Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Agent.VB.1624 und TR/Drop.Injector.filw

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.08.2012, 12:20   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.VB.1624 und TR/Drop.Injector.filw - Standard

TR/Agent.VB.1624 und TR/Drop.Injector.filw



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.08.2012, 13:28   #17
oliver56
 
TR/Agent.VB.1624 und TR/Drop.Injector.filw - Standard

TR/Agent.VB.1624 und TR/Drop.Injector.filw



Hallo Arne,

hier das Log vom TDSS Killer:
Code:
ATTFilter
14:21:36.0869 5940	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:21:36.0879 5940	============================================================
14:21:36.0879 5940	Current date / time: 2012/08/09 14:21:36.0879
14:21:36.0889 5940	SystemInfo:
14:21:36.0889 5940	
14:21:36.0889 5940	OS Version: 6.1.7601 ServicePack: 1.0
14:21:36.0889 5940	Product type: Workstation
14:21:36.0889 5940	ComputerName: ***-PC
14:21:36.0889 5940	UserName: ***
14:21:36.0889 5940	Windows directory: C:\Windows
14:21:36.0889 5940	System windows directory: C:\Windows
14:21:36.0889 5940	Running under WOW64
14:21:36.0889 5940	Processor architecture: Intel x64
14:21:36.0889 5940	Number of processors: 2
14:21:36.0889 5940	Page size: 0x1000
14:21:36.0889 5940	Boot type: Normal boot
14:21:36.0889 5940	============================================================
14:21:37.0409 5940	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:21:37.0409 5940	============================================================
14:21:37.0409 5940	\Device\Harddisk0\DR0:
14:21:37.0409 5940	MBR partitions:
14:21:37.0409 5940	\Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x13986
14:21:37.0409 5940	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
14:21:37.0409 5940	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
14:21:37.0409 5940	============================================================
14:21:37.0439 5940	C: <-> \Device\Harddisk0\DR0\Partition2
14:21:37.0439 5940	V: <-> \Device\Harddisk0\DR0\Partition0
14:21:37.0439 5940	============================================================
14:21:37.0439 5940	Initialize success
14:21:37.0439 5940	============================================================
14:22:18.0369 0888	============================================================
14:22:18.0369 0888	Scan started
14:22:18.0369 0888	Mode: Manual; SigCheck; TDLFS; 
14:22:18.0369 0888	============================================================
14:22:19.0659 0888	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:22:19.0769 0888	1394ohci - ok
14:22:19.0829 0888	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:22:19.0869 0888	ACPI - ok
14:22:19.0919 0888	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:22:19.0979 0888	AcpiPmi - ok
14:22:20.0169 0888	AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:22:20.0189 0888	AdobeFlashPlayerUpdateSvc - ok
14:22:20.0279 0888	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:22:20.0329 0888	adp94xx - ok
14:22:20.0399 0888	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:22:20.0459 0888	adpahci - ok
14:22:20.0509 0888	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:22:20.0539 0888	adpu320 - ok
14:22:20.0569 0888	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:22:20.0699 0888	AeLookupSvc - ok
14:22:20.0829 0888	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\AESTSr64.exe
14:22:20.0879 0888	AESTFilters - ok
14:22:20.0979 0888	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:22:21.0069 0888	AFD - ok
14:22:21.0129 0888	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:22:21.0159 0888	agp440 - ok
14:22:21.0779 0888	Akamai          (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
14:22:21.0779 0888	Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
14:22:21.0789 0888	Akamai ( HiddenFile.Multi.Generic ) - warning
14:22:21.0789 0888	Akamai - detected HiddenFile.Multi.Generic (1)
14:22:21.0929 0888	aksdf           (44f360b65c37a42eb5b71c2e5179fdd5) C:\Windows\system32\drivers\aksdf.sys
14:22:21.0979 0888	aksdf - ok
14:22:22.0019 0888	aksfridge       (43415af4f20e9867974623840a22fe98) C:\Windows\system32\drivers\aksfridge.sys
14:22:22.0039 0888	aksfridge - ok
14:22:22.0059 0888	akshasp         (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys
14:22:22.0099 0888	akshasp - ok
14:22:22.0129 0888	aksusb          (27f2e2c89a1855b063fcac21eb7d6a73) C:\Windows\system32\DRIVERS\aksusb.sys
14:22:22.0169 0888	aksusb - ok
14:22:22.0209 0888	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:22:22.0279 0888	ALG - ok
14:22:22.0329 0888	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:22:22.0359 0888	aliide - ok
14:22:22.0369 0888	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:22:22.0379 0888	amdide - ok
14:22:22.0409 0888	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:22:22.0439 0888	AmdK8 - ok
14:22:22.0459 0888	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:22:22.0489 0888	AmdPPM - ok
14:22:22.0499 0888	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:22:22.0519 0888	amdsata - ok
14:22:22.0549 0888	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:22:22.0569 0888	amdsbs - ok
14:22:22.0589 0888	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:22:22.0599 0888	amdxata - ok
14:22:22.0709 0888	AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:22:22.0729 0888	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
14:22:22.0729 0888	AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
14:22:22.0759 0888	AntiVirService  (b8720a787c1223492e6f319465e996ce) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:22:22.0799 0888	AntiVirService ( UnsignedFile.Multi.Generic ) - warning
14:22:22.0799 0888	AntiVirService - detected UnsignedFile.Multi.Generic (1)
14:22:22.0859 0888	ApfiltrService  (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:22:22.0899 0888	ApfiltrService - ok
14:22:22.0939 0888	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:22:23.0009 0888	AppID - ok
14:22:23.0039 0888	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:22:23.0069 0888	AppIDSvc - ok
14:22:23.0119 0888	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:22:23.0159 0888	Appinfo - ok
14:22:23.0289 0888	Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:22:23.0299 0888	Apple Mobile Device - ok
14:22:23.0359 0888	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:22:23.0429 0888	AppMgmt - ok
14:22:23.0469 0888	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:22:23.0489 0888	arc - ok
14:22:23.0509 0888	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:22:23.0529 0888	arcsas - ok
14:22:23.0649 0888	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:22:23.0669 0888	aspnet_state - ok
14:22:23.0699 0888	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:22:23.0759 0888	AsyncMac - ok
14:22:23.0799 0888	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:22:23.0819 0888	atapi - ok
14:22:23.0909 0888	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:22:23.0989 0888	AudioEndpointBuilder - ok
14:22:23.0999 0888	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:22:24.0039 0888	AudioSrv - ok
14:22:24.0059 0888	avgntflt        (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys
14:22:24.0079 0888	avgntflt - ok
14:22:24.0149 0888	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:22:24.0209 0888	AxInstSV - ok
14:22:24.0289 0888	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:22:24.0349 0888	b06bdrv - ok
14:22:24.0409 0888	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:22:24.0469 0888	b57nd60a - ok
14:22:24.0519 0888	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:22:24.0569 0888	BDESVC - ok
14:22:24.0589 0888	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:22:24.0659 0888	Beep - ok
14:22:24.0769 0888	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:22:24.0859 0888	BFE - ok
14:22:24.0949 0888	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:22:25.0039 0888	BITS - ok
14:22:25.0079 0888	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:22:25.0119 0888	blbdrive - ok
14:22:25.0149 0888	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:22:25.0189 0888	bowser - ok
14:22:25.0209 0888	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:22:25.0249 0888	BrFiltLo - ok
14:22:25.0259 0888	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:22:25.0279 0888	BrFiltUp - ok
14:22:25.0309 0888	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:22:25.0379 0888	Browser - ok
14:22:25.0409 0888	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:22:25.0459 0888	Brserid - ok
14:22:25.0529 0888	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:22:25.0569 0888	BrSerWdm - ok
14:22:25.0589 0888	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:22:25.0629 0888	BrUsbMdm - ok
