21.0982 0480        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:23:21.0997 0480        Mup - ok
17:23:22.0013 0480        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:23:22.0044 0480        napagent - ok
17:23:22.0075 0480        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:23:22.0106 0480        NativeWifiP - ok
17:23:22.0138 0480        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:23:22.0169 0480        NDIS - ok
17:23:22.0200 0480        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:23:22.0216 0480        NdisTapi - ok
17:23:22.0231 0480        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:23:22.0247 0480        Ndisuio - ok
17:23:22.0278 0480        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:23:22.0294 0480        NdisWan - ok
17:23:22.0325 0480        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:23:22.0340 0480        NDProxy - ok
17:23:22.0356 0480        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:23:22.0387 0480        NetBIOS - ok
17:23:22.0418 0480        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:23:22.0434 0480        netbt - ok
17:23:22.0450 0480        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:23:22.0465 0480        Netlogon - ok
17:23:22.0496 0480        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:23:22.0528 0480        Netman - ok
17:23:22.0543 0480        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:23:22.0574 0480        netprofm - ok
17:23:22.0637 0480        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:23:22.0637 0480        NetTcpPortSharing - ok
17:23:22.0668 0480        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:23:22.0668 0480        nfrd960 - ok
17:23:22.0699 0480        NgFilter        (41e8a98c7dfb2f25942347f1fc9fbb04) C:\Windows\system32\DRIVERS\ngfilter.sys
17:23:22.0902 0480        NgFilter - ok
17:23:22.0933 0480        NgLog          (3a42e4d433809346bf192093580eb702) C:\Windows\system32\DRIVERS\nglog.sys
17:23:22.0949 0480        NgLog - ok
17:23:22.0964 0480        NgVpn          (b8189d438e4a3d6c92aafae87b9fe516) C:\Windows\system32\DRIVERS\ngvpn.sys
17:23:22.0964 0480        NgVpn - ok
17:23:22.0996 0480        NgVpnMgr        (99207440306bf046f6ebc6483ef0b423) C:\Windows\system32\ngvpnmgr.exe
17:23:22.0996 0480        NgVpnMgr - ok
17:23:23.0011 0480        NgWfp          (fe2c3b7fba0f55a1aa8d0628a952eec5) C:\Windows\system32\DRIVERS\ngwfp.sys
17:23:23.0011 0480        NgWfp - ok
17:23:23.0042 0480        NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:23:23.0058 0480        NisDrv - ok
17:23:23.0105 0480        NisSrv          (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
17:23:23.0120 0480        NisSrv - ok
17:23:23.0152 0480        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:23:23.0183 0480        NlaSvc - ok
17:23:23.0261 0480        NMIndexingService (7b273501c59d52978b761f82bebadb06) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
17:23:23.0276 0480        NMIndexingService - ok
17:23:23.0292 0480        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:23:23.0308 0480        Npfs - ok
17:23:23.0323 0480        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:23:23.0354 0480        nsi - ok
17:23:23.0370 0480        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:23:23.0386 0480        nsiproxy - ok
17:23:23.0432 0480        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:23:23.0510 0480        Ntfs - ok
17:23:23.0542 0480        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:23:23.0588 0480        ntrigdigi - ok
17:23:23.0604 0480        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:23:23.0635 0480        Null - ok
17:23:23.0963 0480        nvlddmkm        (6ef47521dce982602a25afb41dd13d4f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:23:24.0602 0480        nvlddmkm - ok
17:23:24.0774 0480        nvraid          (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
17:23:24.0836 0480        nvraid - ok
17:23:24.0836 0480        nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
17:23:24.0868 0480        nvstor - ok
17:23:24.0914 0480        NVSvc          (725754030d809ed7f802399ac5b0ad3d) C:\Windows\system32\nvvsvc.exe
17:23:25.0008 0480        NVSvc - ok
17:23:25.0039 0480        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:23:25.0055 0480        nv_agp - ok
17:23:25.0055 0480        NwlnkFlt - ok
17:23:25.0070 0480        NwlnkFwd - ok
17:23:25.0117 0480        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:23:25.0148 0480        ohci1394 - ok
17:23:25.0195 0480        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:23:25.0195 0480        ose - ok
17:23:25.0242 0480        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:23:25.0320 0480        p2pimsvc - ok
17:23:25.0320 0480        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:23:25.0382 0480        p2psvc - ok
17:23:25.0429 0480        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:23:25.0460 0480        Parport - ok
17:23:25.0507 0480        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
17:23:25.0523 0480        partmgr - ok
17:23:25.0523 0480        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:23:25.0570 0480        Parvdm - ok
17:23:25.0585 0480        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:23:25.0616 0480        PcaSvc - ok
17:23:25.0648 0480        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:23:25.0648 0480        pci - ok
17:23:25.0663 0480        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:23:25.0679 0480        pciide - ok
17:23:25.0694 0480        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:23:25.0710 0480        pcmcia - ok
17:23:25.0726 0480        PDNMp50        (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\drivers\PDNMp50.sys
17:23:25.0726 0480        PDNMp50 - ok
17:23:25.0757 0480        PDNSp50        (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\drivers\PDNSp50.sys
17:23:25.0772 0480        PDNSp50 - ok
17:23:25.0819 0480        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:23:25.0944 0480        PEAUTH - ok
