Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Infiziert mit Trojan.Ransom

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.09.2012, 16:00   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.09.2012, 09:27   #17
tobias8311
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Code:
ATTFilter
OTL logfile created on: 12.09.2012 09:56:27 - Run 2
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 60,25% Memory free
5,82 Gb Paging File | 4,48 Gb Available in Paging File | 77,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 297,22 Gb Free Space | 63,81% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.12 09:54:29 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.09.10 16:06:26 | 000,372,736 | ---- | M] (Secure Banking) -- C:\Programme\Secure Banking\SecureBanking.exe
PRC - [2012.09.07 17:30:34 | 000,002,560 | ---- | M] () -- C:\Programme\Secure Banking\sbservice.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.05 13:49:45 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.08.09 20:47:05 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2012.07.25 10:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2012.06.22 00:09:52 | 000,483,024 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe
PRC - [2012.05.02 01:43:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:56:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.02 00:37:30 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.02 00:35:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:12:35 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.02 15:08:16 | 000,018,656 | ---- | M] () -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.12.16 17:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.07 17:30:34 | 000,002,560 | ---- | M] () -- C:\Programme\Secure Banking\sbservice.exe
MOD - [2012.09.07 17:30:22 | 000,016,384 | ---- | M] () -- C:\Programme\Secure Banking\SecureBanking.dll
MOD - [2012.09.05 20:49:54 | 000,008,704 | ---- | M] () -- C:\Programme\Secure Banking\funcs.dll
MOD - [2011.02.24 12:05:04 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 11:48:12 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.05 14:31:06 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.07.25 10:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.06.22 00:09:52 | 000,483,024 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2012.05.02 01:43:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:56:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:37:30 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.02 00:35:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.19 23:44:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.01.25 19:09:48 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.02.02 15:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.01.25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.16 17:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\FscBapi.sys -- (FscBapi)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 17:34:05 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 17:34:05 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:21:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011.05.18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011.02.24 12:05:16 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.12.15 14:17:14 | 000,010,880 | ---- | M] (Fujitsu Technology Solutions) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SysmonCharos.sys -- (SysmonCharos)
DRV - [2010.12.15 14:16:26 | 000,011,008 | ---- | M] (Fujitsu Technology Solutions) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FscEfDmi.sys -- (FscEfDmi)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.10.17 19:13:58 | 000,078,648 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.09 22:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.08.20 08:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.04.14 21:57:10 | 000,009,760 | ---- | M] () [Kernel | System | Running] -- C:\Programme\i-Menu\hugoio.sys -- (hugoio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 13 93 4F 8A D3 CC 01  [binary data]
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 3F A6 AB 59 5C CD 01  [binary data]
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.15 16:19:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 11:48:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.09.05 13:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.07 09:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\razzfai9.default\extensions
[2012.09.07 09:05:56 | 000,527,931 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\razzfai9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.09.07 11:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 11:48:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.07 11:48:12 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000..\Run: [SyncHostps] C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870\SyncHostps.exe File not found
O4 - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001..\Run: [SecureBanking] C:\Programme\Secure Banking\SecureBanking.exe (Secure Banking)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-3HHJG.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secure Banking.lnk = C:\Programme\Secure Banking\SecureBanking.exe (Secure Banking)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28CCEBFA-63F1-4591-BBA1-4114DC5B7DC7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.25 19:34:30 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\Programme\Secunia\PSI\psi_tray.exe - (Secunia)
MsConfig - StartUpReg: SpywareTerminatorShield - hkey= - key= - C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {02C8D987-4AAA-5F58-9092-78F2EB0E5B8C} - Microsoft Windows Media Player 12.0
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1867A934-3976-E76C-0C9B-6BD38781E6EF} - Microsoft Windows Media Player 12.0
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6A13367F-7535-7A67-7FD9-52350883F659} - Microsoft Windows Media Player 12.0
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B5E9B599-90D9-7606-C8EF-5DACFAB4BBEA} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D3B08A86-EBF0-8FCB-BF9B-3D3F11A8AE86} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F8E62A07-BED1-4E1A-AC6E-A15CB7E2FAF8} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.10 22:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking
[2012.09.07 11:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.06 21:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.06 21:30:25 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.09.06 08:36:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.09.05 13:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012.09.05 13:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012.09.05 13:32:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.09.05 13:32:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2012.09.05 13:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.05 11:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.09.05 10:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.05 10:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.09.05 10:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
[2012.09.04 16:02:50 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.08.30 09:30:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\RealNetworks
[2012.08.30 09:27:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\WindowsUpdate
[2012.08.30 09:24:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Secunia PSI
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.12 09:22:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.12 09:08:10 | 000,015,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.12 09:08:10 | 000,015,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.12 09:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.12 09:04:00 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.12 09:04:00 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.12 09:04:00 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.12 09:04:00 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.12 08:58:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.12 08:57:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.12 08:57:07 | 2342,313,984 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.11 10:18:09 | 000,711,240 | ---- | M] () -- C:\Windows\is-3HHJG.exe
[2012.09.11 10:18:09 | 000,012,842 | ---- | M] () -- C:\Windows\is-3HHJG.msg
[2012.09.11 10:18:09 | 000,001,124 | ---- | M] () -- C:\Users\***\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.11 10:18:09 | 000,000,380 | ---- | M] () -- C:\Windows\is-3HHJG.lst
[2012.09.10 22:39:35 | 000,001,089 | ---- | M] () -- C:\Users\***\Desktop\Secure Banking.lnk
[2012.09.10 15:06:21 | 000,512,399 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner2.001.exe
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 21:30:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.09.05 13:50:12 | 000,001,381 | ---- | M] () -- C:\Users\***\Desktop\RealPlayer.lnk
[2012.09.05 13:49:48 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012.09.05 11:06:10 | 000,001,121 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.09.05 10:53:44 | 000,001,145 | ---- | M] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk
[2012.08.30 12:03:07 | 000,007,596 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.08.30 11:28:58 | 000,482,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.28 13:44:01 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
 