14:22:25.0639 0888	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:22:25.0659 0888	BrUsbSer - ok
14:22:25.0709 0888	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:22:25.0769 0888	BthEnum - ok
14:22:25.0789 0888	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:22:25.0819 0888	BTHMODEM - ok
14:22:25.0849 0888	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:22:25.0899 0888	BthPan - ok
14:22:25.0979 0888	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:22:26.0059 0888	BTHPORT - ok
14:22:26.0099 0888	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:22:26.0159 0888	bthserv - ok
14:22:26.0179 0888	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:22:26.0219 0888	BTHUSB - ok
14:22:26.0239 0888	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:22:26.0309 0888	cdfs - ok
14:22:26.0339 0888	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:22:26.0349 0888	cdrom - ok
14:22:26.0389 0888	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:22:26.0459 0888	CertPropSvc - ok
14:22:26.0489 0888	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:22:26.0519 0888	circlass - ok
14:22:26.0569 0888	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:22:26.0599 0888	CLFS - ok
14:22:26.0709 0888	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:22:26.0729 0888	clr_optimization_v2.0.50727_32 - ok
14:22:26.0789 0888	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:22:26.0809 0888	clr_optimization_v2.0.50727_64 - ok
14:22:26.0889 0888	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:22:26.0929 0888	clr_optimization_v4.0.30319_32 - ok
14:22:26.0989 0888	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:22:27.0029 0888	clr_optimization_v4.0.30319_64 - ok
14:22:27.0049 0888	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:22:27.0079 0888	CmBatt - ok
14:22:27.0159 0888	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:22:27.0179 0888	cmdide - ok
14:22:27.0229 0888	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:22:27.0259 0888	CNG - ok
14:22:27.0289 0888	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:22:27.0299 0888	Compbatt - ok
14:22:27.0339 0888	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:22:27.0389 0888	CompositeBus - ok
14:22:27.0399 0888	COMSysApp - ok
14:22:27.0419 0888	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:22:27.0429 0888	crcdisk - ok
14:22:27.0479 0888	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:22:27.0529 0888	CryptSvc - ok
14:22:27.0619 0888	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:22:27.0709 0888	CSC - ok
14:22:27.0769 0888	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:22:27.0839 0888	CscService - ok
14:22:27.0939 0888	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
14:22:27.0969 0888	CVirtA - ok
14:22:28.0009 0888	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:22:28.0079 0888	DcomLaunch - ok
14:22:28.0119 0888	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:22:28.0199 0888	defragsvc - ok
14:22:28.0239 0888	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:22:28.0289 0888	DfsC - ok
14:22:28.0339 0888	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:22:28.0409 0888	Dhcp - ok
14:22:28.0439 0888	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:22:28.0469 0888	discache - ok
14:22:28.0509 0888	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:22:28.0519 0888	Disk - ok
14:22:28.0569 0888	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
14:22:28.0589 0888	DNE - ok
14:22:28.0659 0888	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:22:28.0709 0888	Dnscache - ok
14:22:28.0759 0888	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:22:28.0849 0888	dot3svc - ok
14:22:28.0889 0888	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:22:28.0939 0888	Dot4 - ok
14:22:28.0979 0888	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
14:22:29.0019 0888	Dot4Print - ok
14:22:29.0039 0888	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:22:29.0069 0888	dot4usb - ok
14:22:29.0109 0888	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:22:29.0169 0888	DPS - ok
14:22:29.0199 0888	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:22:29.0219 0888	drmkaud - ok
14:22:29.0329 0888	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:22:29.0369 0888	DXGKrnl - ok
14:22:29.0409 0888	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:22:29.0459 0888	EapHost - ok
14:22:29.0719 0888	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:22:29.0839 0888	ebdrv - ok
14:22:29.0959 0888	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:22:29.0999 0888	EFS - ok
14:22:30.0069 0888	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:22:30.0169 0888	ehRecvr - ok
14:22:30.0209 0888	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:22:30.0269 0888	ehSched - ok
14:22:30.0349 0888	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:22:30.0399 0888	elxstor - ok
14:22:30.0429 0888	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:22:30.0459 0888	ErrDev - ok
14:22:30.0529 0888	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:22:30.0609 0888	EventSystem - ok
14:22:30.0819 0888	EvtEng          (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:22:30.0889 0888	EvtEng - ok
14:22:31.0049 0888	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:22:31.0119 0888	exfat - ok
14:22:31.0209 0888	Fabs - ok
14:22:31.0239 0888	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:22:31.0319 0888	fastfat - ok
14:22:31.0429 0888	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:22:31.0509 0888	Fax - ok
14:22:31.0519 0888	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:22:31.0529 0888	fdc - ok
14:22:31.0549 0888	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:22:31.0599 0888	fdPHost - ok
14:22:31.0639 0888	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:22:31.0709 0888	FDResPub - ok
14:22:31.0739 0888	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:22:31.0749 0888	FileInfo - ok
14:22:31.0759 0888	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:22:31.0799 0888	Filetrace - ok
14:22:32.0089 0888	FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
14:22:32.0199 0888	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
14:22:32.0199 0888	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
14:22:32.0329 0888	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:22:32.0369 0888	flpydisk - ok
14:22:32.0509 0888	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:22:32.0539 0888	FltMgr - ok
14:22:32.0707 0888	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:22:32.0787 0888	FontCache - ok
14:22:32.0867 0888	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:22:32.0887 0888	FontCache3.0.0.0 - ok
14:22:32.0937 0888	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:22:32.0957 0888	FsDepends - ok
14:22:32.0997 0888	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:22:33.0017 0888	Fs_Rec - ok
14:22:33.0087 0888	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:22:33.0127 0888	fvevol - ok
14:22:33.0147 0888	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:22:33.0157 0888	gagp30kx - ok
14:22:33.0207 0888	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:22:33.0217 0888	GEARAspiWDM - ok
14:22:33.0297 0888	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:22:33.0387 0888	gpsvc - ok
14:22:33.0447 0888	hardlock        (d619ba1712b83d14149850e758b835ad) C:\Windows\system32\drivers\hardlock.sys
14:22:33.0487 0888	hardlock - ok
14:22:33.0487 0888	hasplms - ok
14:22:33.0507 0888	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:22:33.0557 0888	hcw85cir - ok
14:22:33.0617 0888	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:22:33.0657 0888	HDAudBus - ok
14:22:33.0667 0888	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:22:33.0697 0888	HidBatt - ok
14:22:33.0717 0888	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:22:33.0737 0888	HidBth - ok
14:22:33.0777 0888	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:22:33.0817 0888	HidIr - ok
14:22:33.0847 0888	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:22:33.0917 0888	hidserv - ok
14:22:33.0947 0888	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:22:33.0967 0888	HidUsb - ok
14:22:33.0997 0888	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:22:34.0077 0888	hkmsvc - ok
14:22:34.0117 0888	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:22:34.0187 0888	HomeGroupListener - ok
14:22:34.0227 0888	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:22:34.0257 0888	HomeGroupProvider - ok
14:22:34.0427 0888	hpqcxs08        (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:22:34.0437 0888	hpqcxs08 - ok
14:22:34.0487 0888	hpqddsvc        (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:22:34.0507 0888	hpqddsvc - ok
14:22:34.0607 0888	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:22:34.0627 0888	HpSAMD - ok