17:23:26.0022 0480        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:23:26.0147 0480        pla - ok
17:23:26.0256 0480        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:23:26.0272 0480        PlugPlay - ok
17:23:26.0350 0480        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:23:26.0381 0480        PNRPAutoReg - ok
17:23:26.0381 0480        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:23:26.0412 0480        PNRPsvc - ok
17:23:26.0443 0480        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:23:26.0506 0480        PolicyAgent - ok
17:23:26.0521 0480        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:23:26.0552 0480        PptpMiniport - ok
17:23:26.0584 0480        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:23:26.0630 0480        Processor - ok
17:23:26.0646 0480        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:23:26.0662 0480        ProfSvc - ok
17:23:26.0693 0480        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:23:26.0708 0480        ProtectedStorage - ok
17:23:26.0724 0480        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:23:26.0740 0480        PSched - ok
17:23:26.0802 0480        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:23:26.0833 0480        ql2300 - ok
17:23:26.0849 0480        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:23:26.0864 0480        ql40xx - ok
17:23:26.0880 0480        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:23:26.0911 0480        QWAVE - ok
17:23:26.0911 0480        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:23:26.0942 0480        QWAVEdrv - ok
17:23:26.0958 0480        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:23:26.0989 0480        RasAcd - ok
17:23:27.0005 0480        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:23:27.0036 0480        RasAuto - ok
17:23:27.0052 0480        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:23:27.0083 0480        Rasl2tp - ok
17:23:27.0114 0480        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:23:27.0130 0480        RasMan - ok
17:23:27.0161 0480        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:23:27.0176 0480        RasPppoe - ok
17:23:27.0192 0480        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:23:27.0208 0480        RasSstp - ok
17:23:27.0239 0480        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:23:27.0254 0480        rdbss - ok
17:23:27.0270 0480        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:23:27.0301 0480        RDPCDD - ok
17:23:27.0332 0480        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:23:27.0379 0480        rdpdr - ok
17:23:27.0395 0480        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:23:27.0410 0480        RDPENCDD - ok
17:23:27.0457 0480        RDPWD          (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
17:23:27.0488 0480        RDPWD - ok
17:23:27.0520 0480        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:23:27.0551 0480        RemoteAccess - ok
17:23:27.0566 0480        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:23:27.0582 0480        RemoteRegistry - ok
17:23:27.0598 0480        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:23:27.0629 0480        RpcLocator - ok
17:23:27.0660 0480        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:23:27.0707 0480        RpcSs - ok
17:23:27.0707 0480        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:23:27.0738 0480        rspndr - ok
17:23:27.0769 0480        RTL8169        (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
17:23:27.0785 0480        RTL8169 - ok
17:23:27.0800 0480        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:23:27.0816 0480        SamSs - ok
17:23:27.0847 0480        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:23:27.0863 0480        sbp2port - ok
17:23:27.0894 0480        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:23:27.0956 0480        SCardSvr - ok
17:23:28.0175 0480        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:23:28.0237 0480        Schedule - ok
17:23:28.0253 0480        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:23:28.0284 0480        SCPolicySvc - ok
17:23:28.0315 0480        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:23:28.0331 0480        SDRSVC - ok
17:23:28.0346 0480        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:23:28.0393 0480        secdrv - ok
17:23:28.0424 0480        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:23:28.0440 0480        seclogon - ok
17:23:28.0471 0480        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:23:28.0518 0480        SENS - ok
17:23:28.0705 0480        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
17:23:28.0736 0480        Serenum - ok
17:23:28.0752 0480        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
17:23:28.0783 0480        Serial - ok
17:23:28.0799 0480        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:23:28.0814 0480        sermouse - ok
17:23:28.0877 0480        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:23:28.0892 0480        SessionEnv - ok
17:23:28.0924 0480        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:23:28.0970 0480        sffdisk - ok
17:23:29.0017 0480        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:23:29.0064 0480        sffp_mmc - ok
17:23:29.0080 0480        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:23:29.0111 0480        sffp_sd - ok
17:23:29.0142 0480        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:23:29.0189 0480        sfloppy - ok
17:23:29.0236 0480        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:23:29.0251 0480        SharedAccess - ok
17:23:29.0314 0480        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:23:29.0360 0480        ShellHWDetection - ok
17:23:29.0376 0480        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:23:29.0392 0480        sisagp - ok
17:23:29.0438 0480        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:23:29.0438 0480        SiSRaid2 - ok
17:23:29.0454 0480        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:23:29.0470 0480        SiSRaid4 - ok
