Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" (https://www.trojaner-board.de/106614-sicherheitsgruenden-wurde-windows-system-blockiert.html)

ginimo 20.12.2011 16:05
"Aus Sicherheitsgründen wurde ihr WIndows System blockiert"
 
Wie ich grad gelesen habe, bin ich wohl nicht die Einzigste mit dem Problem.
Hier also meine Log Files. Ich hoffe ihr könnt mir helfen.

LG
Ginimo

cosinus 20.12.2011 16:12
Zitat:
Boot Mode: SafeMode with Networking
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


ginimo 20.12.2011 21:35
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=eaa9370e92756745b2f73bfc406f99b5
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 06:36:02
# local_time=2011-12-20 07:36:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 210175 99302694 261635 0
# compatibility_mode=5892 16776573 100 100 8528 161938858 0 0
# compatibility_mode=8192 67108863 100 0 8282 8282 0 0
# scanned=1155
# found=0
# cleaned=0
# scan_time=32
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=eaa9370e92756745b2f73bfc406f99b5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 08:25:07
# local_time=2011-12-20 09:25:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 210325 99302844 261785 0
# compatibility_mode=5892 16776573 100 100 8678 161939008 0 0
# compatibility_mode=8192 67108863 100 0 8432 8432 0 0
# scanned=204839
# found=5
# cleaned=0
# scan_time=6427
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\58ce481b-279336f9 a variant of Java/TrojanDownloader.Agent.ME trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\63b90e34-30b6a901 Win32/LockScreen.AIG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\c3423b7-5e8d1d63 a variant of Java/Agent.DT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\ccc963b-15ddf887 probably a variant of Java/Exploit.CVE-2011-3544.G trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe Win32/LockScreen.AIG trojan (unable to clean) 00000000000000000000000000000000 I



und als Anhang der von Malware

cosinus 20.12.2011 22:09
Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

ginimo 20.12.2011 22:13
Ich war der Meinung sie gelöscht zu haben...?!
Ok, dann lass ichs nochmal durchlaufen. ;)
Nein, ich hab keine vorhergehenden Files. Da bin ich sicher....

ginimo 20.12.2011 23:17
Jetzt findet er nicht....!!!??? :wtf:
Vllt doch gelöscht?

ginimo 20.12.2011 23:19
ahhhh!!!
nee, ich hatte es in Quarantäne gepackt... Deswegen wurde wohl nichts gefunden. Hab jetzt alles gelöscht.

cosinus 21.12.2011 10:00
Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

ginimo 21.12.2011 19:50
OTL Logfile:
Code:
OTL logfile created on: 21.12.2011 19:31:36 - Run 5
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Gini\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,73% Memory free
4,23 Gb Paging File | 3,90 Gb Available in Paging File | 92,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,20 Gb Total Space | 38,34 Gb Free Space | 17,33% Space Free | Partition Type: NTFS
Drive D: | 11,68 Gb Total Space | 2,20 Gb Free Space | 18,84% Space Free | Partition Type: NTFS
 
Computer Name: GINI-PC | User Name: Gini | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gini\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (ZTEusbser6k) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HTCAND32) -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (WSDScan) -- C:\WINDOWS\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (winusb) -- C:\WINDOWS\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksfridge) -- C:\Windows\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (cdrblock) -- C:\WINDOWS\System32\drivers\cdrblock.sys (Canopus Co,. Ltd.)
DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw4v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (GT680x) -- C:\WINDOWS\System32\drivers\Tr11691g.sys (  )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f2063d0b000000000000001f3b1557bf&tlver=1.4.35.10&affID=100842"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Gini\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Gini\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon [2010.12.04 19:47:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 12:08:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.11 19:02:08 | 000,000,000 | ---D | M]
 
[2009.08.04 22:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gini\AppData\Roaming\mozilla\Extensions
[2011.09.15 23:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gini\AppData\Roaming\mozilla\Firefox\Profiles\rme4ooak.default\extensions
[2010.02.05 21:33:03 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Gini\AppData\Roaming\mozilla\Firefox\Profiles\rme4ooak.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.04.26 04:21:35 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Gini\AppData\Roaming\mozilla\Firefox\Profiles\rme4ooak.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.05 21:33:33 | 000,005,591 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\1und1-suche.xml
[2010.02.05 21:33:33 | 000,001,371 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\amazonde.xml
[2010.02.05 21:33:33 | 000,010,605 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\gmx-suche.xml
[2010.02.05 21:33:33 | 000,005,588 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\webde-suche.xml
[2011.11.11 12:08:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.11 03:25:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.04.06 18:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011.04.06 18:25:37 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2011.11.11 12:08:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.07 20:17:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.02 19:53:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.15 22:56:44 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.10.02 19:53:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 19:53:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 19:53:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 19:53:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 19:53:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{1DE32EDA-810C-11DE-8C71-806E6F6E6963}] C:\Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe (Mozilla Foundation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus S20 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Gini\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Getdo]  File not found
O4 - HKCU..\Run: [Guiobj] C:\Users\Gini\AppData\Roaming\Adobe\Update\forvid.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Gini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gini\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1CC96D9-7745-4F6E-A238-4D941A15E209}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF38E2E8-A3E5-432E-BFA0-EA4F3DC1DDA4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gini\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gini\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{4afcf6e2-4051-11df-9748-001e37e47c73}\Shell\AutoRun\command - "" = 3dcs9.exe
O33 - MountPoints2\{4afcf6e2-4051-11df-9748-001e37e47c73}\Shell\open\Command - "" = 3dcs9.exe
O33 - MountPoints2\{64270003-a4be-11de-834d-001e37e47c73}\Shell\AutoRun\command - "" = F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
O33 - MountPoints2\{64270003-a4be-11de-834d-001e37e47c73}\Shell\open\command - "" = F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
O33 - MountPoints2\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\Shell - "" = AutoRun
O33 - MountPoints2\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = bbjl2g.exe
O33 - MountPoints2\G\Shell\open\Command - "" = bbjl2g.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {57C1E4AB-0EAB-9314-7649-86BC13BBE07B} - Microsoft Windows Media Player 11.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F1AB6F8D-00D4-C54E-2448-B05A7D5053C4} - Browser Customizations
ActiveX: {I61Q743T-6F4M-747Y-74Y6-3R07CD23P578} - C:\WINDOWS\System32\services\svchost.exe
ActiveX: {L7H8870L-DK8F-60KX-6A6V-80J4A7120VX5} - C:\WINDOWS\System32\services\svchost.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.CDV5 - cdv5codc.dll File not found
Drivers32: vidc.CDVC - cdvccodc.dll File not found
Drivers32: vidc.CDVH - cdvhcodc.dll File not found
Drivers32: vidc.CLLC - cllccodc.dll File not found
Drivers32: vidc.CMIC - cmiccodc.dll File not found
Drivers32: vidc.CUVC - cuvccodc.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.LWLR - C:\Windows\System32\rgbacodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.20 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.20 16:19:47 | 000,000,000 | ---D | C] -- C:\Users\Gini\AppData\Roaming\Malwarebytes
[2011.12.20 16:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.20 16:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.20 16:19:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.20 16:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.20 15:36:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Gini\Desktop\OTL.exe
[2011.12.15 01:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.15 01:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.12.14 22:02:09 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 22:02:09 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 22:02:06 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 22:02:04 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 22:02:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 22:01:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 22:01:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 22:01:52 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 22:01:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 22:01:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.12.14 22:01:49 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 22:01:49 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.14 22:01:49 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.14 22:01:48 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.14 22:01:48 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 22:01:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.12.14 22:01:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 22:01:47 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.12.14 22:01:47 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.12.14 22:01:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.12.14 22:01:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.12.14 22:01:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.14 22:01:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.14 22:01:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.02.07 18:11:16 | 000,017,168 | ---- | C] (  ) -- C:\Windows\System32\drivers\Tr11691g.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.21 19:33:22 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.21 19:33:22 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.21 19:33:22 | 000,125,676 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.21 19:33:22 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.21 19:28:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.21 19:27:31 | 000,048,032 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.21 19:26:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 19:26:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 00:23:32 | 000,008,484 | ---- | M] () -- C:\Users\Gini\AppData\Local\d3d9caps.dat
[2011.12.20 23:59:41 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.12.20 23:38:55 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.12.20 23:37:43 | 000,048,032 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.20 18:11:52 | 000,001,689 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.20 16:19:41 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 15:36:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gini\Desktop\OTL.exe
[2011.12.20 13:13:17 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0CC304BC-061E-4C38-9BEE-AE7256FC0F2A}.job
[2011.12.20 02:26:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2473411955-2618269059-2716716298-1000UA.job
[2011.12.19 23:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2473411955-2618269059-2716716298-1000Core.job
[2011.12.18 10:14:48 | 003,761,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.16 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Gini.job
[2011.12.15 01:01:57 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.13 16:34:44 | 000,023,578 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\wklnhst.dat
[2011.12.08 16:01:45 | 000,117,760 | ---- | M] () -- C:\Users\Gini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.06 17:50:23 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files Created - No Company Name ==========
 