14:22:34.0727 0888	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:22:34.0857 0888	HTTP - ok
14:22:34.0907 0888	hwdatacard      (8f9b0fc4ec3a8194bd4cbc5ed3e7abeb) C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:22:34.0947 0888	hwdatacard - ok
14:22:34.0977 0888	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:22:34.0997 0888	hwpolicy - ok
14:22:35.0037 0888	hwusbdev        (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
14:22:35.0087 0888	hwusbdev - ok
14:22:35.0107 0888	hwusbfake - ok
14:22:35.0157 0888	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:22:35.0167 0888	i8042prt - ok
14:22:35.0227 0888	iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
14:22:35.0247 0888	iaStor - ok
14:22:35.0287 0888	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:22:35.0337 0888	iaStorV - ok
14:22:35.0487 0888	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:22:35.0567 0888	idsvc - ok
14:22:36.0327 0888	igfx            (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:22:36.0707 0888	igfx - ok
14:22:36.0867 0888	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:22:36.0881 0888	iirsp - ok
14:22:36.0973 0888	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:22:37.0073 0888	IKEEXT - ok
14:22:37.0113 0888	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:22:37.0123 0888	intelide - ok
14:22:37.0143 0888	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:22:37.0173 0888	intelppm - ok
14:22:37.0213 0888	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:22:37.0263 0888	IPBusEnum - ok
14:22:37.0303 0888	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:22:37.0363 0888	IpFilterDriver - ok
14:22:37.0403 0888	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:22:37.0493 0888	iphlpsvc - ok
14:22:37.0513 0888	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:22:37.0533 0888	IPMIDRV - ok
14:22:37.0553 0888	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:22:37.0613 0888	IPNAT - ok
14:22:37.0773 0888	iPod Service    (e94503089df8976f5c4c9d5168e9765f) C:\Program Files\iPod\bin\iPodService.exe
14:22:37.0813 0888	iPod Service - ok
14:22:37.0833 0888	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:22:37.0863 0888	IRENUM - ok
14:22:37.0873 0888	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:22:37.0893 0888	isapnp - ok
14:22:37.0923 0888	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:22:37.0963 0888	iScsiPrt - ok
14:22:37.0983 0888	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:22:37.0993 0888	kbdclass - ok
14:22:38.0023 0888	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:22:38.0053 0888	kbdhid - ok
14:22:38.0083 0888	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:22:38.0103 0888	KeyIso - ok
14:22:38.0143 0888	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:22:38.0173 0888	KSecDD - ok
14:22:38.0183 0888	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:22:38.0203 0888	KSecPkg - ok
14:22:38.0213 0888	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:22:38.0273 0888	ksthunk - ok
14:22:38.0383 0888	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:22:38.0443 0888	KtmRm - ok
14:22:38.0483 0888	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:22:38.0563 0888	LanmanServer - ok
14:22:38.0593 0888	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:22:38.0663 0888	LanmanWorkstation - ok
14:22:38.0703 0888	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:22:38.0753 0888	lltdio - ok
14:22:38.0793 0888	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:22:38.0873 0888	lltdsvc - ok
14:22:38.0893 0888	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:22:38.0933 0888	lmhosts - ok
14:22:38.0973 0888	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:22:38.0993 0888	LSI_FC - ok
14:22:39.0013 0888	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:22:39.0033 0888	LSI_SAS - ok
14:22:39.0053 0888	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:22:39.0063 0888	LSI_SAS2 - ok
14:22:39.0083 0888	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:22:39.0103 0888	LSI_SCSI - ok
14:22:39.0133 0888	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:22:39.0203 0888	luafv - ok
14:22:39.0343 0888	M4-Service      (f1d72877fa97d617be70aefb3a30cd91) C:\Users\Oliver Grober\Downloads\M4-Service.exe
14:22:39.0363 0888	M4-Service - ok
14:22:39.0403 0888	massfilter      (23488767cb18fc3ff39e3af1db3fb02c) C:\Windows\system32\drivers\massfilter.sys
14:22:39.0443 0888	massfilter - ok
14:22:39.0483 0888	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:22:39.0533 0888	Mcx2Svc - ok
14:22:39.0553 0888	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:22:39.0563 0888	megasas - ok
14:22:39.0603 0888	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:22:39.0643 0888	MegaSR - ok
14:22:39.0753 0888	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:22:39.0773 0888	Microsoft Office Groove Audit Service - ok
14:22:39.0803 0888	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:22:39.0843 0888	MMCSS - ok
14:22:39.0853 0888	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:22:39.0923 0888	Modem - ok
14:22:39.0933 0888	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:22:39.0963 0888	monitor - ok
14:22:40.0013 0888	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:22:40.0043 0888	mouclass - ok
14:22:40.0063 0888	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:22:40.0083 0888	mouhid - ok
14:22:40.0123 0888	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:22:40.0143 0888	mountmgr - ok
14:22:40.0233 0888	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:22:40.0263 0888	MozillaMaintenance - ok
14:22:40.0303 0888	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:22:40.0313 0888	mpio - ok
14:22:40.0333 0888	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:22:40.0373 0888	mpsdrv - ok
14:22:40.0443 0888	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:22:40.0533 0888	MpsSvc - ok
14:22:40.0583 0888	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:22:40.0643 0888	MRxDAV - ok
14:22:40.0673 0888	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:22:40.0743 0888	mrxsmb - ok
14:22:40.0793 0888	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:22:40.0843 0888	mrxsmb10 - ok
14:22:40.0863 0888	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:22:40.0883 0888	mrxsmb20 - ok
14:22:40.0923 0888	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:22:40.0933 0888	msahci - ok
14:22:40.0953 0888	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:22:40.0963 0888	msdsm - ok
14:22:40.0993 0888	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:22:41.0023 0888	MSDTC - ok
14:22:41.0053 0888	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:22:41.0093 0888	Msfs - ok
14:22:41.0103 0888	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:22:41.0153 0888	mshidkmdf - ok
14:22:41.0173 0888	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:22:41.0183 0888	msisadrv - ok
14:22:41.0223 0888	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:22:41.0283 0888	MSiSCSI - ok
14:22:41.0283 0888	msiserver - ok
14:22:41.0313 0888	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:22:41.0363 0888	MSKSSRV - ok
14:22:41.0373 0888	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:22:41.0433 0888	MSPCLOCK - ok
14:22:41.0443 0888	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:22:41.0503 0888	MSPQM - ok
14:22:41.0543 0888	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:22:41.0583 0888	MsRPC - ok
14:22:41.0603 0888	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:22:41.0613 0888	mssmbios - ok
14:22:41.0633 0888	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:22:41.0693 0888	MSTEE - ok
14:22:41.0713 0888	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:22:41.0733 0888	MTConfig - ok
14:22:41.0743 0888	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:22:41.0753 0888	Mup - ok
14:22:41.0843 0888	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:22:41.0933 0888	napagent - ok
14:22:41.0983 0888	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:22:42.0043 0888	NativeWifiP - ok
14:22:42.0143 0888	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:22:42.0193 0888	NDIS - ok
14:22:42.0203 0888	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:22:42.0243 0888	NdisCap - ok
14:22:42.0273 0888	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:22:42.0323 0888	NdisTapi - ok
14:22:42.0353 0888	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:22:42.0413 0888	Ndisuio - ok
14:22:42.0443 0888	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:22:42.0503 0888	NdisWan - ok
14:22:42.0533 0888	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:22:42.0603 0888	NDProxy - ok
14:22:42.0703 0888	Net Driver HPZ12 (d4f51e88c71bf8f06ea1be320b0bb75b) C:\Windows\system32\HPZinw12.dll