17:23:29.0657 0480        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:23:29.0844 0480        slsvc - ok
17:23:29.0969 0480        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:23:30.0000 0480        SLUINotify - ok
17:23:30.0031 0480        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:23:30.0047 0480        Smb - ok
17:23:30.0094 0480        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:23:30.0094 0480        SNMPTRAP - ok
17:23:30.0109 0480        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:23:30.0125 0480        spldr - ok
17:23:30.0156 0480        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:23:30.0187 0480        Spooler - ok
17:23:30.0218 0480        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:23:30.0265 0480        srv - ok
17:23:30.0281 0480        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:23:30.0312 0480        srv2 - ok
17:23:30.0328 0480        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:23:30.0343 0480        srvnet - ok
17:23:30.0359 0480        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:23:30.0374 0480        SSDPSRV - ok
17:23:30.0390 0480        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:23:30.0421 0480        SstpSvc - ok
17:23:30.0468 0480        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:23:30.0530 0480        stisvc - ok
17:23:30.0546 0480        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:23:30.0562 0480        swenum - ok
17:23:30.0593 0480        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:23:30.0624 0480        swprv - ok
17:23:30.0655 0480        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:23:30.0671 0480        Symc8xx - ok
17:23:30.0686 0480        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:23:30.0686 0480        Sym_hi - ok
17:23:30.0702 0480        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:23:30.0702 0480        Sym_u3 - ok
17:23:30.0749 0480        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:23:30.0796 0480        SysMain - ok
17:23:30.0811 0480        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:23:30.0842 0480        TabletInputService - ok
17:23:30.0874 0480        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:23:30.0905 0480        TapiSrv - ok
17:23:30.0936 0480        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:23:30.0967 0480        TBS - ok
17:23:31.0061 0480        Tcpip          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
17:23:31.0108 0480        Tcpip - ok
17:23:31.0123 0480        Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
17:23:31.0201 0480        Tcpip6 - ok
17:23:31.0248 0480        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:23:31.0264 0480        tcpipreg - ok
17:23:31.0279 0480        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:23:31.0295 0480        TDPIPE - ok
17:23:31.0326 0480        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:23:31.0342 0480        TDTCP - ok
17:23:31.0357 0480        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:23:31.0388 0480        tdx - ok
17:23:31.0404 0480        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:23:31.0420 0480        TermDD - ok
17:23:31.0451 0480        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:23:31.0513 0480        TermService - ok
17:23:31.0544 0480        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:23:31.0560 0480        Themes - ok
17:23:31.0591 0480        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:23:31.0607 0480        THREADORDER - ok
17:23:31.0654 0480        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:23:31.0685 0480        TrkWks - ok
17:23:31.0716 0480        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:23:31.0732 0480        TrustedInstaller - ok
17:23:31.0747 0480        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:23:31.0763 0480        tssecsrv - ok
17:23:31.0794 0480        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:23:31.0810 0480        tunmp - ok
17:23:31.0825 0480        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:23:31.0841 0480        tunnel - ok
17:23:31.0856 0480        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:23:31.0872 0480        uagp35 - ok
17:23:31.0903 0480        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:23:31.0919 0480        udfs - ok
17:23:31.0950 0480        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:23:31.0966 0480        UI0Detect - ok
17:23:31.0997 0480        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:23:31.0997 0480        uliagpkx - ok
17:23:32.0012 0480        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:23:32.0028 0480        uliahci - ok
17:23:32.0044 0480        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:23:32.0059 0480        UlSata - ok
17:23:32.0075 0480        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:23:32.0090 0480        ulsata2 - ok
17:23:32.0106 0480        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:23:32.0122 0480        umbus - ok
17:23:32.0153 0480        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:23:32.0184 0480        upnphost - ok
17:23:32.0215 0480        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
17:23:32.0231 0480        USBAAPL - ok
17:23:32.0246 0480        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:23:32.0278 0480        usbccgp - ok
17:23:32.0293 0480        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:23:32.0324 0480        usbcir - ok
17:23:32.0340 0480        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:23:32.0356 0480        usbehci - ok
17:23:32.0371 0480        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:23:32.0402 0480        usbhub - ok
17:23:32.0402 0480        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:23:32.0434 0480        usbohci - ok
17:23:32.0449 0480        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:23:32.0465 0480        usbprint - ok
17:23:32.0512 0480        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:23:32.0543 0480        usbscan - ok