[2011.12.20 16:19:41 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.15 01:01:57 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.10.15 00:04:15 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.09.25 19:35:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.05.24 23:09:26 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.02.26 10:40:09 | 000,000,000 | ---- | C] () -- C:\Windows\canopus.ini
[2011.02.26 10:18:47 | 000,143,360 | ---- | C] () -- C:\Windows\System32\pavedius5db.dll
[2011.02.26 10:18:47 | 000,143,360 | ---- | C] () -- C:\Windows\System32\pavedius.dll
[2011.02.17 03:58:26 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010.11.12 11:28:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.11.11 22:00:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.11.11 22:00:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.09.06 10:08:36 | 000,033,792 | ---- | C] () -- C:\Windows\System32\rgbacodec.dll
[2010.03.08 18:02:38 | 000,697,897 | ---- | C] () -- C:\Windows\unins000.exe
[2010.03.08 18:02:38 | 000,026,018 | ---- | C] () -- C:\Windows\unins000.dat
[2010.03.02 11:11:30 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.03.02 11:11:30 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.03.02 11:11:30 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.03.02 11:11:30 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.03.02 11:11:30 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.03.02 11:11:30 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.03.02 11:11:30 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.03.02 11:11:30 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.03.02 11:11:30 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.03.02 11:11:30 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.03.02 11:11:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.03.02 11:11:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.03.02 11:11:30 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.03.02 11:11:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.03.02 11:11:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.03.02 11:11:30 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.03.02 11:11:30 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.03.02 11:11:30 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.03.02 11:11:30 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.03.02 11:08:08 | 000,000,025 | ---- | C] () -- C:\Windows\CSES20.ini
[2010.02.07 18:23:13 | 000,030,720 | ---- | C] () -- C:\Windows\EWhiteu12.dat
[2010.02.07 18:23:13 | 000,000,004 | ---- | C] () -- C:\Windows\AErroru3.dat
[2010.02.07 18:23:11 | 000,030,720 | ---- | C] () -- C:\Windows\EDarku12.dat
[2010.02.07 18:23:08 | 000,000,006 | ---- | C] () -- C:\Windows\EExpou.dat
[2010.02.07 18:23:08 | 000,000,003 | ---- | C] () -- C:\Windows\EOffsetu.dat
[2010.02.07 18:23:08 | 000,000,003 | ---- | C] () -- C:\Windows\EGain6.dat
[2010.02.07 18:11:16 | 000,188,416 | ---- | C] () -- C:\Windows\Ausba2.dll
[2010.02.07 18:11:16 | 000,026,624 | ---- | C] () -- C:\Windows\artcomm.dll
[2010.02.07 18:11:16 | 000,011,457 | ---- | C] () -- C:\Windows\Trust32.ini
[2010.02.07 18:11:16 | 000,002,495 | ---- | C] () -- C:\Windows\Ausba2.INI
[2009.12.25 08:51:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.12.06 16:59:45 | 000,048,032 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.06 16:59:44 | 000,048,032 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.11.23 23:43:48 | 000,008,484 | ---- | C] () -- C:\Users\Gini\AppData\Local\d3d9caps.dat
[2009.09.30 16:44:39 | 000,023,578 | ---- | C] () -- C:\Users\Gini\AppData\Roaming\wklnhst.dat
[2009.08.05 02:20:13 | 000,117,760 | ---- | C] () -- C:\Users\Gini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.04 20:18:27 | 000,027,240 | ---- | C] () -- C:\Users\Gini\AppData\Roaming\nvModes.001
[2009.08.04 20:18:26 | 000,027,240 | ---- | C] () -- C:\Users\Gini\AppData\Roaming\nvModes.dat
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008.04.15 20:59:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008.04.15 20:59:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008.04.15 20:59:16 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.04.15 20:50:48 | 000,001,689 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.11.26 21:18:49 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.11.26 21:18:49 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.11.26 21:18:48 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.11.26 21:18:48 | 000,125,676 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.09.05 11:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 003,761,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.11.18 23:11:21 | 000,147,867 | -H-- | C] () -- C:\Users\Gini\AppData\Roaming\Ginilog.dat
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.17 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Adobe
[2011.12.08 15:57:29 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Apple Computer
[2011.01.27 23:12:09 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Avira
[2011.09.15 22:56:42 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Babylon
[2011.12.21 01:37:51 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\BitTorrent
[2011.02.26 10:38:17 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Canopus
[2011.09.08 14:50:32 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.01.13 08:07:15 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\CyberLink
[2011.07.28 22:02:08 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DAEMON Tools Lite
[2011.05.29 22:34:01 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DeepBurner
[2010.05.31 20:41:34 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DivX
[2009.09.09 01:08:37 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Download Manager
[2011.06.13 03:45:08 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\dvdcss
[2011.09.28 22:41:04 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DVDVideoSoft
[2011.01.06 00:12:50 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.09.01 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\EuroTalk
[2010.03.28 00:22:51 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Facebook
[2010.07.30 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\foobar2000
[2011.03.01 20:13:48 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\FreeFLVConverter
[2009.08.09 07:14:18 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Google
[2010.06.26 00:13:15 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\GTek
[2009.12.17 04:19:33 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\gtk-2.0
[2010.08.24 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Helper
[2009.08.06 01:20:53 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Hewlett-Packard
[2009.08.08 04:57:41 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\HP
[2011.12.13 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\HpUpdate
[2010.05.25 21:17:21 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\ICQ
[2009.08.04 16:52:29 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Identities
[2010.01.16 23:31:42 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\InstallShield
[2010.12.04 19:50:10 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\InternetManager_Z
[2009.09.08 17:45:06 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\IrfanView
[2009.08.04 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Macromedia
[2011.06.29 13:31:47 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\MAGIX
[2011.12.20 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Media Center Programs
[2009.04.11 07:27:36 | 000,000,000 | --SD | M] -- C:\Users\Gini\AppData\Roaming\Microsoft
[2009.08.04 22:07:29 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Mozilla
[2010.09.13 22:12:54 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\NCH Software
[2010.03.05 06:42:06 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\OpenOffice.org
[2011.09.25 19:35:41 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\pdfforge
[2011.12.21 01:37:40 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Skype
[2011.07.14 23:02:13 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\skypePM
[2009.08.04 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Symantec
[2010.12.04 16:54:35 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\T-Mobile
[2010.12.04 19:35:15 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\T-Mobile Internet Manager
[2011.02.17 01:48:58 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Teleca
[2009.09.30 16:44:40 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Template
[2010.10.24 13:27:44 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\TubeBox
[2011.12.06 21:44:53 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\vlc
[2009.08.05 14:27:02 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\WildTangent
[2009.08.15 20:42:09 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.08.25 20:54:12 | 000,000,000 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Adobe\Update\forvid.exe
[2010.03.28 00:22:51 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Gini\AppData\Roaming\Facebook\uninstall.exe
[2011.09.08 14:43:15 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Gini\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009.04.11 07:27:36 | 000,099,840 | ---- | M] (Mozilla Foundation) -- C:\Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.11.26 14:33:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.11.26 14:33:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.11.26 14:33:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.08.04 18:13:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.08.04 18:13:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.08.04 18:13:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.07.13 05:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iastor.sys
[2007.07.13 05:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\SWSETUP\Drivers\ITM\Winall\Driver\iastor.sys
[2007.07.13 05:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\drivers\iaStor.sys
[2007.07.13 05:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007.07.13 05:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\iastor.sys
[2007.07.13 05:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\SWSETUP\Drivers\ITM\Winall\Driver64\iastor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.11.26 13:01:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\WINDOWS\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007.11.26 13:01:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
--- --- ---

cosinus 21.12.2011 20:32
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f2063d0b000000000000001f3b1557bf&tlver=1.4.35.10&affID=100842"
[2010.02.05 21:33:33 | 000,005,591 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\1und1-suche.xml
[2010.02.05 21:33:33 | 000,001,371 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\amazonde.xml
[2010.02.05 21:33:33 | 000,010,605 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\gmx-suche.xml
[2010.02.05 21:33:33 | 000,005,588 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\webde-suche.xml
[2011.04.06 18:25:37 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2011.09.15 22:56:44 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [{1DE32EDA-810C-11DE-8C71-806E6F6E6963}] C:\Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe (Mozilla Foundation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Gini\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Getdo]  File not found
O4 - HKCU..\Run: [Guiobj] C:\Users\Gini\AppData\Roaming\Adobe\Update\forvid.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{4afcf6e2-4051-11df-9748-001e37e47c73}\Shell\AutoRun\command - "" = 3dcs9.exe
O33 - MountPoints2\{4afcf6e2-4051-11df-9748-001e37e47c73}\Shell\open\Command - "" = 3dcs9.exe
O33 - MountPoints2\{64270003-a4be-11de-834d-001e37e47c73}\Shell\AutoRun\command - "" = F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
O33 - MountPoints2\{64270003-a4be-11de-834d-001e37e47c73}\Shell\open\command - "" = F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
O33 - MountPoints2\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\Shell - "" = AutoRun
O33 - MountPoints2\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = bbjl2g.exe
O33 - MountPoints2\G\Shell\open\Command - "" = bbjl2g.exe
:Files
C:\Users\Gini\AppData\Roaming\Babylon
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ginimo 21.12.2011 20:44
All processes killed
========== OTL ==========
Prefs.js: "WEB.DE Suche" removed from browser.search.defaultenginename
Prefs.js: "GMX Suche" removed from browser.search.order.1
Prefs.js: "1und1 Suche" removed from browser.search.order.2
Prefs.js: "amazon.de" removed from browser.search.order.3
Prefs.js: "WEB.DE Suche" removed from browser.search.order.4
Prefs.js: "chr-greentree_ff&type=971163" removed from browser.search.param.yahoo-fr
Prefs.js: ff-bmboc@bytemobile.com:4.2.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f2063d0b000000000000001f3b1557bf&tlver=1.4.35.10&affID=100842" removed from keyword.URL
C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\1und1-suche.xml moved successfully.
C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\amazonde.xml moved successfully.
C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\webde-suche.xml moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\weather folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ticker folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\shopping folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search\engine folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\pref folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\phish folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab\initial-thumbs folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\neterror folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\horoscope folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\homebutton folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\highlight folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\help folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\email folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ebay folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\brand folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\weather folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ticker folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\shopping folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\search folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\pref folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\phish folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\newtab folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\neterror folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\main folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\horoscope folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\highlight folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\help folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\email folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ebay folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\weather folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ticker folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\shopping folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\search folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\pref folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\phish folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\newtab folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\neterror folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\main folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\horoscope folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\highlight folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help\page folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\email folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ebay folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\weather folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\util folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\tracking folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ticker folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\shopping folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search\mcollect folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\pref folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\phish folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\newtab folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\neterror folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\main folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\hotnews folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\horoscope folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\highlight folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\help folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\email folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ebay folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\components folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{1DE32EDA-810C-11DE-8C71-806E6F6E6963} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DE32EDA-810C-11DE-8C71-806E6F6E6963}\ not found.
C:\Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Gini\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Getdo deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Guiobj deleted successfully.
C:\Users\Gini\AppData\Roaming\Adobe\Update\forvid.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOMODE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4afcf6e2-4051-11df-9748-001e37e47c73}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4afcf6e2-4051-11df-9748-001e37e47c73}\ not found.
File 3dcs9.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4afcf6e2-4051-11df-9748-001e37e47c73}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4afcf6e2-4051-11df-9748-001e37e47c73}\ not found.
File 3dcs9.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64270003-a4be-11de-834d-001e37e47c73}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64270003-a4be-11de-834d-001e37e47c73}\ not found.
File F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64270003-a4be-11de-834d-001e37e47c73}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64270003-a4be-11de-834d-001e37e47c73}\ not found.
File F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
File bbjl2g.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File bbjl2g.exe not found.
========== FILES ==========
C:\Users\Gini\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gini
->Temp folder emptied: 70751883 bytes
->Temporary Internet Files folder emptied: 24815255 bytes
->Java cache emptied: 1262450 bytes
->FireFox cache emptied: 44019332 bytes
->Flash cache emptied: 60988 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9978511 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 144,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12212011_203844