14:22:42.0713 0888	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:22:42.0713 0888	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:22:42.0753 0888	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:22:42.0823 0888	NetBIOS - ok
14:22:42.0863 0888	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:22:42.0923 0888	NetBT - ok
14:22:42.0963 0888	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:22:42.0973 0888	Netlogon - ok
14:22:43.0043 0888	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:22:43.0123 0888	Netman - ok
14:22:43.0263 0888	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:43.0293 0888	NetMsmqActivator - ok
14:22:43.0293 0888	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:43.0303 0888	NetPipeActivator - ok
14:22:43.0343 0888	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:22:43.0433 0888	netprofm - ok
14:22:43.0433 0888	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:43.0443 0888	NetTcpActivator - ok
14:22:43.0453 0888	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:43.0463 0888	NetTcpPortSharing - ok
14:22:44.0173 0888	NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
14:22:44.0398 0888	NETw5s64 - ok
14:22:44.0971 0888	NETw5v64        (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\NETw5v64.sys
14:22:45.0161 0888	NETw5v64 ( UnsignedFile.Multi.Generic ) - warning
14:22:45.0161 0888	NETw5v64 - detected UnsignedFile.Multi.Generic (1)
14:22:45.0271 0888	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:22:45.0301 0888	nfrd960 - ok
14:22:45.0361 0888	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:22:45.0421 0888	NlaSvc - ok
14:22:45.0441 0888	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:22:45.0471 0888	Npfs - ok
14:22:45.0501 0888	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:22:45.0551 0888	nsi - ok
14:22:45.0561 0888	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:22:45.0621 0888	nsiproxy - ok
14:22:45.0801 0888	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:22:45.0871 0888	Ntfs - ok
14:22:45.0951 0888	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:22:46.0021 0888	Null - ok
14:22:46.0051 0888	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:22:46.0071 0888	nvraid - ok
14:22:46.0111 0888	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:22:46.0151 0888	nvstor - ok
14:22:46.0181 0888	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:22:46.0191 0888	nv_agp - ok
14:22:46.0241 0888	O2FLASH         (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
14:22:46.0281 0888	O2FLASH - ok
14:22:46.0301 0888	O2MDGRDR        (1b2e099223f16aab166e9602f7a5ecd4) C:\Windows\system32\DRIVERS\o2mdgx64.sys
14:22:46.0311 0888	O2MDGRDR - ok
14:22:46.0331 0888	O2SDGRDR        (4c9c52d9f4ea5579ff70123004b9fd06) C:\Windows\system32\DRIVERS\o2sdgx64.sys
14:22:46.0341 0888	O2SDGRDR - ok
14:22:46.0471 0888	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:22:46.0501 0888	odserv - ok
14:22:46.0551 0888	OEM13Vfx        (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM13Vfx.sys
14:22:46.0581 0888	OEM13Vfx - ok
14:22:46.0631 0888	OEM13Vid        (10da4a1271f9790bcad5150f5d861655) C:\Windows\system32\DRIVERS\OEM13Vid.sys
14:22:46.0681 0888	OEM13Vid - ok
14:22:46.0721 0888	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:22:46.0761 0888	ohci1394 - ok
14:22:46.0811 0888	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:22:46.0831 0888	ose - ok
14:22:46.0881 0888	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:22:46.0951 0888	p2pimsvc - ok
14:22:46.0991 0888	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:22:47.0031 0888	p2psvc - ok
14:22:47.0061 0888	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:22:47.0091 0888	Parport - ok
14:22:47.0121 0888	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:22:47.0141 0888	partmgr - ok
14:22:47.0171 0888	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:22:47.0201 0888	PcaSvc - ok
14:22:47.0241 0888	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:22:47.0281 0888	pci - ok
14:22:47.0291 0888	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:22:47.0311 0888	pciide - ok
14:22:47.0341 0888	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:22:47.0371 0888	pcmcia - ok
14:22:47.0391 0888	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:22:47.0401 0888	pcw - ok
14:22:47.0451 0888	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:22:47.0521 0888	PEAUTH - ok
14:22:47.0631 0888	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:22:47.0721 0888	PeerDistSvc - ok
14:22:47.0811 0888	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:22:47.0851 0888	PerfHost - ok
14:22:48.0091 0888	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:22:48.0201 0888	pla - ok
14:22:48.0271 0888	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:22:48.0331 0888	PlugPlay - ok
14:22:48.0391 0888	Pml Driver HPZ12 (9a80707d8b6c1806531bfd7399b3cc76) C:\Windows\system32\HPZipm12.dll
14:22:48.0411 0888	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:22:48.0411 0888	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:22:48.0441 0888	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:22:48.0461 0888	PNRPAutoReg - ok
14:22:48.0491 0888	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:22:48.0501 0888	PNRPsvc - ok
14:22:48.0541 0888	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:22:48.0601 0888	PolicyAgent - ok
14:22:48.0641 0888	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:22:48.0721 0888	Power - ok
14:22:48.0791 0888	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:22:48.0871 0888	PptpMiniport - ok
14:22:48.0901 0888	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:22:48.0941 0888	Processor - ok
14:22:49.0011 0888	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:22:49.0081 0888	ProfSvc - ok
14:22:49.0111 0888	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:22:49.0121 0888	ProtectedStorage - ok
14:22:49.0181 0888	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:22:49.0231 0888	Psched - ok
14:22:49.0281 0888	qcusbser        (559ae75cc39b3240ed860c405bdff6b2) C:\Windows\system32\DRIVERS\qcusbser.sys
14:22:49.0311 0888	qcusbser - ok
14:22:49.0451 0888	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:22:49.0511 0888	ql2300 - ok
14:22:49.0641 0888	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:22:49.0671 0888	ql40xx - ok
14:22:49.0711 0888	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:22:49.0761 0888	QWAVE - ok
14:22:49.0771 0888	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:22:49.0781 0888	QWAVEdrv - ok
14:22:49.0801 0888	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:22:49.0851 0888	RasAcd - ok
14:22:49.0891 0888	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:22:49.0921 0888	RasAgileVpn - ok
14:22:49.0941 0888	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:22:49.0981 0888	RasAuto - ok
14:22:50.0021 0888	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:22:50.0091 0888	Rasl2tp - ok
14:22:50.0131 0888	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:22:50.0191 0888	RasMan - ok
14:22:50.0211 0888	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:22:50.0281 0888	RasPppoe - ok
14:22:50.0311 0888	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:22:50.0371 0888	RasSstp - ok
14:22:50.0401 0888	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:22:50.0491 0888	rdbss - ok
14:22:50.0511 0888	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:22:50.0521 0888	rdpbus - ok
14:22:50.0541 0888	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:22:50.0581 0888	RDPCDD - ok
14:22:50.0621 0888	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:22:50.0661 0888	RDPDR - ok
14:22:50.0671 0888	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:22:50.0721 0888	RDPENCDD - ok
14:22:50.0741 0888	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:22:50.0771 0888	RDPREFMP - ok
14:22:50.0831 0888	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:22:50.0901 0888	RDPWD - ok
14:22:50.0961 0888	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:22:51.0001 0888	rdyboost - ok
14:22:51.0141 0888	RegSrvc         (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:22:51.0191 0888	RegSrvc - ok
14:22:51.0211 0888	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:22:51.0291 0888	RemoteAccess - ok
14:22:51.0321 0888	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:22:51.0391 0888	RemoteRegistry - ok
14:22:51.0461 0888	RetroExpLauncher (2f2cdc75e2d00d47a59051e6b86d9cd3) C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\retrorun.exe
14:22:51.0471 0888	RetroExpLauncher - ok
14:22:51.0551 0888	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:22:51.0601 0888	RFCOMM - ok
14:22:51.0631 0888	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:22:51.0691 0888	RpcEptMapper - ok