========== Files Created - No Company Name ==========
 
[2012.09.11 10:18:09 | 000,711,240 | ---- | C] () -- C:\Windows\is-3HHJG.exe
[2012.09.11 10:18:09 | 000,012,842 | ---- | C] () -- C:\Windows\is-3HHJG.msg
[2012.09.11 10:18:09 | 000,000,380 | ---- | C] () -- C:\Windows\is-3HHJG.lst
[2012.09.10 22:39:35 | 000,001,089 | ---- | C] () -- C:\Users\***\Desktop\Secure Banking.lnk
[2012.09.10 15:06:17 | 000,512,399 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner2.001.exe
[2012.09.05 13:50:12 | 000,001,381 | ---- | C] () -- C:\Users\***\Desktop\RealPlayer.lnk
[2012.09.05 11:06:10 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.09.05 11:06:10 | 000,001,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.09.05 10:53:44 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.05 10:53:44 | 000,001,145 | ---- | C] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk
[2012.08.30 12:03:07 | 000,007,596 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.08.30 09:31:07 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.28 13:44:01 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.07.10 14:15:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.07.10 08:04:12 | 000,000,063 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan
[2012.06.26 16:07:56 | 000,000,019 | ---- | C] () -- C:\Windows\licdat64.ini
[2012.03.19 23:26:06 | 000,963,912 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2012.03.19 23:26:06 | 000,261,208 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.03.19 22:11:22 | 000,009,216 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.03.19 22:09:28 | 000,000,264 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.02.17 14:24:14 | 000,000,055 | ---- | C] () -- C:\Windows\System32\BRDH2240D.DAT
[2012.01.25 19:10:17 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.01.15 16:32:49 | 000,239,285 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2012.01.15 16:32:49 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2012.01.15 16:07:59 | 000,238,303 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.01.15 15:20:44 | 000,057,552 | ---- | C] () -- C:\Windows\System32\WkDos.exe
[2012.01.14 20:05:33 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.02.24 12:05:06 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.02.24 12:05:04 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
 
========== LOP Check ==========
 
[2012.07.10 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator
[2012.02.29 20:51:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2012.06.18 20:28:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2012.01.22 11:55:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.01.22 11:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.23 12:46:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.02.03 23:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient
[2012.01.22 11:58:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jens Lorek
[2012.02.21 15:13:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SKAT
[2012.07.20 11:41:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.10 07:56:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.06.19 19:02:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2012.06.17 12:34:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.07.07 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.07.09 22:48:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.07.10 18:56:47 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.09.05 13:32:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.09.05 13:29:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2012.08.30 09:30:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RealNetworks
[2012.07.10 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator
[2012.07.07 18:00:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2012.09.05 13:35:58 | 000,654,488 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\RealPlayer\setup\AU_setup20120730.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.01.26 12:50:34 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\ProgramData\Fujitsu\DeskUpdate\1057070\iaStor.sys
[2011.01.26 12:50:34 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Users\All Users\Fujitsu\DeskUpdate\1057070\iaStor.sys
[2011.01.26 12:50:34 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys
[2011.01.26 12:50:34 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1d4bb208009ee37\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
__________________


Alt 12.09.2012, 14:08   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - user.js - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000..\Run: [SyncHostps] C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870\SyncHostps.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.25 19:34:30 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.09.11 10:18:09 | 000,711,240 | ---- | C] () -- C:\Windows\is-3HHJG.exe
[2012.09.11 10:18:09 | 000,012,842 | ---- | C] () -- C:\Windows\is-3HHJG.msg
[2012.09.11 10:18:09 | 000,000,380 | ---- | C] () -- C:\Windows\is-3HHJG.lst
:Files
C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
__________________

Alt 19.09.2012, 08:15   #19
tobias8311
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Hallo,
hat leider ein wenig gedauert - unsere Internetleitung war defekt - jetzt bin ich wieder online.