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 21.12.2011 21:01
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ginimo 21.12.2011 21:15
21:11:06.0814 4560 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:11:06.0898 4560 ============================================================
21:11:06.0898 4560 Current date / time: 2011/12/21 21:11:06.0898
21:11:06.0898 4560 SystemInfo:
21:11:06.0898 4560
21:11:06.0898 4560 OS Version: 6.0.6002 ServicePack: 2.0
21:11:06.0898 4560 Product type: Workstation
21:11:06.0899 4560 ComputerName: GINI-PC
21:11:06.0899 4560 UserName: Gini
21:11:06.0899 4560 Windows directory: C:\Windows
21:11:06.0899 4560 System windows directory: C:\Windows
21:11:06.0899 4560 Processor architecture: Intel x86
21:11:06.0899 4560 Number of processors: 2
21:11:06.0899 4560 Page size: 0x1000
21:11:06.0899 4560 Boot type: Normal boot
21:11:06.0899 4560 ============================================================
21:11:08.0006 4560 Initialize success
21:12:38.0572 4660 ============================================================
21:12:38.0572 4660 Scan started
21:12:38.0572 4660 Mode: Manual; SigCheck; TDLFS;
21:12:38.0572 4660 ============================================================
21:12:42.0508 4660 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:12:42.0610 4660 ACPI - ok
21:12:42.0795 4660 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:12:42.0858 4660 adp94xx - ok
21:12:43.0171 4660 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:12:43.0230 4660 adpahci - ok
21:12:43.0374 4660 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:12:43.0428 4660 adpu160m - ok
21:12:43.0657 4660 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:12:43.0731 4660 adpu320 - ok
21:12:43.0983 4660 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:12:44.0137 4660 AFD - ok
21:12:44.0358 4660 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:12:44.0423 4660 agp440 - ok
21:12:44.0675 4660 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:12:44.0739 4660 aic78xx - ok
21:12:44.0957 4660 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys
21:12:45.0237 4660 aksfridge - ok
21:12:45.0394 4660 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:12:45.0451 4660 aliide - ok
21:12:45.0642 4660 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:12:45.0730 4660 amdagp - ok
21:12:45.0904 4660 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:12:45.0966 4660 amdide - ok
21:12:46.0172 4660 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:12:46.0403 4660 AmdK7 - ok
21:12:46.0567 4660 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:12:46.0660 4660 AmdK8 - ok
21:12:46.0870 4660 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:12:46.0921 4660 arc - ok
21:12:47.0084 4660 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:12:47.0139 4660 arcsas - ok
21:12:47.0329 4660 as6eio - ok
21:12:47.0412 4660 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:12:47.0624 4660 AsyncMac - ok
21:12:47.0869 4660 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:12:47.0904 4660 atapi - ok
21:12:48.0059 4660 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:12:48.0174 4660 avgio - ok
21:12:48.0332 4660 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
21:12:48.0408 4660 avgntflt - ok
21:12:48.0696 4660 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
21:12:48.0740 4660 avipbb - ok
21:12:49.0085 4660 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:12:49.0281 4660 BCM43XV - ok
21:12:49.0483 4660 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:12:49.0606 4660 Beep - ok
21:12:49.0785 4660 blbdrive - ok
21:12:49.0963 4660 BMLoad (70cd6d71fc48bbbd1385d7b35aeadecc) C:\Windows\system32\drivers\BMLoad.sys
21:12:50.0026 4660 BMLoad ( UnsignedFile.Multi.Generic ) - warning
21:12:50.0026 4660 BMLoad - detected UnsignedFile.Multi.Generic (1)
21:12:50.0294 4660 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:12:50.0410 4660 bowser - ok
21:12:50.0724 4660 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:12:50.0911 4660 BrFiltLo - ok
21:12:51.0025 4660 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:12:51.0155 4660 BrFiltUp - ok
21:12:51.0292 4660 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:12:51.0452 4660 Brserid - ok
21:12:51.0570 4660 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:12:51.0687 4660 BrSerWdm - ok
21:12:51.0831 4660 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:12:51.0930 4660 BrUsbMdm - ok
21:12:52.0040 4660 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:12:52.0115 4660 BrUsbSer - ok
21:12:52.0193 4660 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:12:52.0304 4660 BthEnum - ok
21:12:52.0444 4660 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:12:52.0568 4660 BTHMODEM - ok
21:12:52.0727 4660 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:12:52.0820 4660 BthPan - ok
21:12:52.0990 4660 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
21:12:53.0100 4660 BTHPORT - ok
21:12:53.0228 4660 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
21:12:53.0318 4660 BTHUSB - ok
21:12:53.0486 4660 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
21:12:53.0539 4660 btwaudio - ok
21:12:53.0672 4660 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
21:12:53.0725 4660 btwavdt - ok
21:12:53.0762 4660 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
21:12:53.0810 4660 btwrchid - ok
21:12:53.0930 4660 CA561 - ok
21:12:54.0004 4660 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:12:54.0129 4660 cdfs - ok
21:12:54.0257 4660 cdrblock (15e3e2920adac7450e0c7ae5f23a5f53) C:\Windows\system32\DRIVERS\cdrblock.sys
21:12:54.0310 4660 cdrblock - ok
21:12:54.0420 4660 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:12:54.0537 4660 cdrom - ok
21:12:54.0651 4660 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:12:54.0805 4660 circlass - ok
21:12:54.0890 4660 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:12:54.0968 4660 CLFS - ok
21:12:55.0120 4660 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:12:55.0237 4660 CmBatt - ok
21:12:55.0290 4660 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:12:55.0335 4660 cmdide - ok
21:12:55.0484 4660 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:12:55.0542 4660 Compbatt - ok
21:12:55.0589 4660 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:12:55.0646 4660 crcdisk - ok
21:12:55.0749 4660 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:12:55.0909 4660 Crusoe - ok
21:12:56.0015 4660 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:12:56.0128 4660 DfsC - ok
21:12:56.0338 4660 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:12:56.0408 4660 disk - ok
21:12:56.0581 4660 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:12:56.0691 4660 drmkaud - ok
21:12:56.0894 4660 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:12:56.0957 4660 dtsoftbus01 - ok
21:12:57.0068 4660 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:12:57.0096 4660 DXGKrnl - ok
21:12:57.0263 4660 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
21:12:57.0372 4660 E100B - ok
21:12:57.0489 4660 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:12:57.0603 4660 E1G60 - ok
21:12:57.0763 4660 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:12:57.0810 4660 Ecache - ok
21:12:57.0874 4660 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:12:57.0928 4660 elxstor - ok
21:12:58.0107 4660 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:12:58.0202 4660 exfat - ok
21:12:58.0381 4660 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:12:58.0492 4660 fastfat - ok
21:12:58.0652 4660 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:12:58.0824 4660 fdc - ok
21:12:58.0985 4660 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:12:59.0022 4660 FileInfo - ok
21:12:59.0075 4660 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:12:59.0167 4660 Filetrace - ok
21:12:59.0330 4660 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:12:59.0409 4660 flpydisk - ok
21:12:59.0548 4660 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:12:59.0596 4660 FltMgr - ok
21:12:59.0765 4660 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:12:59.0823 4660 Fs_Rec - ok
21:12:59.0857 4660 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:12:59.0899 4660 gagp30kx - ok
21:13:00.0058 4660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:13:00.0104 4660 GEARAspiWDM - ok
21:13:00.0155 4660 GT680x (2c82b2b948cd8cef370d820178bc821c) C:\Windows\system32\Drivers\Tr11691g.SYS
21:13:00.0220 4660 GT680x ( UnsignedFile.Multi.Generic ) - warning
21:13:00.0220 4660 GT680x - detected UnsignedFile.Multi.Generic (1)
21:13:00.0365 4660 Hardlock (2a2448dd47208722c0cf3665687ae9f6) C:\Windows\system32\drivers\hardlock.sys
21:13:00.0535 4660 Hardlock - ok
21:13:00.0691 4660 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:13:00.0863 4660 HdAudAddService - ok
21:13:00.0996 4660 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:13:01.0092 4660 HDAudBus - ok
21:13:01.0135 4660 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:13:01.0298 4660 HidBth - ok
21:13:01.0424 4660 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:13:01.0477 4660 HidIr - ok
21:13:01.0566 4660 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:13:01.0643 4660 HidUsb - ok
21:13:01.0769 4660 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:13:01.0800 4660 HpCISSs - ok
21:13:01.0854 4660 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:13:01.0922 4660 HpqKbFiltr - ok
21:13:02.0077 4660 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
21:13:02.0121 4660 HpqRemHid - ok
21:13:02.0266 4660 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:13:02.0348 4660 HSFHWAZL - ok
21:13:02.0407 4660 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:13:02.0563 4660 HSF_DPV - ok
21:13:02.0761 4660 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:13:02.0832 4660 HTCAND32 - ok
21:13:02.0905 4660 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:13:03.0019 4660 HTTP - ok
21:13:03.0204 4660 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:13:03.0248 4660 i2omp - ok
21:13:03.0406 4660 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:13:03.0491 4660 i8042prt - ok
21:13:03.0673 4660 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:13:03.0865 4660 ialm - ok
21:13:03.0963 4660 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
21:13:03.0982 4660 iaStor - ok
21:13:04.0022 4660 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:13:04.0085 4660 iaStorV - ok
21:13:04.0233 4660 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:13:04.0268 4660 iirsp - ok
21:13:04.0457 4660 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
21:13:04.0544 4660 IntcAzAudAddService - ok
21:13:04.0716 4660 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:13:04.0774 4660 intelide - ok
21:13:04.0991 4660 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:13:05.0032 4660 intelppm - ok
21:13:05.0205 4660 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:13:05.0303 4660 IpFilterDriver - ok
21:13:05.0396 4660 IpInIp - ok
21:13:05.0438 4660 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:13:05.0518 4660 IPMIDRV - ok
21:13:05.0643 4660 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:13:05.0705 4660 IPNAT - ok
21:13:05.0905 4660 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:13:06.0003 4660 IRENUM - ok
21:13:06.0116 4660 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:13:06.0170 4660 isapnp - ok
21:13:06.0337 4660 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:13:06.0372 4660 iScsiPrt - ok
21:13:06.0417 4660 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:13:06.0465 4660 iteatapi - ok
21:13:06.0589 4660 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:13:06.0645 4660 iteraid - ok
21:13:06.0695 4660 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:13:06.0759 4660 kbdclass - ok
21:13:06.0905 4660 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:13:07.0029 4660 kbdhid - ok
21:13:07.0150 4660 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:13:07.0210 4660 KSecDD - ok
21:13:07.0379 4660 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:13:07.0453 4660 lltdio - ok
21:13:07.0508 4660 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:13:07.0523 4660 LSI_FC - ok
21:13:07.0657 4660 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:13:07.0672 4660 LSI_SAS - ok
21:13:07.0725 4660 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:13:07.0774 4660 LSI_SCSI - ok
21:13:07.0929 4660 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:13:08.0031 4660 luafv - ok
21:13:08.0158 4660 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
21:13:08.0241 4660 massfilter - ok
21:13:08.0378 4660 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
21:13:08.0429 4660 MBAMProtector - ok
21:13:08.0577 4660 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:13:08.0625 4660 megasas - ok
21:13:08.0681 4660 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:13:08.0779 4660 Modem - ok
21:13:08.0956 4660 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:13:08.0996 4660 monitor - ok
21:13:09.0111 4660 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:13:09.0149 4660 mouclass - ok
21:13:09.0199 4660 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:13:09.0249 4660 mouhid - ok
21:13:09.0369 4660 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:13:09.0384 4660 MountMgr - ok
21:13:09.0474 4660 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:13:09.0516 4660 mpio - ok
21:13:09.0659 4660 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:13:09.0741 4660 mpsdrv - ok
21:13:09.0877 4660 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:13:09.0917 4660 Mraid35x - ok
21:13:09.0966 4660 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:13:10.0061 4660 MRxDAV - ok
21:13:10.0169 4660 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:13:10.0273 4660 mrxsmb - ok
21:13:10.0381 4660 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:13:10.0480 4660 mrxsmb10 - ok
21:13:10.0612 4660 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:13:10.0717 4660 mrxsmb20 - ok
21:13:10.0843 4660 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:13:10.0899 4660 msahci - ok
21:13:10.0936 4660 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:13:11.0004 4660 msdsm - ok
21:13:11.0155 4660 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:13:11.0257 4660 Msfs - ok
21:13:11.0386 4660 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:13:11.0420 4660 msisadrv - ok
21:13:11.0510 4660 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:13:11.0535 4660 MSKSSRV - ok
21:13:11.0679 4660 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:13:11.0726 4660 MSPCLOCK - ok
21:13:11.0800 4660 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:13:11.0854 4660 MSPQM - ok
21:13:11.0981 4660 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:13:12.0049 4660 MsRPC - ok
21:13:12.0179 4660 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:13:12.0192 4660 mssmbios - ok