14:22:51.0721 0888	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:22:51.0741 0888	RpcLocator - ok
14:22:51.0811 0888	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:22:51.0851 0888	RpcSs - ok
14:22:51.0891 0888	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:22:51.0951 0888	rspndr - ok
14:22:52.0001 0888	RTL8167         (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:22:52.0061 0888	RTL8167 - ok
14:22:52.0091 0888	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:22:52.0111 0888	s3cap - ok
14:22:52.0141 0888	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:22:52.0161 0888	SamSs - ok
14:22:52.0241 0888	Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\Windows\System32\SUPDSvc.exe
14:22:52.0261 0888	Samsung UPD Service - ok
14:22:52.0291 0888	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:22:52.0301 0888	sbp2port - ok
14:22:52.0341 0888	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:22:52.0411 0888	SCardSvr - ok
14:22:52.0441 0888	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:22:52.0501 0888	scfilter - ok
14:22:52.0621 0888	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:22:52.0701 0888	Schedule - ok
14:22:52.0741 0888	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:22:52.0771 0888	SCPolicySvc - ok
14:22:52.0811 0888	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:22:52.0851 0888	SDRSVC - ok
14:22:52.0901 0888	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:22:52.0981 0888	secdrv - ok
14:22:53.0011 0888	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:22:53.0071 0888	seclogon - ok
14:22:53.0101 0888	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:22:53.0161 0888	SENS - ok
14:22:53.0181 0888	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:22:53.0211 0888	SensrSvc - ok
14:22:53.0221 0888	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:22:53.0231 0888	Serenum - ok
14:22:53.0251 0888	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:22:53.0271 0888	Serial - ok
14:22:53.0311 0888	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:22:53.0331 0888	sermouse - ok
14:22:53.0371 0888	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:22:53.0431 0888	SessionEnv - ok
14:22:53.0461 0888	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:22:53.0501 0888	sffdisk - ok
14:22:53.0511 0888	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:22:53.0551 0888	sffp_mmc - ok
14:22:53.0571 0888	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:22:53.0591 0888	sffp_sd - ok
14:22:53.0611 0888	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:22:53.0621 0888	sfloppy - ok
14:22:53.0681 0888	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:22:53.0761 0888	SharedAccess - ok
14:22:53.0821 0888	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:22:53.0871 0888	ShellHWDetection - ok
14:22:53.0891 0888	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:22:53.0911 0888	SiSRaid2 - ok
14:22:53.0931 0888	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:22:53.0941 0888	SiSRaid4 - ok
14:22:53.0971 0888	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:22:54.0001 0888	Smb - ok
14:22:54.0041 0888	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:22:54.0061 0888	SNMPTRAP - ok
14:22:54.0081 0888	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:22:54.0101 0888	spldr - ok
14:22:54.0141 0888	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:22:54.0211 0888	Spooler - ok
14:22:54.0561 0888	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:22:54.0741 0888	sppsvc - ok
14:22:54.0861 0888	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:22:54.0931 0888	sppuinotify - ok
14:22:55.0021 0888	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:22:55.0091 0888	srv - ok
14:22:55.0151 0888	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:22:55.0201 0888	srv2 - ok
14:22:55.0231 0888	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:22:55.0261 0888	srvnet - ok
14:22:55.0301 0888	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:22:55.0351 0888	SSDPSRV - ok
14:22:55.0371 0888	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:22:55.0411 0888	SstpSvc - ok
14:22:55.0551 0888	STacSV          (c24310d67140e18526396fb3bbaa91c6) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\STacSV64.exe
14:22:55.0591 0888	STacSV - ok
14:22:55.0611 0888	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:22:55.0631 0888	stexstor - ok
14:22:55.0681 0888	STHDA           (c79f5cbc47b19a068d8936df8332e3e6) C:\Windows\system32\DRIVERS\stwrt64.sys
14:22:55.0721 0888	STHDA - ok
14:22:55.0801 0888	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:22:55.0851 0888	stisvc - ok
14:22:55.0891 0888	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:22:55.0901 0888	storflt - ok
14:22:55.0921 0888	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
14:22:55.0961 0888	StorSvc - ok
14:22:55.0981 0888	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:22:56.0001 0888	storvsc - ok
14:22:56.0011 0888	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:22:56.0021 0888	swenum - ok
14:22:56.0091 0888	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:22:56.0161 0888	swprv - ok
14:22:56.0351 0888	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:22:56.0451 0888	SysMain - ok
14:22:56.0591 0888	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:22:56.0611 0888	TabletInputService - ok
14:22:56.0641 0888	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:22:56.0721 0888	TapiSrv - ok
14:22:56.0751 0888	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:22:56.0791 0888	TBS - ok
14:22:57.0011 0888	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:22:57.0091 0888	Tcpip - ok
14:22:57.0271 0888	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:22:57.0311 0888	TCPIP6 - ok
14:22:57.0391 0888	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:22:57.0441 0888	tcpipreg - ok
14:22:57.0481 0888	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:22:57.0501 0888	TDPIPE - ok
14:22:57.0531 0888	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:22:57.0571 0888	TDTCP - ok
14:22:57.0621 0888	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:22:57.0681 0888	tdx - ok
14:22:57.0711 0888	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:22:57.0721 0888	TermDD - ok
14:22:57.0761 0888	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:22:57.0861 0888	TermService - ok
14:22:57.0891 0888	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:22:57.0921 0888	Themes - ok
14:22:57.0951 0888	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:22:57.0981 0888	THREADORDER - ok
14:22:58.0001 0888	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:22:58.0061 0888	TrkWks - ok
14:22:58.0131 0888	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:22:58.0181 0888	TrustedInstaller - ok
14:22:58.0211 0888	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:22:58.0281 0888	tssecsrv - ok
14:22:58.0351 0888	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:22:58.0381 0888	TsUsbFlt - ok
14:22:58.0441 0888	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:22:58.0501 0888	tunnel - ok
14:22:58.0541 0888	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:22:58.0551 0888	uagp35 - ok
14:22:58.0611 0888	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:22:58.0671 0888	udfs - ok
14:22:58.0761 0888	UI Assistant Service (ec23505f255d0da9230a3237ef5839ad) C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
14:22:58.0771 0888	UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
14:22:58.0771 0888	UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
14:22:58.0801 0888	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:22:58.0831 0888	UI0Detect - ok
14:22:58.0871 0888	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:22:58.0891 0888	uliagpkx - ok
14:22:58.0921 0888	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:22:58.0941 0888	umbus - ok
14:22:58.0951 0888	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:22:58.0971 0888	UmPass - ok
14:22:59.0021 0888	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:22:59.0051 0888	UmRdpService - ok
14:22:59.0081 0888	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:22:59.0161 0888	upnphost - ok
14:22:59.0221 0888	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:22:59.0261 0888	usbaudio - ok
14:22:59.0281 0888	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:22:59.0311 0888	usbccgp - ok
14:22:59.0361 0888	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:22:59.0391 0888	usbcir - ok
14:22:59.0411 0888	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:22:59.0431 0888	usbehci - ok
14:22:59.0461 0888	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:22:59.0521 0888	usbhub - ok
14:22:59.0551 0888	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:22:59.0581 0888	usbohci - ok