Habe den Text in OTL kopiert, dann lief der Fix, danach musst ich einen neustart machen, hier der log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1529088095-4209079008-1077400495-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SyncHostps deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
C:\autoexec.bat moved successfully.
C:\Windows\is-3HHJG.exe moved successfully.
C:\Windows\is-3HHJG.msg moved successfully.
C:\Windows\is-3HHJG.lst moved successfully.
========== FILES ==========
C:\Users\***\AppData\Local\Microsoft\Windows\4870 folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: ***
->Temp folder emptied: 152692779 bytes
->Temporary Internet Files folder emptied: 77225441 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 75288726 bytes
->Flash cache emptied: 745 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 311553046 bytes
->Temporary Internet Files folder emptied: 55130975 bytes
->Java cache emptied: 3795764 bytes
->FireFox cache emptied: 514610114 bytes
->Flash cache emptied: 2078 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13075079 bytes
RecycleBin emptied: 1107 bytes
 
Total Files Cleaned = 1.148,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.3 log created on 09122012_154341

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 19.09.2012, 15:49   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.09.2012, 16:07   #21
tobias8311
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



was heißt "normaler Windows Modus":
- Windows ganz normal starten, oder
- unterschied administrator, eingeschränkter benutzer ?

Alt 19.09.2012, 19:33   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Mit normalem Modus meine ich das Gegenteil des abgesicherten Modus - also Windows ganz normal starten
Dass du Adminrechte für unsere Tools brauchst versteht sich ja von selbst
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.09.2012, 20:09   #23
tobias8311
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Code:
ATTFilter
21:02:54.0574 0248  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:02:54.0574 0248  ============================================================
21:02:54.0574 0248  Current date / time: 2012/09/19 21:02:54.0574
21:02:54.0574 0248  SystemInfo:
21:02:54.0574 0248  
21:02:54.0574 0248  OS Version: 6.1.7601 ServicePack: 1.0
21:02:54.0574 0248  Product type: Workstation
21:02:54.0574 0248  ComputerName: ***-PC-TOWER
21:02:54.0574 0248  UserName: ***
21:02:54.0574 0248  Windows directory: C:\Windows
21:02:54.0574 0248  System windows directory: C:\Windows
21:02:54.0574 0248  Processor architecture: Intel x86
21:02:54.0574 0248  Number of processors: 4
21:02:54.0574 0248  Page size: 0x1000
21:02:54.0574 0248  Boot type: Normal boot
21:02:54.0574 0248  ============================================================
21:02:55.0182 0248  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:02:55.0198 0248  ============================================================
21:02:55.0198 0248  \Device\Harddisk0\DR0:
21:02:55.0198 0248  MBR partitions:
21:02:55.0198 0248  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
21:02:55.0198 0248  ============================================================
21:02:55.0260 0248  C: <-> \Device\Harddisk0\DR0\Partition1
21:02:55.0260 0248  ============================================================
21:02:55.0260 0248  Initialize success
21:02:55.0260 0248  ============================================================
21:03:20.0454 3968  ============================================================
21:03:20.0454 3968  Scan started
21:03:20.0454 3968  Mode: Manual; SigCheck; TDLFS; 
21:03:20.0454 3968  ============================================================
21:03:20.0766 3968  ================ Scan system memory ========================
21:03:20.0766 3968  System memory - ok
21:03:20.0766 3968  ================ Scan services =============================
21:03:20.0907 3968  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:03:21.0000 3968  1394ohci - ok
21:03:21.0031 3968  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:03:21.0047 3968  ACPI - ok
21:03:21.0078 3968  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:03:21.0156 3968  AcpiPmi - ok
21:03:21.0234 3968  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:03:21.0250 3968  AdobeARMservice - ok
21:03:21.0297 3968  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:03:21.0312 3968  AdobeFlashPlayerUpdateSvc - ok
21:03:21.0359 3968  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:03:21.0375 3968  adp94xx - ok
21:03:21.0390 3968  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:03:21.0406 3968  adpahci - ok
21:03:21.0421 3968  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:03:21.0421 3968  adpu320 - ok
21:03:21.0437 3968  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:03:21.0468 3968  AeLookupSvc - ok
21:03:21.0499 3968  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
21:03:21.0531 3968  AFD - ok
21:03:21.0546 3968  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:03:21.0562 3968  agp440 - ok
21:03:21.0593 3968  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
