Trojaner-Board - Windows gesperrt

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Windows gesperrt (https://www.trojaner-board.de/109695-windows-gesperrt.html)

Windows gesperrt

Hallo,

ich habe dummerweise auch diesen "Windows wurde zu ihrer Sicherheit gesperrt"-Trojaner. Der Rechner lässt sich nur noch im abgesicherten Modus benutzen, allerdings funktionerit da das Internet nicht.
Gerade lasse ich mal Anti_vir drüberlaufen, aber mehr aus Verzweiflung weil ich kein anderes Programm runterladen kann.

Was kann ich machen?
Gruß,
Tanea

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

ja, das funktioniert noch, schreibe auch gerade von dem PC

na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo,

okay, danke dir.

hier die logs:

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.12.02
 

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 8.0.6001.19170

LFZL :: LFZL-LAPTOP [Administrator]
 

Schutz: Deaktiviert
 

12.02.2012 16:12:14

mbam-log-2012-02-12 (16-12-14).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 311251

Laufzeit: 45 Minute(n), 47 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Malware.Trace) -> Daten: explorer.exe,C:\Users\LFZL\csrss.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\LFZL\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=547cea251869394d841a40d510a00154

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-12 05:25:32

# local_time=2012-02-12 06:25:32 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1797 16775166 100 100 117755 103959575 193155 0

# compatibility_mode=5892 16776573 100 100 13051 166595783 0 0

# compatibility_mode=8192 67108863 100 0 3785 3785 0 0

# scanned=145447

# found=2

# cleaned=0

# scan_time=4520

C:\Users\LFZL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5T9L6BUI\channel-reward-central_com[1].htm        HTML/Fraud.BG trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\LFZL\Downloads\SoftonicDownloader_fuer_cdrtfe.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

Zitat:

C:\Users\LFZL\Downloads\SoftonicDownloader_fuer_cdrtfe.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Funktioniert der normale Modus ohne Blockierung wieder?

okay, soll ich das gleich deinstallieren oder später?

normaler Modus funktioniert leider noch nicht wieder ;-(

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

hier das Log:

Code:

OTL logfile created on: 12.02.2012 20:55:19 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\LFZL\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19170)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,96 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 77,57% Memory free

4,14 Gb Paging File | 3,86 Gb Available in Paging File | 93,19% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 111,79 Gb Total Space | 58,56 Gb Free Space | 52,38% Space Free | Partition Type: NTFS

 

Computer Name: LFZL-LAPTOP | User Name: LFZL | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.12 20:53:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\LFZL\Downloads\OTL.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.21 03:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.03.29 04:00:34 | 000,047,032 | ---- | M] () -- C:\Programme\OpenAFS\Client\Program\afs_shl_ext_1032.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2011.07.01 09:04:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.02 09:10:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.03.29 03:55:18 | 000,672,184 | ---- | M] (OpenAFS Project) [Auto | Stopped] -- C:\Programme\OpenAFS\Client\Program\afsd_service.exe -- (TransarcAFSDaemon)

SRV - [2009.11.09 12:46:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008.09.22 16:27:54 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_60b78c9b\stacsv.exe -- (STacSV)

SRV - [2008.09.17 11:03:16 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_60b78c9b\AEstSrv.exe -- (AESTFilters)

SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

SRV - [2008.07.10 19:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008.07.10 19:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008.06.11 10:39:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Programme\Fingerprint Sensor\AtService.exe -- (ATService)

SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.07.01 09:04:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.01 09:04:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.06.10 21:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)

DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.09.22 16:28:54 | 000,389,632 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2008.06.30 11:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)

DRV - [2008.06.26 05:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.06.04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)

DRV - [2008.01.21 03:32:46 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loop.sys -- (msloop)

DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-506798161-1589815655-2423967585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-506798161-1589815655-2423967585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-506798161-1589815655-2423967585-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "https://klips.uni-koeln.de/"

FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.2.20111006100951

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.12 00:18:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.05 09:19:19 | 000,000,000 | ---D | M]

 

[2009.08.27 21:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LFZL\AppData\Roaming\mozilla\Extensions

[2012.01.25 16:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions

[2011.09.06 21:39:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.01.25 16:54:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.12.05 09:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.06.30 09:06:23 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}

[2010.05.19 16:53:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2012.02.12 00:18:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.12 00:18:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.12 00:18:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.12 00:18:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.12 00:18:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.12 00:18:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.12 00:18:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\pdf.dll

CHR - plugin: GoogleChromeRemotePlugin (Enabled) = C:\Users\LFZL\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Linkury Smartbar = C:\Users\LFZL\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\

CHR - Extension: Linkury Smartbar = C:\Users\LFZL\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\Redirect

 

O1 HOSTS File: ([2011.04.14 16:40:16 | 000,000,781 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 10.254.254.253        AFS

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-506798161-1589815655-2423967585-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-506798161-1589815655-2423967585-1000..\Run: [ffdwnd] C:\Users\LFZL\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)

O4 - HKU\S-1-5-21-506798161-1589815655-2423967585-1000..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe (Linkury)

O4 - Startup: C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\LFZL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()

O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{129162E6-D6A7-4066-B90D-D688848B5347}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51095014-818F-42D7-9BA0-BC49B3EBFF75}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AfsLogon: DllName - (C:\Program Files\OpenAFS\Client\Program\afslogon.dll) - C:\Programme\OpenAFS\Client\Program\afslogon.dll (OpenAFS Project)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{4b072f80-300a-11df-8869-0023ae1c1d50}\Shell\AutoRun\command - "" = E:\GORILA///mankisha.exe

O33 - MountPoints2\{4b072f80-300a-11df-8869-0023ae1c1d50}\Shell\open\command - "" = E:\GORILA///mankisha.exe

O33 - MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\Shell\AutoRun\command - "" = E:\svira/svira32.exe

O33 - MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\Shell\explore\command - "" = E:\svira/svira32.exe

O33 - MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\Shell\open\command - "" = E:\.\svira/svira32.exe

O33 - MountPoints2\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\Shell - "" = AutoRun

O33 - MountPoints2\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\Shell - "" = AutoRun

O33 - MountPoints2\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {07DC65EA-BD67-2129-FABC-5752F1D61F88} - 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.12 17:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.02.12 16:10:53 | 000,000,000 | ---D | C] -- C:\Users\LFZL\AppData\Roaming\Malwarebytes

[2012.02.12 16:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.02.12 16:10:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.02.12 16:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.02.12 16:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.02.10 18:55:19 | 000,000,000 | ---D | C] -- C:\Users\LFZL\Desktop\Publikation

[2012.02.10 11:01:20 | 000,000,000 | ---D | C] -- C:\Users\LFZL\AppData\Local\Microsoft Games

[2012.02.10 10:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

[2012.02.02 17:21:38 | 000,000,000 | ---D | C] -- C:\Users\LFZL\Desktop\0_VortragKöln

[2012.02.01 13:27:47 | 000,000,000 | ---D | C] -- C:\Users\LFZL\Desktop\Lea

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.12 20:07:11 | 000,622,294 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.02.12 20:07:11 | 000,590,710 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.02.12 20:07:11 | 000,124,794 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.02.12 20:07:11 | 000,102,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.02.12 20:02:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.12 20:00:24 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.12 20:00:23 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.12 19:55:51 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.02.12 19:55:51 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job

[2012.02.12 17:25:42 | 000,000,680 | ---- | M] () -- C:\Users\LFZL\AppData\Local\d3d9caps.dat

[2012.02.12 16:10:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.12 13:41:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

 
 ========== Files Created - No Company Name ==========

 

[2012.02.12 16:10:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.31 15:57:11 | 000,193,864 | ---- | C] () -- C:\Users\LFZL\Desktop\brief_aspla_wentzlaff.ott

[2010.05.19 16:54:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.09.23 09:15:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.09.23 09:15:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.09.03 09:42:20 | 000,039,424 | ---- | C] () -- C:\Users\LFZL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.08.28 02:25:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.08.27 22:25:49 | 000,622,294 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.08.27 22:25:49 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.08.27 22:25:49 | 000,124,794 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.08.27 22:25:49 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.08.27 17:40:22 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2009.08.27 17:40:21 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2009.08.27 17:40:21 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll

[2009.08.27 17:40:20 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2009.08.27 17:40:20 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin

[2009.08.27 15:32:49 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll

[2009.08.27 15:02:25 | 000,000,680 | ---- | C] () -- C:\Users\LFZL\AppData\Local\d3d9caps.dat

[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:44:53 | 002,427,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 11:33:01 | 000,590,710 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,102,584 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.06.30 11:58:44 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll

[2006.06.30 11:58:44 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll

 
 ========== LOP Check ==========

 

[2010.06.30 11:32:54 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Academic Software Zurich

[2011.08.10 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Canneverbe Limited

[2012.02.12 19:57:34 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Dropbox

[2011.11.23 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\FinalTorrent

[2011.08.10 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\OpenCandy

[2009.08.27 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\OpenOffice.org

[2012.02.12 19:55:51 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\FinalTorrent Update Checker.job

[2012.02.12 20:00:15 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.06.30 11:32:54 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Academic Software Zurich

[2011.11.23 20:32:18 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Adobe

[2010.03.29 14:06:50 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Avira

[2011.08.10 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Canneverbe Limited

[2012.02.12 19:57:34 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Dropbox

[2012.02.02 17:47:40 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\dvdcss

[2011.11.23 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\FinalTorrent

[2009.08.27 15:02:29 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Identities

[2009.08.27 15:29:54 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\InstallShield

[2009.11.09 12:52:12 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Macromedia

[2012.02.12 16:10:53 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Malwarebytes

[2012.01.24 14:38:14 | 000,000,000 | --SD | M] -- C:\Users\LFZL\AppData\Roaming\Microsoft

[2009.08.27 21:00:52 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Mozilla

[2011.08.10 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\OpenCandy

[2009.08.27 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\OpenOffice.org

[2012.02.12 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Skype

[2012.02.12 09:09:53 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\skypePM

[2012.02.07 12:34:10 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\vlc

[2010.08.04 14:17:50 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\VMware

 
 < %APPDATA%\*.exe /s >

[2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\LFZL\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\LFZL\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2009.08.27 15:26:20 | 000,010,134 | R--- | M] () -- C:\Users\LFZL\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe

[2009.08.27 15:26:20 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\LFZL\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe

[2009.08.27 15:32:09 | 000,365,322 | R--- | M] () -- C:\Users\LFZL\AppData\Roaming\Microsoft\Installer\{8B1F8092-9D84-459B-88EA-0BE882AC915E}\ARPPRODUCTICON.exe

[2009.08.27 15:31:44 | 000,365,322 | R--- | M] () -- C:\Users\LFZL\AppData\Roaming\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe

[2009.08.27 15:32:36 | 000,011,758 | R--- | M] () -- C:\Users\LFZL\AppData\Roaming\Microsoft\Installer\{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}\ARPPRODUCTICON.exe

[2011.08.10 14:54:56 | 000,416,160 | ---- | M] () -- C:\Users\LFZL\AppData\Roaming\OpenCandy\OpenCandy_E52FE0337CBE47C3B9FF25781E8C2B49\LatestDLMgr.exe

[2011.08.10 14:55:02 | 004,226,064 | ---- | M] () -- C:\Users\LFZL\AppData\Roaming\OpenCandy\OpenCandy_E52FE0337CBE47C3B9FF25781E8C2B49\LinkuryInstaller_p1v4.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.03.06 05:21:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2209DBCD72FD45199BAE483DDBCA5D75 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_bdffb04d\atapi.sys

[2008.03.06 05:21:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2209DBCD72FD45199BAE483DDBCA5D75 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22130_none_dda155213abfc239\atapi.sys

[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2008.03.06 05:24:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=49996882C3272D944D027E03FCD89F6B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_fbc3e716\atapi.sys

[2008.03.06 05:24:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=49996882C3272D944D027E03FCD89F6B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20786_none_db8b089b3dbc5507\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 03:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Code:

OTL Extras logfile created on: 12.02.2012 20:55:19 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\LFZL\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19170)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,96 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 77,57% Memory free

4,14 Gb Paging File | 3,86 Gb Available in Paging File | 93,19% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 111,79 Gb Total Space | 58,56 Gb Free Space | 52,38% Space Free | Partition Type: NTFS

 

Computer Name: LFZL-LAPTOP | User Name: LFZL | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-506798161-1589815655-2423967585-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{45785C2A-2769-4512-BE4E-DFFD3520C6DB}" = lport=445 | protocol=6 | dir=in | app=system | 

"{63D02505-2DA9-4BDD-80BA-F161986EDE1D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 

"{6AC3C9FC-FEDD-47BA-A274-56F4950F12F0}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 

"{70E7A0EB-EC53-4445-B5FA-A6B38483B6A8}" = lport=7001 | protocol=17 | dir=in | name=afs cachemanager callback (udp) | 

"{97079D10-AEEC-4AFA-B0F0-55C11B47033A}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 

"{AE9DB63E-BA22-4D95-B1DE-8956A2A37C12}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 

"{CFDF89E7-9830-4255-8491-8B14041C6493}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{F7224F87-14DE-4C22-9262-DC08F901045D}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1671DC77-6B81-44A3-ABA3-6CFDAB9B09F7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{1CE4AD11-590F-4841-8025-F64968DCC94A}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 

"{31B22A7F-56BB-4C21-9DA6-FC6AEC9CDCD5}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 

"{4AC55D5F-2704-417B-B772-0E8E88FDC29C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{50981C21-54B8-457B-9957-80425D9F1A06}" = protocol=6 | dir=in | app=c:\users\lfzl\appdata\roaming\dropbox\bin\dropbox.exe | 

"{60992E2C-E621-452C-8628-DCDAF596979C}" = dir=in | app=c:\program files\finaltorrent\ftcheckforupdates.exe | 

"{7CE74BD0-C758-47C2-B3B7-10D1A02F1C13}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{A543FA9B-D796-4F58-A841-4DDCE24555EF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{AB719860-3250-4677-A60D-1778306CC9B3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{BABE4012-1301-4E7B-A730-52F39828884A}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 

"{E14C4BD6-9E04-4D1B-9031-06A2340E164A}" = protocol=17 | dir=in | app=c:\users\lfzl\appdata\roaming\dropbox\bin\dropbox.exe | 

"{E9D6EF8F-BD4D-4453-8F57-1E5721693662}" = dir=in | app=c:\program files\finaltorrent\finaltorrent.exe | 

"{FDFE7547-AA58-473C-AE36-DDDACBBF7B7C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 

"TCP Query User{1DB9EFC5-C315-48A9-8957-5CF0F107E826}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe | 

"TCP Query User{26F49EB9-8715-450C-B3A9-46047BAEB1BA}C:\program files\finaltorrent\finaltorrent.exe" = protocol=6 | dir=in | app=c:\program files\finaltorrent\finaltorrent.exe | 

"TCP Query User{CA51EB76-61E7-4C59-A3CF-A1314D000E35}C:\program files\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\nxclient.exe | 

"TCP Query User{E80F59B2-63B5-4EE0-87DA-ECC62EBCAB60}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{0EF94CFF-FDA3-4342-843C-69CBB4B0CE96}C:\program files\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\nxclient.exe | 

"UDP Query User{1FC2F86C-B784-4C4F-A5B2-AC217B84D4CC}C:\program files\finaltorrent\finaltorrent.exe" = protocol=17 | dir=in | app=c:\program files\finaltorrent\finaltorrent.exe | 

"UDP Query User{B6B9FA1E-3777-4431-B52F-B2DBCDC2A64C}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe | 

"UDP Query User{EAE22C10-759C-406A-91C0-AC369736D843}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server

"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4

"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22

"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)

"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4

"{57F1AB5A-0B9A-4229-B231-B1516A33DCD4}" = VMware Infrastructure Client 2.5

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6865E7FA-9D39-460E-960D-14BACEDAE209}" = Visual Studio 8.0 Retail (Intel) Runtime

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B1F8092-9D84-459B-88EA-0BE882AC915E}" = UPEK TouchChip Fingerprint Reader

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{96B9274D-2D07-4C5B-A29C-55F3C0D6B342}" = Linkury Smartbar

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BC51C0F-DA8E-4370-9997-899B3435A647}" = VMware vSphere Host Update Utility 4.0