21:13:12.0246 4660 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:13:12.0300 4660 MSTEE - ok
21:13:12.0431 4660 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:13:12.0484 4660 Mup - ok
21:13:12.0591 4660 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:13:12.0674 4660 NativeWifiP - ok
21:13:12.0879 4660 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:13:12.0931 4660 NDIS - ok
21:13:13.0067 4660 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:13:13.0172 4660 NdisTapi - ok
21:13:13.0300 4660 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:13:13.0386 4660 Ndisuio - ok
21:13:13.0438 4660 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:13:13.0517 4660 NdisWan - ok
21:13:13.0642 4660 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:13:13.0715 4660 NDProxy - ok
21:13:13.0857 4660 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:13:13.0916 4660 NetBIOS - ok
21:13:13.0966 4660 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:13:14.0060 4660 netbt - ok
21:13:14.0254 4660 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
21:13:14.0462 4660 NETw4v32 - ok
21:13:14.0594 4660 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:13:14.0639 4660 nfrd960 - ok
21:13:14.0748 4660 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:13:14.0834 4660 Npfs - ok
21:13:14.0925 4660 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:13:14.0969 4660 nsiproxy - ok
21:13:15.0092 4660 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:13:15.0207 4660 Ntfs - ok
21:13:15.0324 4660 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:13:15.0441 4660 ntrigdigi - ok
21:13:15.0556 4660 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:13:15.0653 4660 Null - ok
21:13:16.0051 4660 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:13:16.0993 4660 nvlddmkm - ok
21:13:17.0111 4660 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:13:17.0131 4660 nvraid - ok
21:13:17.0167 4660 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:13:17.0203 4660 nvstor - ok
21:13:17.0332 4660 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:13:17.0352 4660 nv_agp - ok
21:13:17.0362 4660 NwlnkFlt - ok
21:13:17.0373 4660 NwlnkFwd - ok
21:13:17.0444 4660 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:13:17.0483 4660 ohci1394 - ok
21:13:17.0633 4660 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:13:17.0773 4660 Parport - ok
21:13:17.0901 4660 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:13:17.0966 4660 partmgr - ok
21:13:18.0025 4660 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:13:18.0113 4660 Parvdm - ok
21:13:18.0256 4660 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:13:18.0268 4660 pci - ok
21:13:18.0309 4660 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
21:13:18.0343 4660 pciide - ok
21:13:18.0445 4660 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:13:18.0463 4660 pcmcia - ok
21:13:18.0546 4660 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:13:18.0653 4660 PEAUTH - ok
21:13:18.0797 4660 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:13:18.0879 4660 PptpMiniport - ok
21:13:18.0922 4660 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:13:19.0032 4660 Processor - ok
21:13:19.0193 4660 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:13:19.0243 4660 PSched - ok
21:13:19.0397 4660 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:13:19.0481 4660 ql2300 - ok
21:13:19.0594 4660 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:13:19.0639 4660 ql40xx - ok
21:13:19.0691 4660 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:13:19.0744 4660 QWAVEdrv - ok
21:13:19.0912 4660 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:13:20.0018 4660 RasAcd - ok
21:13:20.0152 4660 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:13:20.0253 4660 Rasl2tp - ok
21:13:20.0324 4660 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:13:20.0397 4660 RasPppoe - ok
21:13:20.0492 4660 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:13:20.0545 4660 RasSstp - ok
21:13:20.0619 4660 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:13:20.0715 4660 rdbss - ok
21:13:20.0863 4660 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:13:20.0937 4660 RDPCDD - ok
21:13:21.0015 4660 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:13:21.0191 4660 rdpdr - ok
21:13:21.0288 4660 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:13:21.0381 4660 RDPENCDD - ok
21:13:21.0492 4660 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:13:21.0542 4660 RDPWD - ok
21:13:21.0656 4660 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:13:21.0695 4660 RFCOMM - ok
21:13:21.0795 4660 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:13:21.0870 4660 rimmptsk - ok
21:13:21.0940 4660 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:13:22.0031 4660 rimsptsk - ok
21:13:22.0165 4660 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:13:22.0219 4660 rismxdp - ok
21:13:22.0379 4660 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:13:22.0427 4660 rspndr - ok
21:13:22.0552 4660 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:13:22.0675 4660 RTL8169 - ok
21:13:22.0773 4660 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:13:22.0827 4660 sbp2port - ok
21:13:22.0926 4660 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:13:23.0011 4660 sdbus - ok
21:13:23.0106 4660 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:13:23.0236 4660 secdrv - ok
21:13:23.0363 4660 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:13:23.0455 4660 Serenum - ok
21:13:23.0568 4660 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:13:23.0667 4660 Serial - ok
21:13:23.0789 4660 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:13:23.0867 4660 sermouse - ok
21:13:24.0008 4660 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:13:24.0048 4660 sffdisk - ok
21:13:24.0087 4660 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:13:24.0187 4660 sffp_mmc - ok
21:13:24.0365 4660 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:13:24.0403 4660 sffp_sd - ok
21:13:24.0502 4660 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:13:24.0581 4660 sfloppy - ok
21:13:24.0648 4660 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:13:24.0691 4660 sisagp - ok
21:13:24.0814 4660 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:13:24.0856 4660 SiSRaid2 - ok
21:13:24.0914 4660 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:13:24.0958 4660 SiSRaid4 - ok
21:13:25.0109 4660 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:13:25.0216 4660 Smb - ok
21:13:25.0346 4660 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys
21:13:25.0520 4660 smserial - ok
21:13:25.0676 4660 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:13:25.0710 4660 spldr - ok
21:13:25.0773 4660 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:13:25.0856 4660 srv - ok
21:13:25.0957 4660 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:13:26.0083 4660 srv2 - ok
21:13:26.0208 4660 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:13:26.0245 4660 srvnet - ok
21:13:26.0315 4660 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:13:26.0350 4660 ssmdrv - ok
21:13:26.0454 4660 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:13:26.0491 4660 swenum - ok
21:13:26.0577 4660 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:13:26.0607 4660 Symc8xx - ok
21:13:26.0652 4660 SymIMMP - ok
21:13:26.0683 4660 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:13:26.0721 4660 Sym_hi - ok
21:13:26.0799 4660 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:13:26.0816 4660 Sym_u3 - ok
21:13:26.0867 4660 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
21:13:26.0918 4660 SynTP - ok
21:13:27.0101 4660 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:13:27.0194 4660 Tcpip - ok
21:13:27.0392 4660 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:13:27.0473 4660 Tcpip6 - ok
21:13:27.0616 4660 tcpipBM (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\Windows\system32\drivers\tcpipBM.sys
21:13:27.0680 4660 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
21:13:27.0680 4660 tcpipBM - detected UnsignedFile.Multi.Generic (1)
21:13:27.0778 4660 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:13:27.0880 4660 tcpipreg - ok
21:13:27.0988 4660 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:13:28.0057 4660 TDPIPE - ok
21:13:28.0082 4660 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:13:28.0130 4660 TDTCP - ok
21:13:28.0266 4660 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:13:28.0339 4660 tdx - ok
21:13:28.0396 4660 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:13:28.0446 4660 TermDD - ok
21:13:28.0581 4660 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:13:28.0673 4660 tssecsrv - ok
21:13:28.0820 4660 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:13:28.0862 4660 tunmp - ok
21:13:28.0993 4660 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:13:29.0055 4660 tunnel - ok
21:13:29.0094 4660 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:13:29.0140 4660 uagp35 - ok
21:13:29.0292 4660 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:13:29.0320 4660 udfs - ok
21:13:29.0381 4660 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:13:29.0411 4660 uliagpkx - ok
21:13:29.0517 4660 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:13:29.0561 4660 uliahci - ok
21:13:29.0611 4660 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:13:29.0665 4660 UlSata - ok
21:13:29.0766 4660 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:13:29.0793 4660 ulsata2 - ok
21:13:29.0847 4660 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:13:29.0941 4660 umbus - ok
21:13:30.0128 4660 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:13:30.0227 4660 USBAAPL - ok
21:13:30.0364 4660 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:13:30.0438 4660 usbccgp - ok
21:13:30.0541 4660 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:13:30.0640 4660 usbcir - ok
21:13:30.0781 4660 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:13:30.0855 4660 usbehci - ok
21:13:30.0920 4660 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:13:31.0003 4660 usbhub - ok
21:13:31.0103 4660 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:13:31.0209 4660 usbohci - ok
21:13:31.0256 4660 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:13:31.0359 4660 usbprint - ok
21:13:31.0489 4660 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:13:31.0541 4660 usbscan - ok
21:13:31.0582 4660 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:13:31.0683 4660 USBSTOR - ok
21:13:31.0804 4660 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:13:31.0900 4660 usbuhci - ok
21:13:32.0081 4660 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:13:32.0197 4660 usbvideo - ok
21:13:32.0332 4660 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
21:13:32.0409 4660 usb_rndisx - ok
21:13:32.0553 4660 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:13:32.0628 4660 vga - ok
21:13:32.0677 4660 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:13:32.0763 4660 VgaSave - ok
21:13:32.0885 4660 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:13:32.0908 4660 viaagp - ok
21:13:32.0942 4660 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:13:33.0107 4660 ViaC7 - ok
21:13:33.0223 4660 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:13:33.0266 4660 viaide - ok
21:13:33.0312 4660 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:13:33.0373 4660 volmgr - ok
21:13:33.0499 4660 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:13:33.0544 4660 volmgrx - ok
21:13:33.0590 4660 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:13:33.0611 4660 volsnap - ok
21:13:33.0749 4660 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:13:33.0793 4660 vsmraid - ok
21:13:33.0833 4660 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:13:33.0920 4660 WacomPen - ok
21:13:34.0032 4660 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:13:34.0116 4660 Wanarp - ok
21:13:34.0120 4660 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:13:34.0145 4660 Wanarpv6 - ok
21:13:34.0200 4660 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:13:34.0234 4660 Wd - ok
21:13:34.0363 4660 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:13:34.0437 4660 Wdf01000 - ok
21:13:34.0606 4660 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:13:34.0703 4660 winachsf - ok
21:13:34.0875 4660 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
21:13:34.0958 4660 winusb - ok
21:13:35.0090 4660 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:13:35.0153 4660 WmiAcpi - ok
21:13:35.0342 4660 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:13:35.0491 4660 WpdUsb - ok
21:13:35.0619 4660 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:13:35.0734 4660 ws2ifsl - ok
21:13:35.0888 4660 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:13:35.0958 4660 WSDPrintDevice - ok
21:13:36.0060 4660 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
21:13:36.0133 4660 WSDScan - ok
21:13:36.0247 4660 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:13:36.0349 4660 WUDFRd - ok
21:13:36.0470 4660 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
21:13:36.0572 4660 ZTEusbmdm6k - ok
21:13:36.0631 4660 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
21:13:36.0647 4660 ZTEusbnmea - ok
21:13:36.0732 4660 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
21:13:36.0748 4660 ZTEusbser6k - ok
21:13:36.0797 4660 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
21:13:37.0560 4660 \Device\Harddisk0\DR0 - ok
21:13:37.0565 4660 Boot (0x1200) (ded8f0cbff98bc813ae9fd22a5eee9b1) \Device\Harddisk0\DR0\Partition0
21:13:37.0568 4660 \Device\Harddisk0\DR0\Partition0 - ok
21:13:37.0627 4660 Boot (0x1200) (6b5b1302ec484030ce305201feee8dd9) \Device\Harddisk0\DR0\Partition1
21:13:37.0628 4660 \Device\Harddisk0\DR0\Partition1 - ok
21:13:37.0629 4660 ============================================================
21:13:37.0629 4660 Scan finished
21:13:37.0629 4660 ============================================================
21:13:37.0645 0532 Detected object count: 3
21:13:37.0645 0532 Actual detected object count: 3
21:13:57.0301 0532 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:57.0302 0532 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:13:57.0303 0532 GT680x ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:57.0303 0532 GT680x ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:13:57.0304 0532 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:57.0304 0532 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 21.12.2011 21:17
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ginimo 21.12.2011 21:55
Ich hatte anfangs Probleme ComboFix zum laufen zu bringen. Es schloss sich immer wieder das Fenster und dann passierte nichts. Wie als könne die Anwendung nicht ausgeführt werden. Hat dann aber nach mehrmaligen probieren doch geklappt. Hoffe dass hat keine Auswirkung? :confused:


Combofix Logfile:
Code:
ComboFix 11-12-21.02 - Gini 21.12.2011  21:37:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.941 [GMT 1:00]
ausgeführt von:: c:\users\Gini\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gini\AppData\Roaming\Adobe\Update\flacor.dat
c:\users\Gini\AppData\Roaming\Ginilog.dat
c:\users\Gini\AppData\Roaming\Microsoft\Windows\Recent\www.torrent.to - Die besten und schnellsten Bit Torrent Downloads im Netz.url
c:\windows\IsUn0407.exe
c:\windows\system32\KBL.LOG
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-21 bis 2011-12-21  ))))))))))))))))))))))))))))))
.
.
2011-12-21 20:46 . 2011-12-21 20:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-12-21 19:40 . 2011-12-21 19:40        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9F16002-52FB-4AD4-A944-831143BB1EE8}\offreg.dll
2011-12-21 19:38 . 2011-12-21 19:38        --------        d-----w-        C:\_OTL
2011-12-20 17:17 . 2011-12-20 17:17        --------        d-----w-        c:\program files\ESET
2011-12-20 15:19 . 2011-12-20 15:19        --------        d-----w-        c:\users\Gini\AppData\Roaming\Malwarebytes
2011-12-20 15:19 . 2011-12-20 15:19        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-20 15:19 . 2011-12-20 15:19        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-12-20 15:19 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-20 11:40 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9F16002-52FB-4AD4-A944-831143BB1EE8}\mpengine.dll
2011-12-15 00:01 . 2011-12-15 00:01        --------        d-----w-        c:\program files\iPod
2011-12-14 21:02 . 2011-10-27 08:01        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-12-14 21:02 . 2011-10-27 08:01        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-12-14 21:02 . 2011-10-14 16:02        429056        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-14 21:02 . 2011-11-23 13:37        2043904        ----a-w-        c:\windows\system32\win32k.sys
2011-12-14 21:02 . 2011-11-08 12:10        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 21:02 . 2011-10-25 15:56        49152        ----a-w-        c:\windows\system32\csrsrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 16:50 . 2009-10-04 23:31        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-09-28 19:09 . 2011-06-28 09:14        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-11 11:08 . 2011-04-06 17:25        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06        163328        --sha-r-        c:\windows\System32\flvDX.dll
2007-02-21 10:47        31232        --sha-r-        c:\windows\System32\msfDX.dll
2008-03-16 12:30        216064        --sha-r-        c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Gini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
MCtlSvc.lnk - c:\program files\T-Mobile\InternetManager_Z\Bin\mcserver.exe [2010-12-4 89600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 as6eio;as6eio;c:\windows\System32\drivers\as6eio.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-11-24 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2009-12-15 13184]
S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [2008-05-30 27704]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-28 218688]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 20499141
*Deregistered* - 20499141
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-21 c:\windows\Tasks\User_Feed_Synchronization-{0CC304BC-061E-4C38-9BEE-AE7256FC0F2A}.job
- c:\windows\system32\msfeedssync.exe [2011-12-14 04:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Gini\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Zanzarah - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-21 21:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-21  21:49:52
ComboFix-quarantined-files.txt  2011-12-21 20:49
.
Vor Suchlauf: 14 Verzeichnis(se), 39.006.285.824 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 38.958.735.360 Bytes frei
.
- - End Of File - - 4E87811B3F1893BB73503EDAD0245CE5
--- --- ---