14:22:59.0621 0888	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:22:59.0661 0888	usbprint - ok
14:22:59.0691 0888	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:22:59.0721 0888	usbscan - ok
14:22:59.0781 0888	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:22:59.0831 0888	USBSTOR - ok
14:22:59.0861 0888	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:22:59.0891 0888	usbuhci - ok
14:22:59.0941 0888	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:22:59.0981 0888	usbvideo - ok
14:23:00.0011 0888	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:23:00.0061 0888	UxSms - ok
14:23:00.0081 0888	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:23:00.0091 0888	VaultSvc - ok
14:23:00.0111 0888	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:23:00.0121 0888	vdrvroot - ok
14:23:00.0201 0888	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:23:00.0261 0888	vds - ok
14:23:00.0291 0888	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:23:00.0311 0888	vga - ok
14:23:00.0321 0888	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:23:00.0381 0888	VgaSave - ok
14:23:00.0411 0888	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:23:00.0431 0888	vhdmp - ok
14:23:00.0461 0888	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:23:00.0491 0888	viaide - ok
14:23:00.0521 0888	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:23:00.0551 0888	vmbus - ok
14:23:00.0571 0888	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:23:00.0591 0888	VMBusHID - ok
14:23:00.0621 0888	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:23:00.0631 0888	volmgr - ok
14:23:00.0681 0888	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:23:00.0701 0888	volmgrx - ok
14:23:00.0731 0888	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:23:00.0771 0888	volsnap - ok
14:23:00.0781 0888	vpnva - ok
14:23:00.0801 0888	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:23:00.0821 0888	vsmraid - ok
14:23:00.0981 0888	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:23:01.0081 0888	VSS - ok
14:23:01.0211 0888	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:23:01.0251 0888	vwifibus - ok
14:23:01.0271 0888	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:23:01.0321 0888	vwififlt - ok
14:23:01.0341 0888	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:23:01.0371 0888	vwifimp - ok
14:23:01.0411 0888	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:23:01.0471 0888	W32Time - ok
14:23:01.0491 0888	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:23:01.0511 0888	WacomPen - ok
14:23:01.0561 0888	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:23:01.0621 0888	WANARP - ok
14:23:01.0641 0888	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:23:01.0671 0888	Wanarpv6 - ok
14:23:01.0821 0888	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:23:01.0891 0888	WatAdminSvc - ok
14:23:02.0051 0888	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:23:02.0121 0888	wbengine - ok
14:23:02.0251 0888	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:23:02.0291 0888	WbioSrvc - ok
14:23:02.0361 0888	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:23:02.0411 0888	wcncsvc - ok
14:23:02.0431 0888	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:23:02.0461 0888	WcsPlugInService - ok
14:23:02.0491 0888	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:23:02.0511 0888	Wd - ok
14:23:02.0561 0888	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:23:02.0621 0888	Wdf01000 - ok
14:23:02.0631 0888	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:23:02.0741 0888	WdiServiceHost - ok
14:23:02.0741 0888	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:23:02.0761 0888	WdiSystemHost - ok
14:23:02.0811 0888	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:23:02.0861 0888	WebClient - ok
14:23:02.0891 0888	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:23:02.0971 0888	Wecsvc - ok
14:23:02.0991 0888	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:23:03.0051 0888	wercplsupport - ok
14:23:03.0071 0888	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:23:03.0141 0888	WerSvc - ok
14:23:03.0201 0888	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:23:03.0241 0888	WfpLwf - ok
14:23:03.0261 0888	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:23:03.0271 0888	WIMMount - ok
14:23:03.0301 0888	WinDefend - ok
14:23:03.0311 0888	WinHttpAutoProxySvc - ok
14:23:03.0371 0888	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:23:03.0431 0888	Winmgmt - ok
14:23:03.0651 0888	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:23:03.0741 0888	WinRM - ok
14:23:03.0921 0888	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:23:03.0981 0888	Wlansvc - ok
14:23:04.0251 0888	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:23:04.0331 0888	wlidsvc - ok
14:23:04.0441 0888	WMCoreService   (b8f37c769f466ebfda2fb848516ea804) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
14:23:04.0451 0888	WMCoreService ( UnsignedFile.Multi.Generic ) - warning
14:23:04.0451 0888	WMCoreService - detected UnsignedFile.Multi.Generic (1)
14:23:04.0561 0888	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:23:04.0601 0888	WmiAcpi - ok
14:23:04.0671 0888	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:23:04.0721 0888	wmiApSrv - ok
14:23:04.0751 0888	WMPNetworkSvc - ok
14:23:04.0771 0888	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:23:04.0811 0888	WPCSvc - ok
14:23:04.0851 0888	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:23:04.0871 0888	WPDBusEnum - ok
14:23:04.0901 0888	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:23:04.0951 0888	ws2ifsl - ok
14:23:04.0971 0888	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:23:05.0001 0888	wscsvc - ok
14:23:05.0001 0888	WSearch - ok
14:23:05.0031 0888	WTGService - ok
14:23:05.0291 0888	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:23:05.0391 0888	wuauserv - ok
14:23:05.0551 0888	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:23:05.0631 0888	WudfPf - ok
14:23:05.0671 0888	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:23:05.0731 0888	WUDFRd - ok
14:23:05.0761 0888	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:23:05.0791 0888	wudfsvc - ok
14:23:05.0831 0888	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:23:05.0891 0888	WwanSvc - ok
14:23:05.0941 0888	ZTEusbmdm6k     (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
14:23:05.0991 0888	ZTEusbmdm6k - ok
14:23:06.0011 0888	ZTEusbnmea      (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
14:23:06.0031 0888	ZTEusbnmea - ok
14:23:06.0051 0888	ZTEusbser6k     (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
14:23:06.0061 0888	ZTEusbser6k - ok
14:23:06.0121 0888	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:23:06.0651 0888	\Device\Harddisk0\DR0 - ok
14:23:06.0661 0888	Boot (0x1200)   (1eebb9bec2bb6b030068e0b0dcf56008) \Device\Harddisk0\DR0\Partition0
14:23:06.0661 0888	\Device\Harddisk0\DR0\Partition0 - ok
14:23:06.0671 0888	Boot (0x1200)   (2772750ffa27b1d60edaec0b1032891e) \Device\Harddisk0\DR0\Partition1
14:23:06.0671 0888	\Device\Harddisk0\DR0\Partition1 - ok
14:23:06.0701 0888	Boot (0x1200)   (7fb0223393fb5427ad02fee12f1eef54) \Device\Harddisk0\DR0\Partition2
14:23:06.0701 0888	\Device\Harddisk0\DR0\Partition2 - ok
14:23:06.0701 0888	============================================================
14:23:06.0701 0888	Scan finished
14:23:06.0701 0888	============================================================
14:23:06.0721 5992	Detected object count: 9
14:23:06.0721 5992	Actual detected object count: 9
14:23:51.0511 5992	Akamai ( HiddenFile.Multi.Generic ) - skipped by user
14:23:51.0511 5992	Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
14:23:51.0521 5992	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:51.0521 5992	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:23:51.0521 5992	AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:51.0521 5992	AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:23:51.0521 5992	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:51.0521 5992	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:23:51.0521 5992	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:51.0521 5992	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:23:51.0531 5992	NETw5v64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:51.0531 5992	NETw5v64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:23:51.0531 5992	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:51.0531 5992	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:23:51.0531 5992	UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:51.0531 5992	UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:23:51.0531 5992	WMCoreService ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:51.0531 5992	WMCoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Nochmals vielen Dank und Gruß