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch

"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software

"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard

"{C40698F9-A861-4531-9F8C-FA7F8961375B}" = VMware vSphere Client 4.0

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}" = AuthenTec Fingerprint System

"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Citavi" = Citavi 2.5

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"FinalTorrent_is1" = FinalTorrent 2011

"Google Chrome" = Google Chrome

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE

"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)

"nxclient_is1" = NX Client for Windows 3.4.0-5

"OpenAFS" = OpenAFS for Windows

"ProInst" = Intel PROSet Wireless

"Trusted Software Assistant_is1" = File Type Assistant

"VLC media player" = VLC media player 1.0.1

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-506798161-1589815655-2423967585-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"UklanAdmin V1.6" = UklanAdmin V1.6

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12.02.2012 10:55:25 | Computer Name = LFZL-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131584

Description = 

 

Error - 12.02.2012 10:57:35 | Computer Name = LFZL-Laptop | Source = EventSystem | ID = 4609

Description = 

 

Error - 12.02.2012 10:58:15 | Computer Name = LFZL-Laptop | Source = WinMgmt | ID = 10

Description = 

 

Error - 12.02.2012 12:00:39 | Computer Name = LFZL-Laptop | Source = WinMgmt | ID = 10

Description = 

 

Error - 12.02.2012 12:04:50 | Computer Name = LFZL-Laptop | Source = EventSystem | ID = 4609

Description = 

 

Error - 12.02.2012 12:05:02 | Computer Name = LFZL-Laptop | Source = WinMgmt | ID = 10

Description = 

 

Error - 12.02.2012 14:52:10 | Computer Name = LFZL-Laptop | Source = WinMgmt | ID = 10

Description = 

 

Error - 12.02.2012 15:04:07 | Computer Name = LFZL-Laptop | Source = WinMgmt | ID = 10

Description = 

 

Error - 12.02.2012 15:07:26 | Computer Name = LFZL-Laptop | Source = EventSystem | ID = 4609

Description = 

 

Error - 12.02.2012 15:56:54 | Computer Name = LFZL-Laptop | Source = System Restore | ID = 8193

Description = 

 

[ Cisco AnyConnect VPN Client Events ]

Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866

Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 

2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647

 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp

Line:

 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196

 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:

 5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196

 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321

Invoked

 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:

 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283

Invoked

 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:

 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp

Line:

 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)

Description:

 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 

4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)

Description:

 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 12.02.2012 14:52:16 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866

Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp

Line:

 601 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:

 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

 

Error - 12.02.2012 14:52:16 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866

Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp

Line:

 601 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:

 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

 

Error - 12.02.2012 14:52:16 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei

 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw

Error:

 No such file or directory

 

[ OSession Events ]

Error - 16.03.2010 19:34:19 | Computer Name = LFZL-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14116

 seconds with 1980 seconds of active time.  This session ended with a crash.

 

Error - 26.11.2010 07:59:04 | Computer Name = LFZL-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 98

 seconds with 60 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 12.02.2012 12:05:03 | Computer Name = LFZL-Laptop | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 12.02.2012 12:05:03 | Computer Name = LFZL-Laptop | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 12.02.2012 14:52:10 | Computer Name = LFZL-Laptop | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 12.02.2012 14:53:15 | Computer Name = LFZL-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 12.02.2012 15:03:09 | Computer Name = LFZL-Laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000

Description = 

 

Error - 12.02.2012 15:04:08 | Computer Name = LFZL-Laptop | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 12.02.2012 15:04:08 | Computer Name = LFZL-Laptop | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 12.02.2012 15:07:16 | Computer Name = LFZL-Laptop | Source = DCOM | ID = 10005

Description = 

 

Error - 12.02.2012 15:07:26 | Computer Name = LFZL-Laptop | Source = DCOM | ID = 10005

Description = 

 

Error - 12.02.2012 15:07:31 | Computer Name = LFZL-Laptop | Source = DCOM | ID = 10005

Description = 

 

 

< End of report >

Funktioniert der normale Modus noch nicht?

nein, habs heute morgen nochmal probiert. sofort gesperrt..

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

[2011.09.06 21:39:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.01.25 16:54:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O4 - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-21-506798161-1589815655-2423967585-1000..\Run: [ffdwnd] C:\Users\LFZL\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)

O4 - HKU\S-1-5-21-506798161-1589815655-2423967585-1000..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe (Linkury)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{4b072f80-300a-11df-8869-0023ae1c1d50}\Shell\AutoRun\command - "" = E:\GORILA///mankisha.exe

O33 - MountPoints2\{4b072f80-300a-11df-8869-0023ae1c1d50}\Shell\open\command - "" = E:\GORILA///mankisha.exe

O33 - MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\Shell\AutoRun\command - "" = E:\svira/svira32.exe

O33 - MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\Shell\explore\command - "" = E:\svira/svira32.exe

O33 - MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\Shell\open\command - "" = E:\.\svira/svira32.exe

O33 - MountPoints2\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\Shell - "" = AutoRun

O33 - MountPoints2\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\Shell - "" = AutoRun

O33 - MountPoints2\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

:Commands

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.

C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.

C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.

C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.

C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.

C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.

C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.

C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.

C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.

C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-506798161-1589815655-2423967585-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ffdwnd deleted successfully.

C:\Users\LFZL\AppData\Local\Mozilla\Firefox\firefox.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-506798161-1589815655-2423967585-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Linkury Chrome Smartbar deleted successfully.

C:\Programme\Linkury\Linkury.exe moved successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b072f80-300a-11df-8869-0023ae1c1d50}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b072f80-300a-11df-8869-0023ae1c1d50}\ not found.

File E:\GORILA///mankisha.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b072f80-300a-11df-8869-0023ae1c1d50}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b072f80-300a-11df-8869-0023ae1c1d50}\ not found.

File E:\GORILA///mankisha.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61325291-30d9-11df-99cb-0023ae1c1d50}\ not found.

File E:\svira/svira32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61325291-30d9-11df-99cb-0023ae1c1d50}\ not found.

File E:\svira/svira32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61325291-30d9-11df-99cb-0023ae1c1d50}\ not found.

File E:\.\svira/svira32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\ not found.

File F:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\ not found.

File F:\LaunchU3.exe -a not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LFZL

->Temp folder emptied: 245787609 bytes

->Temporary Internet Files folder emptied: 310444008 bytes

->Java cache emptied: 66210954 bytes

->FireFox cache emptied: 51318746 bytes

->Google Chrome cache emptied: 6445507 bytes

->Flash cache emptied: 11825 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 161204409 bytes

RecycleBin emptied: 31376086 bytes

 

Total Files Cleaned = 832,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 02132012_133631
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

scheint was gebracht zu haben. Bin jetzt wieder über den normalen Modus drin und bis jetzt klappts.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

14:02:46.0772 4148        TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52

14:02:47.0037 4148        ============================================================

14:02:47.0037 4148        Current date / time: 2012/02/13 14:02:47.0037

14:02:47.0037 4148        SystemInfo:

14:02:47.0037 4148        

14:02:47.0037 4148        OS Version: 6.0.6002 ServicePack: 2.0

14:02:47.0038 4148        Product type: Workstation

14:02:47.0038 4148        ComputerName: LFZL-LAPTOP

14:02:47.0038 4148        UserName: LFZL

14:02:47.0038 4148        Windows directory: C:\Windows

14:02:47.0038 4148        System windows directory: C:\Windows

14:02:47.0038 4148        Processor architecture: Intel x86

14:02:47.0038 4148        Number of processors: 2

14:02:47.0038 4148        Page size: 0x1000

14:02:47.0038 4148        Boot type: Normal boot

14:02:47.0038 4148        ============================================================

14:02:48.0418 4148        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:02:48.0420 4148        \Device\Harddisk0\DR0:

14:02:48.0420 4148        MBR used

14:02:48.0420 4148        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800

14:02:48.0444 4148        Initialize success

14:02:48.0444 4148        ============================================================

14:04:21.0941 5160        ============================================================

14:04:21.0941 5160        Scan started

14:04:21.0941 5160        Mode: Manual; SigCheck; TDLFS; 

14:04:21.0941 5160        ============================================================

14:04:22.0549 5160        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

14:04:22.0721 5160        ACPI - ok

14:04:22.0814 5160        adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys

14:04:22.0845 5160        adfs - ok

14:04:22.0923 5160        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

14:04:22.0939 5160        adp94xx - ok

14:04:23.0251 5160        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

14:04:23.0282 5160        adpahci - ok

14:04:23.0376 5160        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

14:04:23.0423 5160        adpu160m - ok

14:04:23.0516 5160        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

14:04:23.0532 5160        adpu320 - ok

14:04:23.0657 5160        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

14:04:23.0844 5160        AFD - ok

14:04:24.0203 5160        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

14:04:24.0218 5160        agp440 - ok

14:04:24.0265 5160        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

14:04:24.0296 5160        aic78xx - ok

14:04:24.0390 5160        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

14:04:24.0390 5160        aliide - ok

14:04:24.0452 5160        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

14:04:24.0452 5160        amdagp - ok

14:04:24.0483 5160        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

14:04:24.0499 5160        amdide - ok

14:04:24.0515 5160        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

14:04:24.0671 5160        AmdK7 - ok

14:04:24.0858 5160        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

14:04:24.0905 5160        AmdK8 - ok

14:04:24.0967 5160        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

14:04:24.0983 5160        arc - ok

14:04:25.0014 5160        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

14:04:25.0029 5160        arcsas - ok

14:04:25.0123 5160        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

14:04:25.0185 5160        AsyncMac - ok

14:04:25.0263 5160        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

14:04:25.0279 5160        atapi - ok

14:04:25.0373 5160        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

14:04:25.0388 5160        avgio - ok

14:04:25.0451 5160        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

14:04:25.0482 5160        avgntflt - ok

14:04:25.0513 5160        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

14:04:25.0529 5160        avipbb - ok

14:04:25.0591 5160        b57nd60x        (6fb43f0dadb3fdc287d080c19666af8d) C:\Windows\system32\DRIVERS\b57nd60x.sys

14:04:25.0716 5160        b57nd60x - ok

14:04:25.0809 5160        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

14:04:25.0872 5160        Beep - ok

14:04:25.0919 5160        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

14:04:25.0965 5160        blbdrive - ok

14:04:26.0028 5160        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

14:04:26.0106 5160        bowser - ok

14:04:26.0199 5160        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

14:04:26.0387 5160        BrFiltLo - ok

14:04:26.0480 5160        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

14:04:26.0543 5160        BrFiltUp - ok

14:04:26.0636 5160        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

14:04:26.0855 5160        Brserid - ok

14:04:27.0026 5160        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

14:04:27.0151 5160        BrSerWdm - ok

14:04:27.0198 5160        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

14:04:27.0260 5160        BrUsbMdm - ok

14:04:27.0323 5160        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

14:04:27.0401 5160        BrUsbSer - ok

14:04:27.0557 5160        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

14:04:27.0619 5160        BTHMODEM - ok

14:04:27.0650 5160        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

14:04:27.0697 5160        cdfs - ok

14:04:27.0759 5160        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

14:04:27.0791 5160        cdrom - ok

14:04:27.0822 5160        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

14:04:27.0884 5160        circlass - ok

14:04:28.0009 5160        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

14:04:28.0040 5160        CLFS - ok

14:04:28.0134 5160        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

14:04:28.0165 5160        CmBatt - ok

14:04:28.0212 5160        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

14:04:28.0243 5160        cmdide - ok

14:04:28.0337 5160        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

14:04:28.0337 5160        Compbatt - ok

14:04:28.0352 5160        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

14:04:28.0368 5160        crcdisk - ok

14:04:28.0399 5160        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

14:04:28.0446 5160        Crusoe - ok

14:04:28.0524 5160        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

14:04:28.0586 5160        DfsC - ok

14:04:28.0680 5160        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

14:04:28.0695 5160        disk - ok

14:04:28.0805 5160        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

14:04:28.0883 5160        drmkaud - ok

14:04:28.0929 5160        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

14:04:28.0961 5160        DXGKrnl - ok

14:04:29.0085 5160        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

14:04:29.0163 5160        E1G60 - ok

14:04:29.0304 5160        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

14:04:29.0319 5160        Ecache - ok

14:04:29.0382 5160        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

14:04:29.0413 5160        elxstor - ok

14:04:29.0553 5160        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

14:04:29.0600 5160        ErrDev - ok

14:04:29.0678 5160        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

14:04:29.0741 5160        exfat - ok

14:04:29.0787 5160        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

14:04:29.0819 5160        fastfat - ok

14:04:29.0865 5160        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

14:04:29.0912 5160        fdc - ok

14:04:30.0006 5160        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

14:04:30.0021 5160        FileInfo - ok

14:04:30.0053 5160        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

14:04:30.0115 5160        Filetrace - ok

14:04:30.0162 5160        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

14:04:30.0224 5160        flpydisk - ok

14:04:30.0287 5160        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

14:04:30.0302 5160        FltMgr - ok

14:04:30.0318 5160        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

14:04:30.0349 5160        Fs_Rec - ok

14:04:30.0380 5160        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

14:04:30.0380 5160        gagp30kx - ok

14:04:30.0536 5160        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

14:04:30.0599 5160        HdAudAddService - ok

14:04:30.0661 5160        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:04:30.0786 5160        HDAudBus - ok

14:04:31.0051 5160        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

14:04:31.0145 5160        HidBth - ok

14:04:31.0207 5160        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

14:04:31.0269 5160        HidIr - ok

14:04:31.0332 5160        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

14:04:31.0379 5160        HidUsb - ok

14:04:31.0441 5160        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

14:04:31.0441 5160        HpCISSs - ok

14:04:31.0613 5160        HTTP            (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

14:04:31.0706 5160        HTTP - ok

14:04:31.0769 5160        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

14:04:31.0800 5160        i2omp - ok

14:04:31.0956 5160        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

14:04:32.0003 5160        i8042prt - ok

14:04:32.0112 5160        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

14:04:32.0143 5160        iaStorV - ok

14:04:32.0377 5160        igfx            (0627fc0c422cd6e0f23e1b0d1d9f0899) C:\Windows\system32\DRIVERS\igdkmd32.sys

14:04:32.0533 5160        igfx - ok

14:04:32.0658 5160        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

14:04:32.0689 5160        iirsp - ok

14:04:32.0736 5160        IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys

14:04:32.0767 5160        IntcHdmiAddService - ok

14:04:32.0829 5160        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

14:04:32.0845 5160        intelide - ok

14:04:32.0876 5160        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

14:04:32.0923 5160        intelppm - ok

14:04:32.0939 5160        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:04:32.0985 5160        IpFilterDriver - ok

14:04:32.0985 5160        IpInIp - ok

14:04:33.0032 5160        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

14:04:33.0079 5160        IPMIDRV - ok

14:04:33.0219 5160        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

14:04:33.0282 5160        IPNAT - ok

14:04:33.0313 5160        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

14:04:33.0375 5160        IRENUM - ok

14:04:33.0407 5160        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

14:04:33.0438 5160        isapnp - ok

14:04:33.0500 5160        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

14:04:33.0531 5160        iScsiPrt - ok

14:04:33.0563 5160        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

14:04:33.0563 5160        iteatapi - ok

14:04:33.0594 5160        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

14:04:33.0594 5160        iteraid - ok

14:04:33.0703 5160        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:04:33.0719 5160        kbdclass - ok

14:04:33.0781 5160        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

14:04:33.0828 5160        kbdhid - ok

14:04:33.0890 5160        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

14:04:33.0921 5160        KSecDD - ok

14:04:33.0953 5160        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

14:04:33.0999 5160        lltdio - ok

14:04:34.0202 5160        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

14:04:34.0202 5160        LSI_FC - ok

14:04:34.0249 5160        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

14:04:34.0265 5160        LSI_SAS - ok

14:04:34.0327 5160        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

14:04:34.0358 5160        LSI_SCSI - ok

14:04:34.0374 5160        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

14:04:34.0405 5160        luafv - ok

14:04:34.0436 5160        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

14:04:34.0452 5160        MBAMProtector - ok

14:04:34.0545 5160        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

14:04:34.0545 5160        megasas - ok

14:04:34.0577 5160        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

14:04:34.0608 5160        MegaSR - ok

14:04:34.0639 5160        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

14:04:34.0686 5160        Modem - ok

14:04:34.0717 5160        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

14:04:34.0748 5160        monitor - ok

14:04:34.0795 5160        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

14:04:34.0811 5160        mouclass - ok

14:04:34.0889 5160        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

14:04:34.0935 5160        mouhid - ok

14:04:34.0967 5160        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

14:04:34.0998 5160        MountMgr - ok

14:04:35.0029 5160        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

14:04:35.0045 5160        mpio - ok

14:04:35.0076 5160        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

14:04:35.0107 5160        mpsdrv - ok

14:04:35.0154 5160        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

14:04:35.0169 5160        Mraid35x - ok

14:04:35.0216 5160        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

14:04:35.0279 5160        MRxDAV - ok

14:04:35.0403 5160        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:04:35.0466 5160        mrxsmb - ok