cosinus 21.12.2011 22:11
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

ginimo 21.12.2011 22:54
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-21 22:52:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB01
Running: 9hxl35o9[1].exe; Driver: C:\Users\Gini\AppData\Local\Temp\kxldqpod.sys


---- System - GMER 1.0.15 ----

SSDT                                                                                                                                  91E6E5F6                                                                                        ZwCreateSection
SSDT                                                                                                                                  91E6E5FB                                                                                        ZwSetContextThread
SSDT                                                                                                                                  91E6E597                                                                                        ZwTerminateProcess

INT 0x61                                                                                                                              ?                                                                                                9056D7D0
INT 0x62                                                                                                                              ?                                                                                                905547D0
INT 0x71                                                                                                                              ?                                                                                                9056DA50

---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                ntkrnlpa.exe!KeSetEvent + 215                                                                    832E1998 4 Bytes  [F6, E5, E6, 91] {MUL CH; OUT 0x91, AL}
.text                                                                                                                                ntkrnlpa.exe!KeSetEvent + 56D                                                                    832E1CF0 4 Bytes  [FB, E5, E6, 91] {STI ; IN EAX, 0xe6; XCHG ECX, EAX}
.text                                                                                                                                ntkrnlpa.exe!KeSetEvent + 621                                                                    832E1DA4 4 Bytes  [97, E5, E6, 91] {XCHG EDI, EAX; IN EAX, 0xe6; XCHG ECX, EAX}
.text                                                                                                                                PCIIDEX.SYS!AtaPortTraceNotification + C1                                                        80784D65 4 Bytes  JMP 85D21FFC
.text                                                                                                                                PCIIDEX.SYS!AtaPortTraceNotification + 1A4                                                      80784E48 4 Bytes  JMP 85D21FFC
.text                                                                                                                                PCIIDEX.SYS!AtaPortTraceNotification + 1EB                                                      80784E8F 4 Bytes  JMP 85D21FFC
.text                                                                                                                                PCIIDEX.SYS!AtaPortGetScatterGatherList + 21F                                                    8078511B 4 Bytes  JMP 85D21FFC
.text                                                                                                                                PCIIDEX.SYS!AtaPortGetScatterGatherList + 321                                                    8078521D 4 Bytes  JMP 85D21FFC
.text                                                                                                                                PCIIDEX.SYS!AtaPortGetScatterGatherList + 3EB                                                    807852E7 4 Bytes  JMP 85D21FFC
.text                                                                                                                                PCIIDEX.SYS!AtaPortGetScatterGatherList + 433                                                    8078532F 4 Bytes  JMP 85D21FFC
.text                                                                                                                                PCIIDEX.SYS!AtaPortGetScatterGatherList + 560                                                    8078545C 4 Bytes  JMP 85D21FFC
.text                                                                                                                                iaStor.sys                                                                                      88C0BC5E 4 Bytes  JMP 86F2F42C
.text                                                                                                                                iaStor.sys                                                                                      88C0BD38 4 Bytes  JMP 86F2F42C
.text                                                                                                                                iaStor.sys                                                                                      88C0C694 4 Bytes  JMP 86F48114
.text                                                                                                                                iaStor.sys                                                                                      88C0C9AB 4 Bytes  JMP 86F48114
.text                                                                                                                                iaStor.sys                                                                                      88C2ECFE 4 Bytes  JMP 86F2F42C
.text                                                                                                                                ...                                                                                             
.text                                                                                                                                ataport.SYS!DllInitialize                                                                        88CDA09B 4 Bytes  JMP 86EACAAC
.text                                                                                                                                ataport.SYS!DllInitialize                                                                        88CDAFC0 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!DllInitialize                                                                        88CDB260 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!AtaPortTraceNotification + C1                                                        88CDCDC7 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!AtaPortTraceNotification + 1A4                                                      88CDCEAA 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!AtaPortTraceNotification + 1EB                                                      88CDCEF1 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!AtaPortGetScatterGatherList + 21F                                                    88CDD20F 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!AtaPortGetScatterGatherList + 321                                                    88CDD311 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!AtaPortGetScatterGatherList + 3EB                                                    88CDD3DB 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!AtaPortGetScatterGatherList + 433                                                    88CDD423 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!AtaPortGetScatterGatherList + 560                                                    88CDD550 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ...                                                                                             
.text                                                                                                                                ataport.SYS!AtaPortInitialize + 89B                                                              88CDE357 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!AtaPortInitialize + 2C49                                                            88CE0705 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!AtaPortInitialize + 31A7                                                            88CE0C63 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!AtaPortInitialize + 36F9                                                            88CE11B5 4 Bytes  JMP 86EEB72C
.text                                                                                                                                ataport.SYS!AtaPortInitialize + 3A84                                                            88CE1540 4 Bytes  JMP 86EACAAC
.text                                                                                                                                CLASSPNP.SYS!ClassReleaseRemoveLock + 37C8                                                      893A17EE 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassResetMediaChangeTimer + 936                                                    893A24E3 4 Bytes  JMP 856A7114
.text                                                                                                                                CLASSPNP.SYS!ClassResetMediaChangeTimer + D08                                                    893A28B5 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassResetMediaChangeTimer + E33                                                    893A29E0 4 Bytes  JMP 86F6E14C
.text                                                                                                                                CLASSPNP.SYS!ClassResetMediaChangeTimer + EBC                                                    893A2A69 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassCompleteRequest + D                                                            893A2D5B 4 Bytes  JMP 86F9B564
.text                                                                                                                                CLASSPNP.SYS!ClassDeviceControl + 2D6                                                            893A31FF 4 Bytes  JMP 86F9B564
.text                                                                                                                                CLASSPNP.SYS!ClassDeviceControl + 71E                                                            893A3647 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassDeviceControl + CA1                                                            893A3BCA 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassSignalCompletion + 69                                                          893A3D52 4 Bytes  JMP 856A7114
.text                                                                                                                                CLASSPNP.SYS!ClassSendSrbSynchronous + 1E7                                                      893A41BF 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassIoComplete + 2D4                                                              893A4698 4 Bytes  JMP 856A7114
.text                                                                                                                                CLASSPNP.SYS!ClassReleaseQueue + 10C                                                            893A638C 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassSendIrpSynchronous + 3A                                                        893A66DF 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassNotifyFailurePredicted + 27D                                                  893A82C3 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassNotifyFailurePredicted + 30F                                                  893A8355 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassInternalIoControl + 87                                                        893A88C5 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassReleaseChildLock + 1B5                                                        893A8B33 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassReleaseChildLock + 30E                                                        893A8C8C 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassSendStartUnit + CB                                                            893A8FDD 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassSendSrbAsynchronous + 140                                                      893A91BA 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassWmiFireEvent + 27D                                                            893A944C 4 Bytes  JMP 86F9B564
.text                                                                                                                                CLASSPNP.SYS!ClassWmiFireEvent + 826                                                            893A99F5 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassWmiFireEvent + 906                                                            893A9AD5 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassWmiFireEvent + DCD                                                            893A9F9C 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassWmiFireEvent + 1257                                                            893AA426 4 Bytes  JMP 86EBA804
.text                                                                                                                                ...                                                                                             
.text                                                                                                                                CLASSPNP.SYS!ClassIoCompleteAssociated + 29B                                                    893ABD68 4 Bytes  JMP 856A7114
.text                                                                                                                                CLASSPNP.SYS!ClassDebugPrint + 1365                                                              893AD1DC 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassDebugPrint + 13FB                                                              893AD272 4 Bytes  JMP 86EBA804
.text                                                                                                                                CLASSPNP.SYS!ClassDebugPrint + 145D                                                              893AD2D4 4 Bytes  JMP 86F9B564
.text                                                                                                                                CLASSPNP.SYS!ClassDebugPrint + 1506                                                              893AD37D 4 Bytes  JMP 86F9B564
.text                                                                                                                                CLASSPNP.SYS!ClassDebugPrint + 1572                                                              893AD3E9 4 Bytes  JMP 86F9B564
.text                                                                                                                                ...                                                                                             
.text                                                                                                                                storport.sys!StorPortExtendedFunction                                                            8DBA1043 4 Bytes  JMP 86F9E60C
.text                                                                                                                                storport.sys!StorPortMoveMemory + 5F                                                            8DBA1A4F 4 Bytes  JMP 86F3CADC
.text                                                                                                                                storport.sys!DllInitialize + 17D7                                                                8DBA3E9E 4 Bytes  JMP 86F3CADC
.text                                                                                                                                storport.sys!DllInitialize + 27C1                                                                8DBA4E88 4 Bytes  JMP 86F3CADC
.text                                                                                                                                storport.sys!StorPortExtendedFunction + 29C7                                                    8DBAEA83 4 Bytes  JMP 86F3CADC
.text                                                                                                                                storport.sys!StorPortExtendedFunction + 2C20                                                    8DBAECDC 4 Bytes  JMP 86F3CADC
.text                                                                                                                                storport.sys!StorPortExtendedFunction + 2CE7                                                    8DBAEDA3 4 Bytes  JMP 86F3CADC
.text                                                                                                                                C:\Windows\system32\drivers\hardlock.sys                                                        section is writeable [0xA360B400, 0x6E292, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA3695420]  C:\Windows\system32\drivers\hardlock.sys                                                        entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA3695420]
.protectÿÿÿÿhardlockunknown last code section [0xA3695200, 0x511A, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys                                                        unknown last code section [0xA3695200, 0x511A, 0xE0000020]
?                                                                                                                                    system32\drivers\99111928.sys                                                                    Das System kann den angegebenen Pfad nicht finden. !
?                                                                                                                                    C:\Windows\system32\Drivers\PROCEXP113.SYS                                                      Das System kann die angegebene Datei nicht finden. !
?                                                                                                                                    C:\Users\Gini\AppData\Local\Temp\catchme.sys                                                    Das System kann die angegebene Datei nicht finden. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT                                                                                                                                  \SystemRoot\system32\DRIVERS\tdx.sys[TDI.SYS!TdiRegisterDeviceObject]                            [893C7D56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT                                                                                                                                  \SystemRoot\system32\DRIVERS\smb.sys[TDI.SYS!TdiRegisterDeviceObject]                            [893C7D56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT                                                                                                                                  \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                          [893C7D56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\tdx \Device\Tcp                                                                          tcpipBM.sys

Device                                                                                                                                \Driver\20499141 \Device\KLMD14092011_206080                                                    99111928.sys
Device                                                                                                                                \Driver\BTHUSB \Device\0000007a                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device                                                                                                                                \Driver\BTHUSB \Device\0000007c                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                                                                        fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg                                                                                                                                  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37e47c73                     
Reg                                                                                                                                  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37e47c73@9021559659cd        0xD3 0x3F 0x57 0x4A ...
Reg                                                                                                                                  HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37e47c73 (not active ControlSet) 
Reg                                                                                                                                  HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37e47c73@9021559659cd            0xD3 0x3F 0x57 0x4A ...