17:23:32.0543 0480        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:23:32.0574 0480        USBSTOR - ok
17:23:32.0590 0480        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:23:32.0621 0480        usbuhci - ok
17:23:32.0636 0480        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:23:32.0652 0480        UxSms - ok
17:23:32.0683 0480        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:23:32.0714 0480        vds - ok
17:23:32.0714 0480        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:23:32.0761 0480        vga - ok
17:23:32.0777 0480        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:23:32.0808 0480        VgaSave - ok
17:23:32.0824 0480        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:23:32.0839 0480        viaagp - ok
17:23:32.0855 0480        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:23:32.0886 0480        ViaC7 - ok
17:23:32.0917 0480        viaide          (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
17:23:32.0917 0480        viaide - ok
17:23:32.0933 0480        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:23:32.0948 0480        volmgr - ok
17:23:32.0980 0480        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:23:32.0995 0480        volmgrx - ok
17:23:33.0011 0480        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:23:33.0026 0480        volsnap - ok
17:23:33.0058 0480        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:23:33.0058 0480        vsmraid - ok
17:23:33.0104 0480        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:23:33.0245 0480        VSS - ok
17:23:33.0260 0480        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:23:33.0292 0480        W32Time - ok
17:23:33.0323 0480        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:23:33.0370 0480        WacomPen - ok
17:23:33.0385 0480        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:23:33.0401 0480        Wanarp - ok
17:23:33.0416 0480        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:23:33.0432 0480        Wanarpv6 - ok
17:23:33.0463 0480        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:23:33.0510 0480        wcncsvc - ok
17:23:33.0526 0480        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:23:33.0557 0480        WcsPlugInService - ok
17:23:33.0572 0480        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:23:33.0588 0480        Wd - ok
17:23:33.0619 0480        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:23:33.0635 0480        Wdf01000 - ok
17:23:33.0666 0480        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:23:33.0697 0480        WdiServiceHost - ok
17:23:33.0697 0480        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:23:33.0728 0480        WdiSystemHost - ok
17:23:33.0760 0480        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:23:33.0775 0480        WebClient - ok
17:23:33.0806 0480        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:23:33.0838 0480        Wecsvc - ok
17:23:33.0853 0480        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:23:33.0869 0480        wercplsupport - ok
17:23:33.0884 0480        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:23:33.0900 0480        WerSvc - ok
17:23:33.0962 0480        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:23:33.0978 0480        WinDefend - ok
17:23:33.0994 0480        WinHttpAutoProxySvc - ok
17:23:34.0025 0480        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:23:34.0040 0480        Winmgmt - ok
17:23:34.0103 0480        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:23:34.0212 0480        WinRM - ok
17:23:34.0259 0480        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:23:34.0306 0480        Wlansvc - ok
17:23:34.0352 0480        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:23:34.0384 0480        WmiAcpi - ok
17:23:34.0430 0480        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:23:34.0446 0480        wmiApSrv - ok
17:23:34.0508 0480        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:23:34.0602 0480        WMPNetworkSvc - ok
17:23:34.0633 0480        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:23:34.0649 0480        WPCSvc - ok
17:23:34.0680 0480        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:23:34.0711 0480        WPDBusEnum - ok
17:23:34.0758 0480        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:23:34.0758 0480        WpdUsb - ok
17:23:34.0836 0480        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:23:34.0898 0480        WPFFontCache_v0400 - ok
17:23:34.0914 0480        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:23:34.0961 0480        ws2ifsl - ok
17:23:34.0976 0480        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
17:23:34.0992 0480        wscsvc - ok
17:23:35.0008 0480        WSearch - ok
17:23:35.0101 0480        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
17:23:35.0226 0480        wuauserv - ok
17:23:35.0335 0480        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:23:35.0366 0480        WUDFRd - ok
17:23:35.0382 0480        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:23:35.0413 0480        wudfsvc - ok
17:23:35.0444 0480        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:23:35.0663 0480        \Device\Harddisk0\DR0 - ok
17:23:35.0663 0480        Boot (0x1200)  (24aba1c1a3680d1fa56ec03d1d1d056a) \Device\Harddisk0\DR0\Partition0
17:23:35.0663 0480        \Device\Harddisk0\DR0\Partition0 - ok
17:23:35.0678 0480        Boot (0x1200)  (37a794c5986675432a812ac3e8741ba6) \Device\Harddisk0\DR0\Partition1
17:23:35.0678 0480        \Device\Harddisk0\DR0\Partition1 - ok
17:23:35.0710 0480        Boot (0x1200)  (6944cf9dbb581b1170e41756b7cc2840) \Device\Harddisk0\DR0\Partition2
17:23:35.0710 0480        \Device\Harddisk0\DR0\Partition2 - ok
17:23:35.0710 0480        ============================================================
17:23:35.0710 0480        Scan finished
17:23:35.0710 0480        ============================================================
17:23:35.0725 5516        Detected object count: 0
17:23:35.0725 5516        Actual detected object count: 0