Oliver
__________________


Alt 10.08.2012, 12:37   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.VB.1624 und TR/Drop.Injector.filw - Standard

TR/Agent.VB.1624 und TR/Drop.Injector.filw



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
__________________

Alt 13.08.2012, 08:13   #19
oliver56
 
TR/Agent.VB.1624 und TR/Drop.Injector.filw - Standard

TR/Agent.VB.1624 und TR/Drop.Injector.filw



Hallo Arne,

hier das Log von ComboFix. Nach Updates wurde nicht gefragt und es sind auch noch keine Fehlermeldungen aufgetreten.

Code:
ATTFilter
ComboFix 12-08-10.02 - *** 13.08.2012   8:43.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4057.2551 [GMT 2:00]
ausgeführt von:: c:\desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-13 bis 2012-08-13  ))))))))))))))))))))))))))))))
.
.
2012-08-13 06:52 . 2012-08-13 06:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-13 06:52 . 2012-08-13 06:52	--------	d-----w-	c:\users\***-Team\AppData\Local\temp
2012-08-13 06:50 . 2012-08-13 06:50	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB7A1064-21C0-4183-9AA0-C6B41FC887A0}\offreg.dll
2012-08-10 08:47 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB7A1064-21C0-4183-9AA0-C6B41FC887A0}\mpengine.dll
2012-08-08 13:19 . 2012-08-08 13:19	--------	d-----w-	C:\_OTL
2012-07-31 09:41 . 2012-07-31 09:41	--------	d-----w-	c:\program files (x86)\ESET
2012-07-31 08:13 . 2012-07-31 08:13	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-07-31 08:13 . 2012-07-31 08:13	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-31 08:13 . 2012-07-31 08:13	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-31 08:13 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-26 01:10 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 13:49 . 2011-04-13 15:27	89680	----a-w-	c:\users\***\MSSSerif120.fon
2012-08-04 13:23 . 2012-07-04 14:30	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 13:23 . 2011-06-19 12:49	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-26 01:05 . 2010-03-03 18:43	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-09 05:43 . 2012-07-12 07:51	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-12 07:51	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-12 07:51	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-12 07:51	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-12 07:51	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-12 07:51	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-12 07:51	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-23 11:50	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 11:51	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 11:51	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 11:51	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 11:50	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 11:51	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 11:50	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 11:50	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-23 11:50	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-12 07:51	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-12 07:51	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-12 07:51	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-12 07:51	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-12 07:51	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-12 07:51	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-12 07:51	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-12 07:51	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-12 07:51	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-03-03 10:38	279656	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"Akamai NetSession Interface"="c:\users\***\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UIExec"="c:\program files (x86)\Mobile Partner Manager\UIExec.exe" [2009-12-02 132096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"DataCardMonitor"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2011-02-16 253952]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Iomega StorCenter.lnk - c:\program files (x86)\Iomega StorCenter\sohoclient.exe [2011-4-13 1877328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 M4-Service;M4-Service;c:\users\***\Downloads\M4-Service.exe [2012-02-07 1007472]
R2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Mobile Partner Manager\AssistantServices.exe [2009-12-02 246272]
R2 WMCoreService;Mobile Broadband Core Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
R2 WTGService;WTGService;c:\program files (x86)\WINDHellasConnectionManager\WTGService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-07 113120]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904]
R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-08-27 118016]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-17 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\AESTSr64.exe [2009-03-03 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-05-22 69152]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2009-05-07 48800]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 12288]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 267296]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-17 215040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 13:23]
.
2011-10-26 c:\windows\Tasks\WebReg HP Photosmart B010 series.job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2009-11-17 22:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-29 309248]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hiergehtslos.de
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MIF5BA~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0hq496zl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-WinHex - f:\winhex\WinHex.exe
AddRemove-WinSetupFromUSB - c:\winsetupfromusb\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-13  09:08:24
ComboFix-quarantined-files.txt  2012-08-13 07:08
.
Vor Suchlauf: 18 Verzeichnis(se), 233.109.172.224 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 233.022.214.144 Bytes frei
.
- - End Of File - - 73239E27D9C924DE98C72B7FF659B646
         
Danke und Gruß

Oliver

Alt 13.08.2012, 17:34   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.VB.1624 und TR/Drop.Injector.filw - Standard

TR/Agent.VB.1624 und TR/Drop.Injector.filw



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.08.2012, 09:00   #21
oliver56
 
TR/Agent.VB.1624 und TR/Drop.Injector.filw - Standard

TR/Agent.VB.1624 und TR/Drop.Injector.filw



Hallo Arne,

hier das Log von GMER:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-14 09:18:40
Windows 6.1.7601 Service Pack 1 
Running: wpul1l2u.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c417feffd184                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c417feffd184@0025d0c70088         0x92 0xBA 0xB3 0xA7 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c417feffd184@20d607b9b083         0x85 0xAF 0x50 0xDF ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c417feffd184@f8db7fc58e5a         0x52 0x3A 0xEF 0x64 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c417feffd184 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c417feffd184@0025d0c70088             0x92 0xBA 0xB3 0xA7 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c417feffd184@20d607b9b083             0x85 0xAF 0x50 0xDF ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c417feffd184@f8db7fc58e5a             0x52 0x3A 0xEF 0x64 ...

---- EOF - GMER 1.0.15 ----
         
hier das Log von OSAM:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:34:31 on 14.08.2012

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"WebReg HP Photosmart B010 series.job" - "Hewlett-Packard Company" - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64" (vpnva) - ? - C:\Windows\System32\DRIVERS\vpnva64.sys  (File not found)
"Huawei DataCard USB Fake" (hwusbfake) - ? - C:\Windows\System32\DRIVERS\ewusbfake.sys  (File not found)
"Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit" (NETw5v64) - "Intel Corporation" - C:\Windows\System32\DRIVERS\NETw5v64.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - c:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0107B611-5FC7-11D5-B092-00C026283F7F} "büro+ SendenAn Erweiterung" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\OLKFSTUB.DLL
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files (x86)\WinRAR\rarext.dll
{B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? -   (File not found | COM-object registry key not found)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files (x86)\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files (x86)\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files (x86)\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files (x86)\WinZip\wzshlstb.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Iomega StorCenter.lnk" - "EMC" - C:\Program Files (x86)\Iomega StorCenter\sohoclient.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Akamai NetSession Interface" - "Akamai Technologies, Inc" - "C:\Users\***\AppData\Local\Akamai\netsession_win.exe"
"HW_OPENEYE_OUC_T-Mobile Internet Manager" - "Huawei Technologies Co., Ltd." - "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DataCardMonitor" - "Huawei Technologies Co., Ltd." - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"UIExec" - ? - "C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe"  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CUSTPDF Writer Monitor x86" - ? - C:\Windows\system32\custmon64.dll  (File found, but it contains no detailed information)
"spd__ Langmon" - ? - C:\Windows\system32\spd__l.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Akamai NetSession Interface" (Akamai) - "Akamai Technologies, Inc" - c:\program files (x86)\common files\akamai\netsession_win_4f7fccd.dll
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"M4-Service" (M4-Service) - ? - C:\Users\***\Downloads\M4-Service.exe  (File found, but it contains no detailed information)
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
"Mobile Broadband Core Service" (WMCoreService) - ? - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe  (File found, but it contains no detailed information)
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Retrospect Express HD Launcher" (RetroExpLauncher) - "EMC Corporation" - C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\retrorun.exe
"Samsung UPD Service" (Samsung UPD Service) - "Samsung Electronics CO., LTD." - C:\Windows\System32\SUPDSvc.exe
"UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe  (File found, but it contains no detailed information)
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"WTGService" (WTGService) - ? - C:\Program Files (x86)\WINDHellasConnectionManager\WTGService.exe  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
und hier das Log von aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-14 09:36:35
-----------------------------
09:36:35.006    OS Version: Windows x64 6.1.7601 Service Pack 1
09:36:35.006    Number of processors: 2 586 0x170A
09:36:35.021    ComputerName: ***-PC  UserName: ***
09:36:35.911    Initialize success
09:37:40.891    AVAST engine defs: 12081400
09:37:56.304    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:37:56.304    Disk 0 Vendor: ST932042 0004 Size: 305245MB BusType: 3
09:37:56.319    Disk 0 MBR read successfully
09:37:56.319    Disk 0 MBR scan
09:37:56.351    Disk 0 Windows 7 default MBR code
09:37:56.351    Disk 0 Partition 1 00     0C    FAT32 LBA                39 MB offset 63
09:37:56.366    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
09:37:56.397    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290204 MB offset 30801920
09:37:56.429    Disk 0 scanning C:\Windows\system32\drivers
09:38:11.982    Service scanning
09:38:39.391    Modules scanning
09:38:39.391    Disk 0 trace - called modules:
09:38:39.438    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
09:38:39.438    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005794060]
09:38:39.438    3 CLASSPNP.SYS[fffff88001bae43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047af050]
09:38:42.230    AVAST engine scan C:\Windows
09:38:48.502    AVAST engine scan C:\Windows\system32
09:44:04.386    AVAST engine scan C:\Windows\system32\drivers
09:44:21.718    AVAST engine scan C:\Users\***
09:48:48.416    AVAST engine scan C:\ProgramData
09:50:14.840    Scan finished successfully
09:54:17.826    Disk 0 MBR has been saved successfully to "C:\Desktop\MBR.dat"
09:54:17.826    The log file has been saved successfully to "C:\Desktop\aswMBR.txt"
         
Ich hatte keine von den beschriebenen Problemen. also keine Programmabstürze oder Ähnliches.