14:04:35.0528 5160        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:04:35.0559 5160        mrxsmb10 - ok

14:04:35.0669 5160        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:04:35.0669 5160        mrxsmb20 - ok

14:04:35.0747 5160        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

14:04:35.0747 5160        msahci - ok

14:04:35.0793 5160        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

14:04:35.0793 5160        msdsm - ok

14:04:35.0809 5160        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

14:04:35.0840 5160        Msfs - ok

14:04:35.0887 5160        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

14:04:35.0887 5160        msisadrv - ok

14:04:35.0934 5160        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

14:04:35.0981 5160        MSKSSRV - ok

14:04:36.0168 5160        msloop          (0a562f61d84bf1988e4dd6413b76c1d4) C:\Windows\system32\DRIVERS\loop.sys

14:04:36.0215 5160        msloop - ok

14:04:36.0261 5160        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

14:04:36.0308 5160        MSPCLOCK - ok

14:04:36.0355 5160        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

14:04:36.0402 5160        MSPQM - ok

14:04:36.0464 5160        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

14:04:36.0480 5160        MsRPC - ok

14:04:36.0527 5160        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

14:04:36.0542 5160        mssmbios - ok

14:04:36.0589 5160        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

14:04:36.0636 5160        MSTEE - ok

14:04:36.0714 5160        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

14:04:36.0729 5160        Mup - ok

14:04:36.0807 5160        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

14:04:36.0823 5160        NativeWifiP - ok

14:04:36.0917 5160        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

14:04:36.0963 5160        NDIS - ok

14:04:37.0057 5160        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

14:04:37.0088 5160        NdisTapi - ok

14:04:37.0416 5160        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

14:04:37.0494 5160        Ndisuio - ok

14:04:37.0556 5160        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:04:37.0587 5160        NdisWan - ok

14:04:37.0634 5160        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

14:04:37.0665 5160        NDProxy - ok

14:04:37.0697 5160        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

14:04:37.0759 5160        NetBIOS - ok

14:04:38.0118 5160        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

14:04:38.0149 5160        netbt - ok

14:04:38.0289 5160        NETw5v32        (9ca26dccf0b84a6ff2b54fbb2a94520b) C:\Windows\system32\DRIVERS\NETw5v32.sys

14:04:38.0539 5160        NETw5v32 - ok

14:04:38.0679 5160        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

14:04:38.0679 5160        nfrd960 - ok

14:04:38.0726 5160        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

14:04:38.0804 5160        Npfs - ok

14:04:38.0835 5160        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

14:04:38.0851 5160        nsiproxy - ok

14:04:38.0929 5160        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

14:04:38.0976 5160        Ntfs - ok

14:04:39.0085 5160        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

14:04:39.0147 5160        ntrigdigi - ok

14:04:39.0179 5160        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

14:04:39.0225 5160        Null - ok

14:04:39.0272 5160        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

14:04:39.0272 5160        nvraid - ok

14:04:39.0413 5160        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

14:04:39.0444 5160        nvstor - ok

14:04:39.0569 5160        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

14:04:39.0600 5160        nv_agp - ok

14:04:39.0740 5160        NwlnkFlt - ok

14:04:39.0756 5160        NwlnkFwd - ok

14:04:39.0818 5160        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

14:04:39.0865 5160        ohci1394 - ok

14:04:39.0990 5160        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

14:04:40.0068 5160        Parport - ok

14:04:40.0177 5160        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

14:04:40.0193 5160        partmgr - ok

14:04:40.0286 5160        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

14:04:40.0364 5160        Parvdm - ok

14:04:40.0411 5160        PBADRV          (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys

14:04:40.0411 5160        PBADRV - ok

14:04:40.0505 5160        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

14:04:40.0520 5160        pci - ok

14:04:40.0551 5160        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

14:04:40.0567 5160        pciide - ok

14:04:40.0676 5160        pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

14:04:40.0692 5160        pcmcia - ok

14:04:40.0739 5160        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

14:04:41.0004 5160        PEAUTH - ok

14:04:41.0347 5160        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

14:04:41.0425 5160        PptpMiniport - ok

14:04:41.0472 5160        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

14:04:41.0503 5160        Processor - ok

14:04:41.0597 5160        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

14:04:41.0628 5160        PSched - ok

14:04:41.0971 5160        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

14:04:42.0049 5160        ql2300 - ok

14:04:42.0236 5160        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

14:04:42.0252 5160        ql40xx - ok

14:04:42.0314 5160        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

14:04:42.0361 5160        QWAVEdrv - ok

14:04:42.0408 5160        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

14:04:42.0455 5160        RasAcd - ok

14:04:42.0517 5160        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:04:42.0564 5160        Rasl2tp - ok

14:04:42.0657 5160        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

14:04:42.0704 5160        RasPppoe - ok

14:04:42.0751 5160        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

14:04:42.0767 5160        RasSstp - ok

14:04:42.0829 5160        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

14:04:42.0876 5160        rdbss - ok

14:04:42.0907 5160        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:04:42.0938 5160        RDPCDD - ok

14:04:43.0001 5160        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

14:04:43.0032 5160        rdpdr - ok

14:04:43.0063 5160        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

14:04:43.0110 5160        RDPENCDD - ok

14:04:43.0157 5160        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

14:04:43.0203 5160        RDPWD - ok

14:04:43.0281 5160        rimmptsk        (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

14:04:43.0344 5160        rimmptsk - ok

14:04:43.0406 5160        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

14:04:43.0469 5160        rspndr - ok

14:04:43.0531 5160        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

14:04:43.0547 5160        sbp2port - ok

14:04:43.0625 5160        sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

14:04:43.0656 5160        sdbus - ok

14:04:43.0671 5160        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:04:43.0749 5160        secdrv - ok

14:04:43.0781 5160        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

14:04:43.0827 5160        Serenum - ok

14:04:43.0890 5160        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

14:04:43.0937 5160        Serial - ok

14:04:43.0983 5160        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

14:04:44.0030 5160        sermouse - ok

14:04:44.0093 5160        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

14:04:44.0139 5160        sffdisk - ok

14:04:44.0171 5160        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

14:04:44.0233 5160        sffp_mmc - ok

14:04:44.0249 5160        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

14:04:44.0295 5160        sffp_sd - ok

14:04:44.0342 5160        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

14:04:44.0373 5160        sfloppy - ok

14:04:44.0389 5160        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

14:04:44.0405 5160        sisagp - ok

14:04:44.0436 5160        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

14:04:44.0436 5160        SiSRaid2 - ok

14:04:44.0529 5160        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

14:04:44.0529 5160        SiSRaid4 - ok

14:04:44.0592 5160        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

14:04:44.0607 5160        Smb - ok

14:04:44.0654 5160        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

14:04:44.0654 5160        spldr - ok

14:04:44.0717 5160        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

14:04:44.0810 5160        srv - ok

14:04:44.0841 5160        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

14:04:44.0904 5160        srv2 - ok

14:04:44.0951 5160        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

14:04:44.0966 5160        srvnet - ok

14:04:45.0044 5160        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

14:04:45.0044 5160        ssmdrv - ok

14:04:45.0153 5160        STHDA           (304f7634121eae608cc413158ef3b1f9) C:\Windows\system32\DRIVERS\stwrt.sys