Gruss
Andra

cosinus 14.07.2012 17:32

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

andra45 14.07.2012 18:52

Hallo Arne,
ich hatte leider ein paar Schwierigkeiten und musste ComboFix 2 x starten, ich hoffe das hat der Bereinigung und Auswertung nicht geschadet.Letztendlich ist das Programm komplett durchgelaufen und und kann das log posten :

Combofix Logfile:
Code:

ComboFix 12-07-14.01 - *** 14.07.2012  19:12:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2047.1114 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ipconfig.txt
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\security\Database\tmp.edb
c:\windows\system32\rnaph.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-14 bis 2012-07-14  ))))))))))))))))))))))))))))))
.
.
2012-07-14 17:17 . 2012-07-14 17:17        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-07-14 17:17 . 2012-07-14 17:17        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-07-14 17:17 . 2012-07-14 17:17        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-07-14 17:17 . 2012-07-14 17:17        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-07-14 17:17 . 2012-07-14 17:17        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-14 15:42 . 2012-07-14 15:42        56200        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C7241CE-F0D9-4E1A-A813-3647E652FDA6}\offreg.dll
2012-07-14 15:42 . 2012-07-14 15:42        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C7241CE-F0D9-4E1A-A813-3647E652FDA6}\MpKslef6aae71.sys
2012-07-14 15:26 . 2012-05-31 03:41        6762896        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C7241CE-F0D9-4E1A-A813-3647E652FDA6}\mpengine.dll
2012-07-14 06:27 . 2012-07-14 06:27        --------        d-----w-        C:\_OTL
2012-07-13 10:10 . 2012-05-31 03:41        6762896        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 16:17 . 2012-07-12 16:17        --------        d-----w-        c:\users\***\AppData\Local\Apple Computer
2012-07-12 16:14 . 2012-07-12 16:14        --------        d-----w-        c:\users\***\AppData\Local\PDF24
2012-07-12 15:56 . 2012-07-12 15:56        --------        d-----w-        c:\users\***\AppData\Roaming\Cornelsen
2012-07-11 19:55 . 2012-07-12 19:57        --------        d-----w-        c:\users\Andrea & Ralf
2012-07-11 19:03 . 2012-07-11 19:03        --------        d-----w-        c:\users\***\AppData\Roaming\Cornelsen
2012-07-11 18:40 . 2012-06-13 13:40        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-07-11 03:40 . 2012-06-05 16:47        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 03:40 . 2012-06-05 16:47        1401856        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-11 03:40 . 2012-06-05 16:47        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2012-07-11 03:40 . 2012-06-04 15:26        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-07-11 03:40 . 2012-06-02 00:04        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-07-11 03:40 . 2012-06-02 00:03        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2012-07-09 23:55 . 2012-07-09 23:55        --------        d-----w-        c:\users\***\AppData\Local\Apple Computer
2012-07-09 20:35 . 2012-07-09 20:35        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-07-09 20:12 . 2012-07-09 20:12        --------        d-----w-        c:\users\***\AppData\Local\Origin
2012-07-06 11:35 . 2012-07-09 20:12        --------        d-----w-        c:\users\***\AppData\Roaming\Origin
2012-07-05 16:01 . 2012-07-05 16:01        --------        d-----w-        c:\program files\ESET
2012-07-05 15:54 . 2012-07-05 15:54        --------        d-----w-        c:\users\***\AppData\Local\Macromedia
2012-07-05 05:32 . 2012-07-05 05:32        --------        d-----w-        c:\users\***\AppData\Local\Macromedia
2012-07-05 05:25 . 2012-07-11 18:37        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-04 16:19 . 2012-07-04 16:19        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-07-04 16:19 . 2012-07-04 16:19        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-04 16:19 . 2012-07-12 19:20        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-04 16:19 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-04 15:45 . 2012-02-10 09:15        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCE8DCAE-D6EE-40A5-AE59-77DCBCAAE88E}\gapaengine.dll
2012-06-26 19:00 . 2012-06-26 19:00        --------        d--h--w-        c:\programdata\CanonIJScan
2012-06-26 19:00 . 2012-06-26 19:00        --------        d-----w-        c:\users\***\AppData\Roaming\Canon
2012-06-26 18:57 . 2012-06-26 18:57        --------        d-----w-        c:\users\***\AppData\Local\PDF24
2012-06-26 18:56 . 2012-06-26 18:56        --------        d-----w-        c:\program files\PDF24
2012-06-21 05:28 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 05:28 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 05:28 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 05:28 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 05:27 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 05:27 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 05:27 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 05:27 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 05:27 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 18:37 . 2011-06-22 21:43        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 14:03 . 2012-06-13 07:44        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 07:44        984064        ----a-w-        c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 07:44        98304        ----a-w-        c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 07:44        133120        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-18 06:48 . 2011-06-21 20:45        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Spiele Post"="c:\program files\OXXOGames\GPlayer\GameCenterNotifier.exe" [2011-10-13 479984]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-05-22 160872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
phase-6 Reminder.lnk - c:\program files\phase-6\phase-6-basic\reminder\reminder.exe [2011-8-10 1032192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 44357529
*NewlyCreated* - MPKSLEF6AAE71
*Deregistered* - 44357529
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 18:37]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.netcologne.de
mWindow Title = Internet Explorer bereitgestellt von NetCologne
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: Interfaces\{28C92348-E16C-4AD9-8D7B-16CCAC2DCD76}: NameServer = 81.173.194.77 194.8.194.60
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h8cb68qu.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-7-Zip - c:\users\***\Pictures\Desktop\7-Zip\Uninstall.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-14 19:17
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-14  19:19:51
ComboFix-quarantined-files.txt  2012-07-14 17:19
.
Vor Suchlauf: 12 Verzeichnis(se), 124.644.696.064 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 125.484.744.704 Bytes frei
.
- - End Of File - - FE095A6DAAA516226385257D98299AF0

--- --- ---


Ich wünsche Dir ein schönes Wochenende und schon wieder vielen Dank bis hierher....