---- EOF - GMER 1.0.15 ----
--- --- ---



Rest kommt "gleich" ;)

ginimo 21.12.2011 23:02
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:01:21 on 21.12.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"TSSMPM" - "Teleca Sweden AB" - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tssmpm.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"as6eio" (as6eio) - ? - C:\Windows\System32\drivers\as6eio.sys  (File not found)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys
"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys
"catchme" (catchme) - ? - C:\Users\Gini\AppData\Local\Temp\catchme.sys  (File not found)
"cdrblock" (cdrblock) - "Canopus Co,. Ltd." - C:\Windows\System32\DRIVERS\cdrblock.sys
"ICatch (VI) PC Camera" (CA561) - ? - C:\Windows\System32\Drivers\SPCA561.SYS  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kxldqpod" (kxldqpod) - ? - C:\Users\Gini\AppData\Local\Temp\kxldqpod.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"Trust Flat Scan USB 19200" (GT680x) - "  " - C:\Windows\System32\Drivers\Tr11691g.SYS

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\Windows\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Gini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"MCtlSvc.lnk" - "ZTE" - C:\Program Files\T-Mobile\InternetManager_Z\Bin\mcserver.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"HPAdvisor" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Mobile Connectivity Suite" - "Teleca Sweden AB" - "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
"OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
"QlbCtrl" - " Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
"WAWifiMessage" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Com4Qlb" (Com4Qlb) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
"QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

ginimo 22.12.2011 00:22
aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 23:03:55
-----------------------------
23:03:55.038 OS Version: Windows 6.0.6002 Service Pack 2
23:03:55.038 Number of processors: 2 586 0x1706
23:03:55.039 ComputerName: GINI-PC UserName: Gini
23:03:56.728 Initialize success
23:05:35.112 AVAST engine defs: 11122102
23:06:40.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:06:40.050 Disk 0 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3
23:06:42.560 Disk 0 MBR read successfully
23:06:42.563 Disk 0 MBR scan
23:06:42.581 Disk 0 unknown MBR code
23:06:42.632 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226510 MB offset 63
23:06:42.780 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11962 MB offset 463892940
23:06:43.078 Disk 0 scanning sectors +488392065
23:06:43.553 Disk 0 scanning C:\Windows\system32\drivers
23:08:22.479 Service scanning
23:08:24.434 Modules scanning
23:10:35.410 Disk 0 trace - called modules:
23:10:35.489 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86eba6f8]<<
23:10:35.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86974478]
23:10:36.571 AVAST engine scan C:\Windows
23:12:56.579 AVAST engine scan C:\Windows\system32
23:21:55.110 AVAST engine scan C:\Windows\system32\drivers
23:22:48.500 AVAST engine scan C:\Users\Gini
23:59:13.280 AVAST engine scan C:\ProgramData
00:20:34.722 Scan finished successfully
00:20:55.299 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat"
00:20:55.316 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt"

cosinus 22.12.2011 13:42
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

ginimo 23.12.2011 02:02
Ich hoffe, dass ist das richtige was ich hier poste :crazy:

aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 23:03:55
-----------------------------
23:03:55.038 OS Version: Windows 6.0.6002 Service Pack 2
23:03:55.038 Number of processors: 2 586 0x1706
23:03:55.039 ComputerName: GINI-PC UserName: Gini
23:03:56.728 Initialize success
23:05:35.112 AVAST engine defs: 11122102
23:06:40.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:06:40.050 Disk 0 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3
23:06:42.560 Disk 0 MBR read successfully
23:06:42.563 Disk 0 MBR scan
23:06:42.581 Disk 0 unknown MBR code
23:06:42.632 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226510 MB offset 63
23:06:42.780 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11962 MB offset 463892940
23:06:43.078 Disk 0 scanning sectors +488392065
23:06:43.553 Disk 0 scanning C:\Windows\system32\drivers
23:08:22.479 Service scanning
23:08:24.434 Modules scanning
23:10:35.410 Disk 0 trace - called modules:
23:10:35.489 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86eba6f8]<<
23:10:35.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86974478]
23:10:36.571 AVAST engine scan C:\Windows
23:12:56.579 AVAST engine scan C:\Windows\system32
23:21:55.110 AVAST engine scan C:\Windows\system32\drivers
23:22:48.500 AVAST engine scan C:\Users\Gini
23:59:13.280 AVAST engine scan C:\ProgramData
00:20:34.722 Scan finished successfully
00:20:55.299 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat"
00:20:55.316 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-22 15:12:53
-----------------------------
15:12:53.170 OS Version: Windows 6.0.6002 Service Pack 2
15:12:53.171 Number of processors: 2 586 0x1706
15:12:53.172 ComputerName: GINI-PC UserName: Gini
15:12:54.234 Initialize success
15:12:58.873 AVAST engine defs: 11122102
15:13:17.139 Verifying
15:13:27.173 Disk 0 Windows 600 MBR fixed successfully
01:39:38.942 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat"
01:39:38.994 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-23 01:57:00
-----------------------------
01:57:00.324 OS Version: Windows 6.0.6002 Service Pack 2
01:57:00.324 Number of processors: 2 586 0x1706
01:57:00.325 ComputerName: GINI-PC UserName: Gini
01:57:41.360 Initialize success
02:00:24.491 AVAST engine defs: 11122201
02:00:38.241 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt"

cosinus 23.12.2011 17:19
Du solltest auch ein neues Log machen nach dem Fix

ginimo 25.12.2011 01:19
Ich bin verwirrt.
Nachdem ich neu gestartet hatte bin ich auf "save log" gegangen... oder soll ich direkt ein neuen Scan machen?

cosinus 25.12.2011 23:41
Natürlich wird damit ein neuer Scan gemeint...der MBR soll sich ja hofffentlich auch signifikant zum Guten hin geändert haben und das muss man nunmal logischerweise auch komplett dann neu scannen

ginimo 26.12.2011 01:24
Kein Grund gleich so pampig zu werden. Es gibt nun mal Leute die nicht alltäglich damit zu tun habe. Und fragen wird ja noch erlaubt sein!

aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 23:03:55
-----------------------------
23:03:55.038 OS Version: Windows 6.0.6002 Service Pack 2
23:03:55.038 Number of processors: 2 586 0x1706
23:03:55.039 ComputerName: GINI-PC UserName: Gini
23:03:56.728 Initialize success
23:05:35.112 AVAST engine defs: 11122102
23:06:40.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:06:40.050 Disk 0 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3
23:06:42.560 Disk 0 MBR read successfully
23:06:42.563 Disk 0 MBR scan
23:06:42.581 Disk 0 unknown MBR code
23:06:42.632 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226510 MB offset 63
23:06:42.780 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11962 MB offset 463892940
23:06:43.078 Disk 0 scanning sectors +488392065
23:06:43.553 Disk 0 scanning C:\Windows\system32\drivers
23:08:22.479 Service scanning
23:08:24.434 Modules scanning
23:10:35.410 Disk 0 trace - called modules:
23:10:35.489 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86eba6f8]<<
23:10:35.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86974478]
23:10:36.571 AVAST engine scan C:\Windows
23:12:56.579 AVAST engine scan C:\Windows\system32
23:21:55.110 AVAST engine scan C:\Windows\system32\drivers
23:22:48.500 AVAST engine scan C:\Users\Gini
23:59:13.280 AVAST engine scan C:\ProgramData
00:20:34.722 Scan finished successfully
00:20:55.299 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat"
00:20:55.316 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-22 15:12:53
-----------------------------
15:12:53.170 OS Version: Windows 6.0.6002 Service Pack 2
15:12:53.171 Number of processors: 2 586 0x1706
15:12:53.172 ComputerName: GINI-PC UserName: Gini
15:12:54.234 Initialize success
15:12:58.873 AVAST engine defs: 11122102
15:13:17.139 Verifying
15:13:27.173 Disk 0 Windows 600 MBR fixed successfully
01:39:38.942 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat"
01:39:38.994 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-23 01:57:00
-----------------------------
01:57:00.324 OS Version: Windows 6.0.6002 Service Pack 2
01:57:00.324 Number of processors: 2 586 0x1706
01:57:00.325 ComputerName: GINI-PC UserName: Gini
01:57:41.360 Initialize success
02:00:24.491 AVAST engine defs: 11122201
02:00:38.241 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-26 00:19:32
-----------------------------
00:19:32.445 OS Version: Windows 6.0.6002 Service Pack 2
00:19:32.446 Number of processors: 2 586 0x1706
00:19:32.447 ComputerName: GINI-PC UserName: Gini
00:19:36.508 Initialize success
00:19:48.691 AVAST engine defs: 11122501
00:20:01.819 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-26 00:19:32
-----------------------------
00:19:32.445 OS Version: Windows 6.0.6002 Service Pack 2
00:19:32.446 Number of processors: 2 586 0x1706
00:19:32.447 ComputerName: GINI-PC UserName: Gini
00:19:36.508 Initialize success
00:19:48.691 AVAST engine defs: 11122501
00:20:01.819 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt"
00:20:20.541 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:20:20.543 Disk 0 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3
00:20:20.549 Disk 0 MBR read successfully
00:20:20.551 Disk 0 MBR scan
00:20:20.599 Disk 0 Windows VISTA default MBR code
00:20:20.602 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226510 MB offset 63
00:20:20.634 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11962 MB offset 463892940
00:20:20.653 Disk 0 scanning sectors +488392065
00:20:20.757 Disk 0 scanning C:\Windows\system32\drivers
00:20:48.515 Service scanning
00:20:50.882 Modules scanning
00:21:18.588 Disk 0 trace - called modules:
00:21:18.650 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
00:21:18.655 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86961288]
00:21:18.659 3 CLASSPNP.SYS[893a48b3] -> nt!IofCallDriver -> [0x85e17798]
00:21:18.664 5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85e1d030]
00:21:20.477 AVAST engine scan C:\Windows
00:21:33.300 AVAST engine scan C:\Windows\system32
00:24:33.475 File: C:\Windows\system32\perfh007.dat **SUSPICIOUS**
00:25:59.641 AVAST engine scan C:\Windows\system32\drivers
00:26:26.653 AVAST engine scan C:\Users\Gini
00:37:14.369 AVAST engine scan C:\ProgramData
00:39:57.321 Scan finished successfully
01:20:49.131 Disk 0 MBR has been saved successfully to "C:\Users\Gini\Desktop\MBR.dat"
01:20:49.145 The log file has been saved successfully to "C:\Users\Gini\Desktop\aswMBR.txt"