14:04:45.0200 5160        STHDA - ok

14:04:45.0247 5160        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

14:04:45.0263 5160        swenum - ok

14:04:45.0294 5160        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

14:04:45.0309 5160        Symc8xx - ok

14:04:45.0356 5160        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

14:04:45.0356 5160        Sym_hi - ok

14:04:45.0403 5160        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

14:04:45.0419 5160        Sym_u3 - ok

14:04:45.0481 5160        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

14:04:45.0528 5160        Tcpip - ok

14:04:45.0590 5160        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

14:04:45.0621 5160        Tcpip6 - ok

14:04:45.0699 5160        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

14:04:45.0762 5160        tcpipreg - ok

14:04:45.0840 5160        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

14:04:45.0887 5160        TDPIPE - ok

14:04:45.0980 5160        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

14:04:46.0027 5160        TDTCP - ok

14:04:46.0089 5160        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

14:04:46.0136 5160        tdx - ok

14:04:46.0214 5160        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

14:04:46.0230 5160        TermDD - ok

14:04:46.0292 5160        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:04:46.0339 5160        tssecsrv - ok

14:04:46.0386 5160        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

14:04:46.0479 5160        tunmp - ok

14:04:46.0589 5160        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

14:04:46.0620 5160        tunnel - ok

14:04:46.0667 5160        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

14:04:46.0698 5160        uagp35 - ok

14:04:46.0729 5160        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

14:04:46.0760 5160        udfs - ok

14:04:46.0791 5160        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

14:04:46.0807 5160        uliagpkx - ok

14:04:46.0838 5160        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

14:04:46.0885 5160        uliahci - ok

14:04:46.0932 5160        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

14:04:46.0947 5160        UlSata - ok

14:04:46.0979 5160        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

14:04:46.0994 5160        ulsata2 - ok

14:04:47.0072 5160        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

14:04:47.0103 5160        umbus - ok

14:04:47.0150 5160        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

14:04:47.0213 5160        usbccgp - ok

14:04:47.0244 5160        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

14:04:47.0322 5160        usbcir - ok

14:04:47.0384 5160        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

14:04:47.0415 5160        usbehci - ok

14:04:47.0478 5160        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

14:04:47.0509 5160        usbhub - ok

14:04:47.0556 5160        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

14:04:47.0618 5160        usbohci - ok

14:04:47.0712 5160        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

14:04:47.0743 5160        usbprint - ok

14:04:47.0774 5160        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:04:47.0805 5160        USBSTOR - ok

14:04:47.0821 5160        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

14:04:47.0852 5160        usbuhci - ok

14:04:47.0883 5160        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

14:04:47.0915 5160        vga - ok

14:04:47.0930 5160        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

14:04:47.0993 5160        VgaSave - ok

14:04:48.0024 5160        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

14:04:48.0039 5160        viaagp - ok

14:04:48.0071 5160        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

14:04:48.0102 5160        ViaC7 - ok

14:04:48.0133 5160        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

14:04:48.0133 5160        viaide - ok

14:04:48.0180 5160        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

14:04:48.0195 5160        volmgr - ok

14:04:48.0258 5160        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

14:04:48.0273 5160        volmgrx - ok

14:04:48.0336 5160        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

14:04:48.0351 5160        volsnap - ok

14:04:48.0461 5160        vpnva           (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys

14:04:48.0461 5160        vpnva - ok

14:04:48.0523 5160        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

14:04:48.0539 5160        vsmraid - ok

14:04:48.0570 5160        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

14:04:48.0648 5160        WacomPen - ok

14:04:48.0663 5160        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:04:48.0710 5160        Wanarp - ok

14:04:48.0710 5160        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:04:48.0741 5160        Wanarpv6 - ok

14:04:48.0788 5160        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

14:04:48.0804 5160        Wd - ok

14:04:48.0851 5160        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

14:04:48.0929 5160        Wdf01000 - ok

14:04:49.0022 5160        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:04:49.0053 5160        WmiAcpi - ok

14:04:49.0116 5160        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

14:04:49.0163 5160        WpdUsb - ok

14:04:49.0194 5160        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

14:04:49.0225 5160        ws2ifsl - ok

14:04:49.0272 5160        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:04:49.0303 5160        WUDFRd - ok

14:04:49.0334 5160        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

14:04:49.0475 5160        \Device\Harddisk0\DR0 - ok

14:04:49.0475 5160        Boot (0x1200)   (1f1e5f5689d4a83e2ae1b28ab9052f27) \Device\Harddisk0\DR0\Partition0

14:04:49.0475 5160        \Device\Harddisk0\DR0\Partition0 - ok

14:04:49.0475 5160        ============================================================

14:04:49.0475 5160        Scan finished

14:04:49.0475 5160        ============================================================

14:04:49.0490 5456        Detected object count: 0

14:04:49.0490 5456        Actual detected object count: 0

scheint okay zu sein.

noch eine Beobachtung: als ich vorhin nach dem OTL-Fix den virenscanner wieder anschalten wollte, gab es eine Fehlermeldung das der Windows Hostprozess (Rundll32) nicht mehr funktioniert, als ich dazu auf den Icon des Windows-Sicherheitscenter in der Taskbar geklickt habe. Das ist aber nicht rekonstruierbar.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

okay, erledigt:

Code:

ComboFix 12-02-12.01 - LFZL 13.02.2012  14:29:59.1.2 - x86

Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2002.951 [GMT 1:00]

ausgeführt von:: c:\users\LFZL\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\Roaming

c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini

c:\users\LFZL\AppData\Local\assembly\tmp

c:\windows\system32\drivers\etc\lmhosts

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-13 bis 2012-02-13  ))))))))))))))))))))))))))))))

.

.

2012-02-13 13:35 . 2012-02-13 13:36        --------        d-----w-        c:\users\LFZL\AppData\Local\temp

2012-02-13 13:35 . 2012-02-13 13:35        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-13 12:36 . 2012-02-13 12:36        --------        d-----w-        C:\_OTL

2012-02-12 16:07 . 2012-02-12 16:07        --------        d-----w-        c:\program files\ESET

2012-02-12 15:10 . 2012-02-12 15:10        --------        d-----w-        c:\users\LFZL\AppData\Roaming\Malwarebytes

2012-02-12 15:10 . 2012-02-12 15:10        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-02-12 15:10 . 2012-02-12 15:10        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-12 15:10 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-11 23:18 . 2012-02-11 23:18        626688        ----a-w-        c:\program files\Mozilla Firefox\msvcr80.dll

2012-02-11 23:18 . 2012-02-11 23:18        548864        ----a-w-        c:\program files\Mozilla Firefox\msvcp80.dll

2012-02-11 23:18 . 2012-02-11 23:18        479232        ----a-w-        c:\program files\Mozilla Firefox\msvcm80.dll

2012-02-11 23:18 . 2012-02-11 23:18        45016        ----a-w-        c:\program files\Mozilla Firefox\mozutils.dll

2012-02-11 10:47 . 2012-02-11 10:47        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-10 10:01 . 2012-02-10 23:18        --------        d-----w-        c:\users\LFZL\AppData\Local\Microsoft Games

2012-02-10 09:23 . 2012-01-06 04:19        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F03F5E94-D43A-4D41-91BC-34574C706899}\mpengine.dll

2012-01-31 14:56 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\system32\schannel.dll

2012-01-31 14:56 . 2011-11-17 06:48        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-01-31 14:56 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\system32\winhttp.dll

2012-01-31 14:56 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll

2012-01-31 14:56 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll

2012-01-31 14:56 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe

2012-01-24 15:04 . 2011-10-14 16:03        189952        ----a-w-        c:\windows\system32\winmm.dll

2012-01-24 15:04 . 2011-10-14 16:00        23552        ----a-w-        c:\windows\system32\mciseq.dll

2012-01-24 15:04 . 2011-11-18 20:23        1205064        ----a-w-        c:\windows\system32\ntdll.dll

2012-01-24 15:04 . 2011-11-18 17:47        66560        ----a-w-        c:\windows\system32\packager.dll

2012-01-24 15:04 . 2011-11-25 15:59        376320        ----a-w-        c:\windows\system32\winsrv.dll

2012-01-24 15:04 . 2011-12-01 15:21        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2012-01-24 15:03 . 2011-10-25 15:58        1314816        ----a-w-        c:\windows\system32\quartz.dll

2012-01-24 15:03 . 2011-10-25 15:58        497152        ----a-w-        c:\windows\system32\qdvd.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-29 04:10 . 2009-10-16 13:55        237072        ------w-        c:\windows\system32\MpSigStub.exe

2011-11-23 13:37 . 2011-12-15 14:19        2043904        ----a-w-        c:\windows\system32\win32k.sys

2012-02-11 23:18 . 2011-12-05 08:19        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\LFZL\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\LFZL\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\LFZL\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-07 26211624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-08 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-08 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-08 145944]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-22 446563]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\LFZL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\LFZL\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AFS Credentials.lnk - c:\program files\OpenAFS\Client\Program\afscreds.exe [2011-3-29 114616]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-8-27 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AfsLogon]

2011-03-29 02:55        96184        ----a-w-        c:\program files\OpenAFS\Client\Program\afslogon.dll

.