Gruss
Andra

cosinus 14.07.2012 22:02

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

andra45 15.07.2012 05:30

Hi Arne,
ich hatte nach all den Erfahrungen fast vor bei meinen Bekannten auch in eine leichte Beratertätigkeit bzgl Virenbekämpfung einzusteigen.
Nach dem Durchlauf dieser drei Tools lasse ich es aber eher doch.

Hier also die 3 logs .
GMER

GMER Logfile:
Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-15 04:53:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EALX-009BA0 rev.15.01H15
Running: 1d524gup.exe; Driver: C:\Users\***~1\AppData\Local\Temp\pfkoraoc.sys


---- Kernel code sections - GMER 1.0.15 ----

?      C:\Windows\system32\Drivers\PROCEXP113.SYS                                  Das System kann die angegebene Datei nicht finden. !
?      C:\Users\***~1\AppData\Local\Temp\catchme.sys                            Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text  C:\Program Files\Origin\Origin.exe[5968] kernel32.dll!CreateProcessW        75D11BF3 5 Bytes  JMP 6AD207D0 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] kernel32.dll!CreateProcessA        75D11C28 5 Bytes  JMP 6AD20730 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] USER32.dll!SetForegroundWindow    75DFB8A6 5 Bytes  JMP 5D951440 C:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] USER32.dll!ShowWindow              75DFCA10 5 Bytes  JMP 5D951510 C:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] USER32.dll!ShowWindowAsync        75E01FCE 5 Bytes  JMP 5D9514C0 C:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] USER32.dll!SetWindowPos            75E035E3 5 Bytes  JMP 5D951580 C:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] USER32.dll!SetFocus                75E03684 5 Bytes  JMP 5D951560 C:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] USER32.dll!SetActiveWindow        75E04EF7 5 Bytes  JMP 5D9515D0 C:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] USER32.dll!BringWindowToTop        75E1E3EA 5 Bytes  JMP 5D951470 C:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] USER32.dll!SwitchToThisWindow      75E23362 5 Bytes  JMP 5D9514A0 C:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] ADVAPI32.dll!CreateProcessAsUserA  7610CEB9 5 Bytes  JMP 6AD20870 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] ADVAPI32.dll!CreateProcessAsUserW  76121EE9 5 Bytes  JMP 6AD20920 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] SHELL32.dll!ShellExecuteW          763C9725 5 Bytes  JMP 6AD20AE0 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] SHELL32.dll!ShellExecuteExW        7641C15D 5 Bytes  JMP 6AD20A20 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] SHELL32.dll!ShellExecuteEx        765CA432 5 Bytes  JMP 6AD209D0 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text  C:\Program Files\Origin\Origin.exe[5968] SHELL32.dll!ShellExecuteA          765CA4CD 5 Bytes  JMP 6AD20A70 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)

---- EOF - GMER 1.0.15 ----

--- --- ---


OSAM

OSAM Logfile:
Code:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 05:34:49 on 15.07.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\***EU~1\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys
"pfkoraoc" (pfkoraoc) - ? - C:\Users\***EU~1\AppData\Local\Temp\pfkoraoc.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - ? - C:\Users\***EUTZBERG\Pictures\Desktop\7-Zip\7-zip.dll  (File not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"phase-6 Reminder.lnk" - "phase-6" - C:\Program Files\phase-6\phase-6-basic\reminder\reminder.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Spiele Post" - "Intenium" - C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\PDF24\pdf24.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\NisSrv.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Aventail VPN Client" (NgVpnMgr) - "Aventail Corporation" - C:\Windows\system32\ngvpnmgr.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\MsMpEng.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