cosinus 26.12.2011 01:36
Zitat:
Kein Grund gleich so pampig zu werden. Es gibt nun mal Leute die nicht alltäglich damit zu tun habe. Und fragen wird ja noch erlaubt sein!
Es ist mir einfach schleierhaft wo du hier meinst ich sei pampig. Zuviel Weihnachtsstress um die Ohren gehabt? Bau erstmal den Stress ab, dann meldest du dich wieder bevor ich eine Antwort gebe wie es weitergeht....

ginimo 26.12.2011 02:14
"Natürlich" und "logischerweise" lassen darauf schließen. Aber wenn das nicht der Fall ist, umso besser.
Nein ich bin nicht im Weihnachtsstress, verlief ziemlich gechillt!
Können wir zum wesentlichen zurückkehren?

cosinus 26.12.2011 03:55
Zitat:
Können wir zum wesentlichen zurückkehren?
na, du bist doch doch hier auf das Nebengleis als erster gefahren. Also tu nicht so, als müsse ich zurückkehren. Bisher waren meine Anleitungen von jedermann verständlich was diesen Satz nach dem Fix mit aswMBR anbelangt => Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Zitat:
00:20:20.599 Disk 0 Windows VISTA default MBR code
Aber nun gut, der MBR ist jetzt ok das ist doch schonmal was :pfeiff:

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


ginimo 28.12.2011 09:58
Soll ich das was gefunden wird auch gleich löschen? :confused:

cosinus 28.12.2011 16:57
Nein erstmal nur Log posten!

Siehe => Gehe sicher das bei Remove Found Threats kein Haken gesetzt ist.

ginimo 28.12.2011 23:19
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122704

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19170

28.12.2011 23:15:23
mbam-log-2011-12-28 (23-15-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 362096
Laufzeit: 1 Stunde(n), 45 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\_OTL\movedfiles\12212011_203844\C_Users\Gini\AppData\Roaming\microsoft\dllhsts.exe (Trojan.FakeFF) -> No action taken.







SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/28/2011 at 01:51 AM

Application Version : 5.0.1142

Core Rules Database Version : 8088
Trace Rules Database Version: 5900

Scan type : Quick Scan
Total Scan Time : 00:07:28

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 873
Memory threats detected : 0
Registry items scanned : 30566
Registry threats detected : 0
File items scanned : 8148
File threats detected : 447

Adware.Tracking Cookie
C:\Users\Gini\AppData\Roaming\Microsoft\Windows\Cookies\B91Y15RA.txt [ /doubleclick.net ]
C:\Users\Gini\AppData\Roaming\Microsoft\Windows\Cookies\K4FV5W82.txt [ /c.atdmt.com ]
C:\Users\Gini\AppData\Roaming\Microsoft\Windows\Cookies\VD76UB8S.txt [ /atdmt.combing.com ]
C:\Users\Gini\AppData\Roaming\Microsoft\Windows\Cookies\WM8JYB6W.txt [ /atdmt.com ]
C:\USERS\GINI\Cookies\B91Y15RA.txt [ Cookie:gini@doubleclick.net/ ]
C:\USERS\GINI\Cookies\K4FV5W82.txt [ Cookie:gini@c.atdmt.com/ ]
C:\USERS\GINI\Cookies\VD76UB8S.txt [ Cookie:gini@atdmt.combing.com/ ]
C:\USERS\GINI\Cookies\WM8JYB6W.txt [ Cookie:gini@atdmt.com/ ]
.invitemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ibanner.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adserve.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ads.247activemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
adsrv1.admediate.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ads.zeusclicks.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.velmedia.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
counter.hitslink.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
counters.gigya.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
adserver.yopi.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
adserver.yopi.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
adserver.yopi.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.warnerbros.112.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmlyslczofp.stats.esomniture.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aeliehd5ggp.stats.esomniture.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.virginmedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.virginmedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.virginmedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.virginmedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.virginmedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.anrtx.tacoda.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
banner.testberichte.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.aok.122.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.aim4media.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.uporn.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.uporn.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.sexlist.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.sexlist.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.sexlist.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.uporn.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.cz4.clickzs.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.cz4.clickzs.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
adserver.hardsextube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ads2.zeusclicks.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
adserver2.exgfnetwork.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.largeporntube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.largeporntube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ads.ventivmedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.girlsteachsex.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.goldporntube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.goldporntube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
banner.holidaycheck.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.conrad.122.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.vodafonegroup.122.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.clickandbuy.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.clickandbuy.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
zbox.zanox.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
media.stage-entertainment.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.sonyeurope.112.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.oms.122.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
adserver2.clipkit.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.warez-load.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.warez-load.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.c.gigcount.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
gtp19.acecounter.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
gtp19.acecounter.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
studivz.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.cheaptickets.122.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
s1.trafficmaxx.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
adserv.kwick.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
adserv.kwick.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
stat.kindergrabsteine.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.oracle.112.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.opodo.122.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.germanwings.112.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wbkoulcjgbo.stats.esomniture.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjlywjczeco.stats.esomniture.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ad-emea.doubleclick.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ltur.112.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ehg-cheaptickets.hitbox.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.foxinteractivemedia.122.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
count.asnetworks.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.viewablemedia.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.trafficmaxx.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
s1.trafficmaxx.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.trafficmaxx.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.belstat.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.gostats.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.aim4media.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ad.velmedia.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ad.velmedia.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adformdsp.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tto2.traffictrack.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
partners.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
partners.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.warez-home.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.warez-home.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.warez-home.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.warez-home.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.warez-home.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
tradefx.advertserve.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.longporntube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.longporntube.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adxpansion.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
go.trafficshop.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
go.trafficshop.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
go.trafficshop.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
go.trafficshop.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.dyntracker.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.toplist.cz [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.de.partypoker.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
m1.webstats.motigo.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webstats4u.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.wegotmedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.wegotmedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.xm.xtendmedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.active-tracking.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.active-tracking.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.active-tracking.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ad.yieldmanager.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.ad.yieldmanager.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.aim4media.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
adserver.mitfahrzentrale.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
tracking.mlsat02.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RME4OOAK.DEFAULT\COOKIES.SQLITE ]






ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=eaa9370e92756745b2f73bfc406f99b5
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 06:36:02
# local_time=2011-12-20 07:36:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 210175 99302694 261635 0
# compatibility_mode=5892 16776573 100 100 8528 161938858 0 0
# compatibility_mode=8192 67108863 100 0 8282 8282 0 0
# scanned=1155
# found=0
# cleaned=0
# scan_time=32
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=eaa9370e92756745b2f73bfc406f99b5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 08:25:07
# local_time=2011-12-20 09:25:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 210325 99302844 261785 0
# compatibility_mode=5892 16776573 100 100 8678 161939008 0 0
# compatibility_mode=8192 67108863 100 0 8432 8432 0 0
# scanned=204839
# found=5
# cleaned=0
# scan_time=6427
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\58ce481b-279336f9 a variant of Java/TrojanDownloader.Agent.ME trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\63b90e34-30b6a901 Win32/LockScreen.AIG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\c3423b7-5e8d1d63 a variant of Java/Agent.DT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\ccc963b-15ddf887 probably a variant of Java/Exploit.CVE-2011-3544.G trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe Win32/LockScreen.AIG trojan (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=eaa9370e92756745b2f73bfc406f99b5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 02:55:14
# local_time=2011-12-28 03:55:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 837933 99930452 308920 0
# compatibility_mode=5892 16776573 100 100 12753 162566616 0 0
# compatibility_mode=8192 67108863 100 0 636040 636040 0 0
# scanned=204861
# found=3
# cleaned=0
# scan_time=7025
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\Downloads\PDFCreator-1_2_3_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12212011_203844\C_Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe Win32/LockScreen.AIG trojan (unable to clean) 00000000000000000000000000000000 I

cosinus 29.12.2011 00:09
Nur Überreste und Cookies. Rechner soweit wieder im Lot?

ginimo 29.12.2011 11:26
Jep, läuft Tip Top soweit. Die infizierte Datei die über Maleware gefunden wird brauch ich nicht löschen?

cosinus 29.12.2011 16:22
Doch kann weg. Meinetwegen kannst auch C:\_OTL löschen, den Q-Ordner von OTL.

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

ginimo 30.12.2011 19:57
Supi, damit sind dann alle meine Fragen geklärt!
Ich dank dir vielmals und wünsch dir ein guten Rutsch! :dankeschoen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131