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_60b78c9b\aestsrv.exe [2008-09-17 81920]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 79634856

*Deregistered* - 79634856

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-13 c:\windows\Tasks\FinalTorrent Update Checker.job

- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-11-23 14:24]

.

2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 15:53]

.

2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 15:53]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html

IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{1B7BF8A3-C2D4-4E44-9962-6B5AC4F559E1}: NameServer = 134.95.127.1

FF - ProfilePath - c:\users\LFZL\AppData\Roaming\Mozilla\Firefox\Profiles\ndz5z1ho.default\

FF - prefs.js: browser.startup.homepage - hxxps://klips.uni-koeln.de/

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-02-13 14:36

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(716)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Zeit der Fertigstellung: 2012-02-13  14:38:21

ComboFix-quarantined-files.txt  2012-02-13 13:38

.

Vor Suchlauf: 11 Verzeichnis(se), 61.223.534.592 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 61.053.681.664 Bytes frei

.

- - End Of File - - DC4162084CF74B537E570BA32D01D73D

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Hallo,

sorry, dass es so lange gedauert hat.

hier die logs:

GMER: (ich bin nicht sicher obs geklappt hat, das war so super schnell)

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-02-13 17:02:37

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS723212L9A362 rev.FCBOC30F

Running: m0p09gbd.exe; Driver: C:\Users\LFZL\AppData\Local\Temp\kwlirpod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT   8E82466E                                      ZwCreateSection

SSDT   8E824673                                      ZwSetContextThread

SSDT   8E82460F                                      ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text  ntkrnlpa.exe!KeSetEvent + 215                 828BC998 4 Bytes  [6E, 46, 82, 8E]

.text  ntkrnlpa.exe!KeSetEvent + 56D                 828BCCF0 4 Bytes  [73, 46, 82, 8E]

.text  ntkrnlpa.exe!KeSetEvent + 621                 828BCDA4 4 Bytes  [0F, 46, 82, 8E]

?      C:\Windows\system32\Drivers\PROCEXP113.SYS    Das System kann die angegebene Datei nicht finden. !

?      C:\Users\LFZL\AppData\Local\Temp\catchme.sys  Das System kann die angegebene Datei nicht finden. !
 

---- EOF - GMER 1.0.15 ----

OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 22:51:31 on 13.02.2012
 

OS: Windows Vista Home Basic Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 10.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"FinalTorrent Update Checker.job" - "Bitberry Software" - C:\Program Files\FinalTorrent\FTCheckForUpdates.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Adobe Version Cue CS4" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.cpl

"afs_cpa" - "OpenAFS Project" - C:\Program Files\OpenAFS\Client\Program\afs_cpa.cpl

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\LFZL\AppData\Local\Temp\catchme.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{DC515C27-6CAC-11D1-BAE7-00C04FD140D2} "AFS Client Shell Extension" - "OpenAFS Project" - C:\Program Files\OpenAFS\Client\Program\afs_shl_ext.dll

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\LFZL\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"AFS Credentials.lnk" - "OpenAFS Project" - C:\Program Files\OpenAFS\Client\Program\afscreds.exe  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Digital Line Detect.lnk" - "Avanquest Software " - C:\Program Files\Digital Line Detect\DLG.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

"Adobe Acrobat Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

"Adobe_ID0ENQBO" - "Adobe Systems Incorporated" - C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Network Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----

"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

"OpenAFSDaemon" - "OpenAFS Project" - C:\Program Files\OpenAFS\Client\Program\afslogon.dll
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Adobe Version Cue CS4" (Adobe Version Cue CS4) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

"AuthenTec Fingerprint Service" (ATService) - "AuthenTec, Inc." - C:\Program Files\Fingerprint Sensor\AtService.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"Google Update Service (gupdate1caf76b6d8e6ba0)" (gupdate1caf76b6d8e6ba0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"OpenAFS Client Service" (TransarcAFSDaemon) - "OpenAFS Project" - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"AfsLogon" - "OpenAFS Project" - C:\Program Files\OpenAFS\Client\Program\afslogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:

Code:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software

Run date: 2012-02-13 22:53:43

-----------------------------

22:53:43.255    OS Version: Windows 6.0.6002 Service Pack 2

22:53:43.255    Number of processors: 2 586 0x170A

22:53:43.263    ComputerName: LFZL-LAPTOP  UserName: LFZL

22:53:44.288    Initialize success

22:54:32.836    AVAST engine defs: 12021301

22:58:22.040    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

22:58:22.045    Disk 0 Vendor: Hitachi_HTS723212L9A362 FCBOC30F Size: 114473MB BusType: 3

22:58:22.073    Disk 0 MBR read successfully

22:58:22.078    Disk 0 MBR scan

22:58:22.089    Disk 0 Windows VISTA default MBR code

22:58:22.102    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       114471 MB offset 2048

22:58:22.117    Disk 0 scanning sectors +234438656

22:58:22.204    Disk 0 scanning C:\Windows\system32\drivers

22:58:43.572    Service scanning

22:58:45.016    Modules scanning

22:58:51.824    Disk 0 trace - called modules:

22:58:51.862    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 

22:58:51.867    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860d6350]

22:58:52.216    3 CLASSPNP.SYS[83bb28b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x859a8b98]

22:58:53.238    AVAST engine scan C:\Windows

22:59:00.459    AVAST engine scan C:\Windows\system32

23:02:58.254    AVAST engine scan C:\Windows\system32\drivers

23:03:15.406    AVAST engine scan C:\Users\LFZL

23:06:33.150    AVAST engine scan C:\ProgramData

23:07:33.865    Scan finished successfully

23:07:51.528    Disk 0 MBR has been saved successfully to "C:\Users\LFZL\Documents\MBR.dat"

23:07:51.534    The log file has been saved successfully to "C:\Users\LFZL\Documents\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

hier die scans:

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.13.05
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19170

LFZL :: LFZL-LAPTOP [Administrator]
 

Schutz: Aktiviert
 

14.02.2012 08:47:45

mbam-log-2012-02-14 (09-46-49).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 315957

Laufzeit: 58 Minute(n), 15 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\_OTL\MovedFiles\02132012_133631\C_Users\LFZL\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.Zbot.CBCGen) -> Keine Aktion durchgeführt.
 

(Ende)

ich hab hier keine aktion durchgeführt, da ich mir dachte, dass das nur der quarantäneordner von OTL ist, oder?