aswMBR

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-15 05:49:02
-----------------------------
05:49:02.478    OS Version: Windows 6.0.6002 Service Pack 2
05:49:02.478    Number of processors: 2 586 0x4303
05:49:02.478    ComputerName: ***-PC  UserName: ***
05:49:03.227    Initialize success
05:53:26.594    AVAST engine defs: 12071402
05:56:27.195    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
05:56:27.195    Disk 0 Vendor: WDC_WD10EALX-009BA0 15.01H15 Size: 953869MB BusType: 3
05:56:27.304    Disk 0 MBR read successfully
05:56:27.304    Disk 0 MBR scan
05:56:27.304    Disk 0 Windows VISTA default MBR code
05:56:27.351    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      200000 MB offset 2048
05:56:27.398    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      300000 MB offset 409602048
05:56:27.445    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      453867 MB offset 1024002048
05:56:27.492    Disk 0 scanning sectors +1953521664
05:56:27.772    Disk 0 scanning C:\Windows\system32\drivers
05:57:15.196    Service scanning
05:57:28.098    Modules scanning
05:58:27.237    Disk 0 trace - called modules:
05:58:27.268    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
05:58:27.284    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84999ac8]
05:58:27.284    3 CLASSPNP.SYS[87da38b3] -> nt!IofCallDriver -> [0x848eb918]
05:58:27.284    5 acpi.sys[806176bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848d35e0]
05:58:27.736    AVAST engine scan C:\Windows
05:58:55.832    AVAST engine scan C:\Windows\system32
06:03:55.353    AVAST engine scan C:\Windows\system32\drivers
06:04:15.118    AVAST engine scan C:\Users\***
06:09:49.424    AVAST engine scan C:\ProgramData
06:13:33.674    Scan finished successfully
06:13:57.995    Disk 0 MBR has been saved successfully to "C:\Users\***\Pictures\Desktop\MBR.dat"
06:13:57.995    The log file has been saved successfully to "C:\Users\***\Pictures\Desktop\aswMBR.txt"

Nach dem ganzen Support überlege ich mir ob mal auf Eure Spendenseite gehe( Ich hoffe die ist sicher)

Danke und Gruss
Andra

cosinus 15.07.2012 16:39

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

andra45 16.07.2012 21:39

Hi Arne,
ich habe die beiden Suchläufe durchgeführt, bei dem Super Anti Spyware war wieder etwas dabei. In der Anleitung stand nichts weiteres, ich habe die removed und in Quarantäne gestellt.
Dazu habe ich eine weitere Frage sind die gefundenen in Anti Malware als auch in meinem Security Essential unter Quarantäne noch endgültig zu löschen oder was passiert damit ?

Hier die logs

Code:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

16.07.2012 20:35:17
mbam-log-2012-07-16 (20-35-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 400443
Laufzeit: 34 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/16/2012 at 10:07 PM

Application Version : 5.5.1006

Core Rules Database Version : 8907
Trace Rules Database Version: 6719

Scan type      : Complete Scan
Total Scan Time : 00:25:35

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 629
Memory threats detected  : 0
Registry items scanned    : 34364
Registry threats detected : 0
File items scanned        : 35565
File threats detected    : 488