Vielen Dank und besten Gruß

Oliver

Alt 14.08.2012, 15:58   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.VB.1624 und TR/Drop.Injector.filw - Standard

TR/Agent.VB.1624 und TR/Drop.Injector.filw



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.08.2012, 13:36   #23
oliver56
 
TR/Agent.VB.1624 und TR/Drop.Injector.filw - Standard

TR/Agent.VB.1624 und TR/Drop.Injector.filw



Hallo Arne,

hier das Log von Malewarebytes.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-PC [Administrator]

17.08.2012 12:36:50
mbam-log-2012-08-17 (12-36-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|V:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351181
Laufzeit: 46 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\***\Downloads\SoftonicDownloader_fuer_extensoft-free-video-converter.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\SoftonicDownloader_fuer_videopad-video-editor.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
und hier der Log von Superantispyware. Das hatte ich als erstes laufen lassen.

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/17/2012 at 11:31 AM

Application Version : 5.5.1012

Core Rules Database Version : 9074
Trace Rules Database Version: 6886

Scan type       : Complete Scan
Total Scan Time : 01:37:10

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 680
Memory threats detected   : 0
Registry items scanned    : 68400
Registry threats detected : 0
File items scanned        : 144042
File threats detected     : 210

Adware.Tracking Cookie
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\K6F04F47.txt [ /msnportal.112.2o7.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\NN7Z1J85.txt [ /apmebf.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\8DN7ZTM7.txt [ /de.sitestat.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\42TN3GTK.txt [ /mediaplex.com ]
	C:\USERS\***-TEAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\***-team@atdmt[1].txt [ Cookie:***-team@atdmt.com/ ]
	C:\USERS\***-TEAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\***-team@msnportal.112.2o7[1].txt [ Cookie:***-team@msnportal.112.2o7.net/ ]
	C:\USERS\***\Cookies\K6F04F47.txt [ Cookie:***@msnportal.112.2o7.net/ ]
	C:\USERS\***\Cookies\NN7Z1J85.txt [ Cookie:***@apmebf.com/ ]
	C:\USERS\***\Cookies\8DN7ZTM7.txt [ Cookie:***@de.sitestat.com/is24-mail/is24-mail/ ]
	.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.hardsextube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.clicksor.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.clicksor.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.nakedwomennude.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	www.2sexybikini.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	tracking.mobile.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	www.outdoorsmedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.sexshop-dildo-king.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.mmotraffic.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.mmotraffic.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	www.gamestats.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	www.gamestats.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.youpornzilla.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.youpornzilla.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	antipornography.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	antipornography.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	www.antipornography.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	www.antipornography.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.antipornography.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.antipornography.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	banner.testberichte.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	adserver.yopi.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	adserver.yopi.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.bizrate.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.linksynergy.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.linksynergy.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.linksynergy.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.dealtime.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	stat.dealtime.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.gamestats.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.gamestats.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.moviefind.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.moviefind.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.edge.download.newmedia.nacamar.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.edge.download.newmedia.nacamar.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.werbebanner24.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.werbebanner24.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.mediamilkshake.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.mediamilkshake.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	stats.admin.ammersee-segelschule.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	media-mgmt.armorgames.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.entrepreneurship.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.entrepreneurship.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.xxxdessert.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.xxxdessert.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.hardsextube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.hardsextube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	adserver.hardsextube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	insight.torbit.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	tracking.mlsat02.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.yieldmanager.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.tracker.icerocket.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.tracker.icerocket.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	server.adformdsp.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adformdsp.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HQ496ZL.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-SoftonicDownloader
	C:\USERS\***\DOWNLOADS\SOFTONICDOWNLOADER_FUER_EXTENSOFT-FREE-VIDEO-CONVERTER.EXE
	C:\USERS\***\DOWNLOADS\SOFTONICDOWNLOADER_FUER_VIDEOPAD-VIDEO-EDITOR.EXE
         
wieder einmal vielen Dank und besten Gruß

Oliver

Alt 17.08.2012, 20:44   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.VB.1624 und TR/Drop.Injector.filw - Standard

TR/Agent.VB.1624 und TR/Drop.Injector.filw



Code:
ATTFilter
C:\Users\***\Downloads\SoftonicDownloader_fuer_extensoft-free-video-converter.exe
         
Hast du dir schon wieder was von diesem Müllportal runtergeladen?!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu TR/Agent.VB.1624 und TR/Drop.Injector.filw
adobe, akamai, antivir, autorun, avast, avira, bho, excel, explorer, firefox, flash player, format, helper, logfile, mozilla, nicht möglich, plug-in, problem, programme, realtek, registry, scan, searchscopes, senden, software, sperrseite, t-mobile, task-manager, taskmanager, tr/agent.vb.1624 und tr/drop.injector.filw trojaner, windows




Ähnliche Themen: TR/Agent.VB.1624 und TR/Drop.Injector.filw


  1. TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417
    Log-Analyse und Auswertung - 04.08.2013 (28)
  2. Ukash Luxemb. Polizei Trojaner , Isass.exe, ctfmon.lon, TR/Drop.Injector.fydy Trojan
    Log-Analyse und Auswertung - 15.11.2012 (16)
  3. "TR/Drop.Injector.fkta" bei Windows Vista
    Log-Analyse und Auswertung - 11.09.2012 (13)
  4. TR/Drop.Injector.fonv.1, TR/Drop.Injector.fnus.1, EXP/2012-1723.DG.1
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (17)
  5. TR/Drop.injector.fkqc gefunden
    Log-Analyse und Auswertung - 08.08.2012 (4)
  6. drop.injector.firp und TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (10)
  7. Tr/drop.injector.firp auf PC
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  8. TR/Agent.379392.F, TR/Drop.Agent.dil, TR/Crypt.ZPACK.Gen2 bei AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (43)
  9. Nach klicken auf Facebooklink Viren TR/Injector.ACk und TR/Drop.Fignotok.A.11
    Log-Analyse und Auswertung - 16.10.2011 (3)
  10. Avirafund: TR/Drop.Agent.cxpr, JAVA/Agent.A, JAVA/Rowindal.C und andere
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (25)
  11. TR/Spy.Bebloh.A.59 TR und */Drop.Bebloh.7344 */Injector.AOC.3 und Abstürze
    Plagegeister aller Art und deren Bekämpfung - 18.05.2010 (33)
  12. Mehrere Trojaner (tr/drop.Rkit.ey) in Tempordner oder (tr/tool.injector.605242)
    Log-Analyse und Auswertung - 08.01.2010 (39)
  13. drop agent gna 2
    Log-Analyse und Auswertung - 19.05.2009 (9)
  14. TR/Crypt.XPACK.Gen'/ TR/Drop.Agent.qkm/ TR/Drop.Mudr.CY.305...alles seit heut morgen!
    Plagegeister aller Art und deren Bekämpfung - 06.04.2009 (8)
  15. Trojanerfund Drop.Agent.dgo.8 und Drop.Agent.dgo.21
    Log-Analyse und Auswertung - 03.01.2008 (5)
  16. TR/Drop.Agent.ams
    Plagegeister aller Art und deren Bekämpfung - 04.06.2006 (5)
  17. TR\Drop.Agent.Ar
    Log-Analyse und Auswertung - 14.11.2004 (3)

Zum Thema TR/Agent.VB.1624 und TR/Drop.Injector.filw - Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis : Bitte den Virenscanner abstellen bevor du den - TR/Agent.VB.1624 und TR/Drop.Injector.filw...
Archiv
Du betrachtest: TR/Agent.VB.1624 und TR/Drop.Injector.filw auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.