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 02/14/2012 at 02:20 AM
 

Application Version : 5.0.1144
 

Core Rules Database Version : 8233

Trace Rules Database Version: 6045
 

Scan type       : Complete Scan

Total Scan Time : 01:26:27
 

Operating System Information

Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Administrator
 

Memory items scanned      : 809

Memory threats detected   : 0

Registry items scanned    : 34131

Registry threats detected : 0

File items scanned        : 196841

File threats detected     : 445
 

Adware.Tracking Cookie

        C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\lfzl@adx.chip[1].txt [ /adx.chip ]

        C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\RVB5M12G.txt [ /content.yieldmanager.com ]

        C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\4F0P0PBA.txt [ /doubleclick.net ]

        C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\33M0R37J.txt [ /smartadserver.com ]

        C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\2IRFNH49.txt [ /ad.adperium.com ]

        C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\O5D0642P.txt [ /mediaplex.com ]

        C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\5ZU9VBBX.txt [ /atdmt.com ]

        C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\8OFIK1QR.txt [ /apmebf.com ]

        C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\2ZASMUR7.txt [ /ad.yieldmanager.com ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\3V43T3E1.txt [ Cookie:lfzl@clkads.com/adServe/banners ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\7O125ESC.txt [ Cookie:lfzl@clkads.com/adServe/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\lfzl@tracking.quisma[2].txt [ Cookie:lfzl@tracking.quisma.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LMX9RFQC.txt [ Cookie:lfzl@doubleclick.net/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\QC2J40QJ.txt [ Cookie:lfzl@zedo.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CLDX83Q9.txt [ Cookie:lfzl@adfarm1.adition.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\lfzl@tradedoubler[2].txt [ Cookie:lfzl@tradedoubler.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\T89YHFER.txt [ Cookie:lfzl@statcounter.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5JG18BFW.txt [ Cookie:lfzl@c.atdmt.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\lfzl@serving-sys[2].txt [ Cookie:lfzl@serving-sys.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\lfzl@mediaplex[1].txt [ Cookie:lfzl@mediaplex.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5NWVMF91.txt [ Cookie:lfzl@atdmt.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\lfzl@ad.zanox[2].txt [ Cookie:lfzl@ad.zanox.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OPF2JKSM.txt [ Cookie:lfzl@mmotraffic.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\lfzl@msnportal.112.2o7[1].txt [ Cookie:lfzl@msnportal.112.2o7.net/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\lfzl@ad1.adfarm1.adition[1].txt [ Cookie:lfzl@ad1.adfarm1.adition.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\30IXFSUX.txt [ Cookie:lfzl@ad.yieldmanager.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\lfzl@zanox[2].txt [ Cookie:lfzl@zanox.com/ ]

        C:\USERS\LFZL\AppData\Roaming\Microsoft\Windows\Cookies\Low\lfzl@adtech[1].txt [ Cookie:lfzl@adtech.de/ ]

        C:\USERS\LFZL\Cookies\RVB5M12G.txt [ Cookie:lfzl@content.yieldmanager.com/ ]

        C:\USERS\LFZL\Cookies\4F0P0PBA.txt [ Cookie:lfzl@doubleclick.net/ ]

        C:\USERS\LFZL\Cookies\33M0R37J.txt [ Cookie:lfzl@smartadserver.com/ ]

        C:\USERS\LFZL\Cookies\3V43T3E1.txt [ Cookie:lfzl@clkads.com/adServe/banners ]

        C:\USERS\LFZL\Cookies\lfzl@adx.chip[1].txt [ Cookie:lfzl@adx.chip.de/ ]

        C:\USERS\LFZL\Cookies\O5D0642P.txt [ Cookie:lfzl@mediaplex.com/ ]

        C:\USERS\LFZL\Cookies\5ZU9VBBX.txt [ Cookie:lfzl@atdmt.com/ ]

        C:\USERS\LFZL\Cookies\2ZASMUR7.txt [ Cookie:lfzl@ad.yieldmanager.com/ ]

        C:\USERS\LFZL\Cookies\7O125ESC.txt [ Cookie:lfzl@clkads.com/adServe/ ]

        C:\USERS\LFZL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LFZL@APMEBF[1].TXT [ /APMEBF ]

        C:\USERS\LFZL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LFZL@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]

        de.sitestat.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        rotator.adjuggler.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        rotator.adjuggler.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        adsrv.admediate.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        adsrv.admediate.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adviva.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .linuxquestions.org [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .linuxquestions.org [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .kontera.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .frontlinegmbh.122.2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .nike.112.2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adviva.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .allthemedia.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        www.allthemedia.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .msnportal.112.2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        stat.dealtime.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .shopping.112.2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        profiles.hitslink.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adinterax.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adinterax.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        stats.blogsport.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        postadserver.anschlusstor.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        tracking.bmbfcluster.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .rambler.ru [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .yadro.ru [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        adserver.itsfogo.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .xm.xtendmedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        adserver.traffictrack.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .uk.at.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .yieldmanager.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        user.lucidmedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ru4.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        webstats.ehrlich-werben.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .mcclatchy.112.2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .questionmarket.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .questionmarket.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .countomat.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        studivz.adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        studivz.adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .guj.122.2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        www.zanox-affiliate.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        www.druckdiscount24.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .druckdiscount24.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .druckdiscount24.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .druckdiscount24.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .amazon-adsystem.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .amazon-adsystem.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tracking.mindshare.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tacoda.at.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adbrite.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .lucidmedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adviva.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .legolas-media.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .legolas-media.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .legolas-media.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .nextag.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .nextag.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .statcounter.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .eaeacom.112.2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .unister-adservices.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .unister-adservices.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .at.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ar.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .c.atdmt.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .c.atdmt.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        pfa.rotator.hadj7.adjuggler.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        pfa.rotator.hadj7.adjuggler.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        pfa.rotator.hadj7.adjuggler.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        s08.flagcounter.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ads.pointroll.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .pointroll.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ads.pointroll.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.adserver01.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ads.saymedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ads.saymedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adserver.adtechus.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adbrite.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ru4.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .legolas-media.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adxpose.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .pointroll.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ads.pointroll.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ads.pointroll.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ads.pointroll.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ads.pointroll.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ads.pointroll.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ads.pointroll.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .questionmarket.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        openx.microsites.transcontinentalmedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .realmedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .realmedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .realmedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        network.realmedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ar.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .bs.serving-sys.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tacoda.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ads.gamersmedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ads.gamersmedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .myroitracking.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .clicksor.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .clicksor.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .clicksor.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.webtrekk.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad4.adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .ar.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tacoda.at.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tribalfusion.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        scdn.uc.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .at.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tacoda.at.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tacoda.at.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tacoda.at.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .tacoda.at.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .at.atwola.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adform.net [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .zanox-affiliate.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad1.adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad3.adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        ad2.adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LFZL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NDZ5Z1HO.DEFAULT\COOKIES.SQLITE ]
 

Trojan.Agent/Gen-SoftonicDownloader

        C:\USERS\LFZL\DOWNLOADS\SOFTONICDOWNLOADER_FUER_CDRTFE.EXE

damit sollte doch jetzt auch Softonic weg sein, oder?

Das ist ok. In C:\Qoobox bzw. C:\_OTL (Q-Ordner von CF und OTL) sind die Schädlinge isoliert und gut aufgehoben.
Der Rest ist nur Cookies, weg damit. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hallo,

okay, super.

System scheint in Ordnung, läuft wieder gut. Nur zwei Sachen sind mir aufgefallen:

Gestern hat bei mir zuhause das WLAN nicht funktioniert (und mit meinem anderen Laptop schon), angeblich war der Key falsch, bin mir aber sehr sicher, dass das nicht so ist. Da es jetzt im Büro aber funktioniert, würde ich vermuten, dass es doch an dem WLAN zuhause lag.
Außerdem ist gestern noch zwei Mal die Maus eingefroren (liegt nicht an der Maus, habs mit ner anderen probiert udn auch das Tuchpad hat nciht funktioniert). Ich habe dann die Tasksteuerung aufgerufen, ohne das ich dann da noch was gemacht habe funktionierte die Maus jedes Mal wieder.

Vielleicht ist das ja alles nicht so schlimm, heute funktioniert ja alles gut.

1000 dank dir auf jeden Fall für deine tolle Hilfe!!!:dankeschoen:

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

okay, das werde ich abarbeiten bzw. bin schon dabei. Der Leitfaden ist ja super!

Einzig die Sache mit der einfrierenden Maus bleibt immer noch. Kam dann heute Nachmittag doch noch einmal wieder..

Gruß
tanea

Hm, beobachte ob das nach der Updaterei immer noch so ist.
Hast du besondere Treiber für die Maus installiert? Wohl nicht oder? :wtf:
Notfalls mal sehen, ob du das auch im abgesicherten Modus hast bzw. auch über ein Live-System wie zB PartedMagic oder Knoppix

Zitat:

Zitat von cosinus (Beitrag 774042)

Hm, beobachte ob das nach der Updaterei immer noch so ist.

okay, werde ich machen. Falls es dann immer noch auftritt melde ich mich dann mal.

Zitat:

Zitat von cosinus (Beitrag 774042)

Hast du besondere Treiber für die Maus installiert? Wohl nicht oder? :wtf:

nö, nichts was sich nicht selbst installiert wenn man die Maus anschließt

vielen Dank dir auf jeden Fall nochmal!