Adware.Tracking Cookie
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\54EIECWZ.txt [ /adfarm1.adition.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\C1XSGL9T.txt [ /atdmt.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\FDTEIRFI.txt [ /content.yieldmanager.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EBSEVF87.txt [ /doubleclick.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\4DM83JTY.txt [ /media.gan-online.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\FDXE8GYH.txt [ /ad.yieldmanager.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\KE73VKTO.txt [ /fl01.ct2.comclick.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WLXU91NV.txt [ /zanox.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\ED8A2X3F.txt [ /ads.creative-serving.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9KC9IX40.txt [ /c.atdmt.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\6GIOY95Z.txt [ /apmebf.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\FDJAHLXX.txt [ /specificclick.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\J5LRJN0L.txt [ /content.yieldmanager.com ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\7I1JWJEP.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\7OB1613T.txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\UIEQ90C7.txt [ Cookie:***@2o7.net/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\AVC04JYV.txt [ Cookie:***@statse.webtrendslive.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\57H50I2C.txt [ Cookie:***@ad.yieldmanager.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\3MJE5SVI.txt [ Cookie:***@apmebf.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\8F9H3APC.txt [ Cookie:***@mediaplex.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z2TBDR3N.txt [ Cookie:***@bs.serving-sys.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\ULMERS4A.txt [ Cookie:***@adfarm1.adition.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\KAKEDJO5.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\8V4N2SZR.txt [ Cookie:***@fl01.ct2.comclick.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\J1J991FQ.txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\Cookies\7I1JWJEP.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\Cookies\7OB1613T.txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@adx.chip[1].txt [ Cookie:***@adx.chip.de/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\5D857H8X.txt [ Cookie:***@adfarm1.adition.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@adform[1].txt [ Cookie:***@adform.net/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\FSZ4ZO90.txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@invitemedia[2].txt [ Cookie:***@invitemedia.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@tracking.quisma[1].txt [ Cookie:***@tracking.quisma.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@ad2.adfarm1.adition[1].txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\QHSOB4A2.txt [ Cookie:***@fl01.ct2.comclick.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@track.adform[2].txt [ Cookie:***@track.adform.net/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@imrworldwide[2].txt [ Cookie:***@imrworldwide.com/cgi-bin ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@mediaplex[2].txt [ Cookie:***@mediaplex.com/ ]
        C:\USERS\***\Cookies\54EIECWZ.txt [ Cookie:***@adfarm1.adition.com/ ]
        C:\USERS\***\Cookies\C1XSGL9T.txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\Cookies\FDTEIRFI.txt [ Cookie:***@content.yieldmanager.com/ ]
        C:\USERS\***\Cookies\4DM83JTY.txt [ Cookie:***@media.gan-online.com/ ]
        C:\USERS\***\Cookies\KE73VKTO.txt [ Cookie:***@fl01.ct2.comclick.com/ ]
        C:\USERS\***\Cookies\WLXU91NV.txt [ Cookie:***@zanox.com/ ]
        C:\USERS\***\Cookies\9KC9IX40.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\Cookies\J5LRJN0L.txt [ Cookie:***@content.yieldmanager.com/ak/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\9MQL0CGA.txt [ Cookie:***@doubleclick.net/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\YSZZ2OOJ.txt [ Cookie:***@serving-sys.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\VHLDJ3WI.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\NG49OOON.txt [ Cookie:***@fl01.ct2.comclick.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\EXXOLEML.txt [ Cookie:***@apmebf.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\JMEDTA92.txt [ Cookie:***@doubleclick.net/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\0NJQMK4J.txt [ Cookie:***@serving-sys.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\YJM07SZW.txt [ Cookie:***@mediaplex.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\881LP2FS.txt [ Cookie:***@ad.yieldmanager.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\H1XLXVI5.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\LE8BR3TB.txt [ Cookie:***@bs.serving-sys.com/ ]
        C:\USERS\***\Cookies\9MQL0CGA.txt [ Cookie:***@doubleclick.net/ ]
        C:\USERS\***\Cookies\YSZZ2OOJ.txt [ Cookie:***@serving-sys.com/ ]
        C:\USERS\***\Cookies\VHLDJ3WI.txt [ Cookie:***@c.atdmt.com/ ]
        .atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .statse.webtrendslive.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .bizrate.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .eaeacom.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .rewetouristik.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .loyaltypartner.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        urbia.wwe-media.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ads.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.piximedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        banner.holidaycheck.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        weihnachtsmarkt-finder.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .blau.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.sexvideos-tube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        delivery.trafficbroker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .estat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .sexyspiele.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .porno-games.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.happysexgames.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        mysexgames.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .mysexgames.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .sexyfuckgames.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .sexgames.cc [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .ipcmedia.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .e-sexspiele.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        zbox.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .ikea.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .dealtime.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tracking.comeone.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        banner.lv.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        data.coremetrics.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adult-sex-games.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adult-sex-games.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .roiservice.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .de.sexgamesbox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .de.sexgamesbox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .de.sexgamesbox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ads.falkemedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ads.falkemedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.bannerreport.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        webcount.feratel.at [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        adserver2.clipkit.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        adserv.kwick.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        adserv.kwick.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .droetker.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .rionordgmbh.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .urbia.wwe-media.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .urbia.wwe-media.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .blogads.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        stat.dealtime.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .conrad.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        teufel-media.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .ads20.wwe-media.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        tracking.sim-technik.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .mm.chitika.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        studivz.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        studivz.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        delivery.atkmedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        delivery.way2traffic.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        adserver.ep-solutions.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .cmpmedica.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .philips.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .dmtracker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tomsshoes.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .entrepreneure.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .entrepreneure.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .trackmyrace.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .trackmyrace.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .aim4media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .eventdiscount24.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .eventdiscount24.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .eventdiscount24.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        server.adformdsp.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adformdsp.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .googleads.g.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .ads20.wwe-media.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .aim4media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tracking.hermesworld.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tracking.hermesworld.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .quartermedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .eset.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8CB68QU.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .htc.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JZZ9MLD.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Bancos
        C:\PROGRAM FILES\CORNELSEN\ENGLISH G 21 E-WORKBOOK A1\CTFPRINTER.DLL


Viele grüsse
Andra

cosinus 17.07.2012 11:13

Sieht ok aus, da wurden nur Cookies gefunden und ein Fehlalarm war dabei
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Zitat:

Dazu habe ich eine weitere Frage sind die gefundenen in Anti Malware als auch in meinem Security Essential unter Quarantäne noch endgültig zu löschen oder was passiert damit ?

Überleg doch mal was eine Quarantäne ist!!

Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

andra45 17.07.2012 11:50

Hallo Arne,
vielen Dank für all' Deine Hilfe, keine neuen Tools mehr, ich glaub ich bin also fertig.

Ich habe mich in der Zwischenzeit bei Euren Anleitungen/FAQ's mal die generelle Anleitung von markusg " Maßnahmen zur Absicherung des Rechners" durchgelesen, da ist noch einiges für mich dabei.( Ich habe bereits mit dem separieren der Accounts angefangen )
In einem anderen Thread von Dir Start 13.06 zum gleichen GVU Thema hast Gustav86 noch ein paar Tipps bzgl. Secunia PSI und weiteren updates Windows etc gegeben.
Auch davon nehme ich mir das ein oder andere mit.

Ich kann mich nur wiederholen vielen Dank an Dich und Eurer gesamtes Team
Ihr macht einen Top Job:daumenhoc, Eure Seite kann man nur empfehlen....

Gruss und hoffentlich nicht so schnell wieder
Andra

cosinus 17.07.2012 15:29

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => http://www.adobe.com/software/flash/about/
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:27 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55