21:03:21.0624 3968  aic78xx - ok
21:03:21.0640 3968  [ 45F65F2F7AE28E5E56AB64E3AC61BD52 ] aksfridge       C:\Windows\system32\drivers\aksfridge.sys
21:03:21.0702 3968  aksfridge - ok
21:03:21.0749 3968  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
21:03:21.0796 3968  ALG - ok
21:03:21.0843 3968  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:03:21.0858 3968  aliide - ok
21:03:21.0874 3968  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:03:21.0889 3968  amdagp - ok
21:03:21.0889 3968  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:03:21.0921 3968  amdide - ok
21:03:21.0936 3968  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:03:21.0983 3968  AmdK8 - ok
21:03:21.0999 3968  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:03:22.0014 3968  AmdPPM - ok
21:03:22.0030 3968  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:03:22.0045 3968  amdsata - ok
21:03:22.0061 3968  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:03:22.0061 3968  amdsbs - ok
21:03:22.0077 3968  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:03:22.0092 3968  amdxata - ok
21:03:22.0170 3968  [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
21:03:22.0186 3968  AntiVirMailService - ok
21:03:22.0201 3968  [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:03:22.0217 3968  AntiVirSchedulerService - ok
21:03:22.0217 3968  [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:03:22.0233 3968  AntiVirService - ok
21:03:22.0248 3968  [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:03:22.0264 3968  AntiVirWebService - ok
21:03:22.0295 3968  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
21:03:22.0357 3968  AppID - ok
21:03:22.0373 3968  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:03:22.0420 3968  AppIDSvc - ok
21:03:22.0451 3968  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
21:03:22.0498 3968  Appinfo - ok
21:03:22.0513 3968  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:03:22.0529 3968  arc - ok
21:03:22.0545 3968  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:03:22.0560 3968  arcsas - ok
21:03:22.0654 3968  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:03:22.0685 3968  aspnet_state - ok
21:03:22.0685 3968  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:03:22.0763 3968  AsyncMac - ok
21:03:22.0794 3968  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
21:03:22.0810 3968  atapi - ok
21:03:22.0841 3968  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:03:22.0888 3968  AudioEndpointBuilder - ok
21:03:22.0888 3968  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:03:22.0919 3968  Audiosrv - ok
21:03:22.0981 3968  [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
21:03:23.0013 3968  Autodesk Content Service - ok
21:03:23.0028 3968  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:03:23.0044 3968  avgntflt - ok
21:03:23.0075 3968  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:03:23.0091 3968  avipbb - ok
21:03:23.0106 3968  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:03:23.0137 3968  avkmgr - ok
21:03:23.0184 3968  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:03:23.0262 3968  AxInstSV - ok
21:03:23.0293 3968  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
21:03:23.0356 3968  b06bdrv - ok
21:03:23.0371 3968  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:03:23.0418 3968  b57nd60x - ok
21:03:23.0434 3968  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:03:23.0496 3968  BDESVC - ok
21:03:23.0512 3968  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:03:23.0574 3968  Beep - ok
21:03:23.0605 3968  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
21:03:23.0637 3968  BFE - ok
21:03:23.0668 3968  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
21:03:23.0715 3968  BITS - ok
21:03:23.0715 3968  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:03:23.0730 3968  blbdrive - ok
21:03:23.0746 3968  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:03:23.0761 3968  bowser - ok
21:03:23.0777 3968  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:03:23.0839 3968  BrFiltLo - ok
21:03:23.0855 3968  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:03:23.0886 3968  BrFiltUp - ok
21:03:23.0917 3968  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
21:03:23.0949 3968  Browser - ok
21:03:23.0964 3968  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:03:24.0011 3968  Brserid - ok
21:03:24.0011 3968  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:03:24.0042 3968  BrSerWdm - ok
21:03:24.0058 3968  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:03:24.0105 3968  BrUsbMdm - ok
21:03:24.0120 3968  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:03:24.0151 3968  BrUsbSer - ok
21:03:24.0214 3968  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
21:03:24.0229 3968  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
21:03:24.0229 3968  BrYNSvc - detected UnsignedFile.Multi.Generic (1)
21:03:24.0245 3968  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:03:24.0261 3968  BTHMODEM - ok
21:03:24.0292 3968  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
21:03:24.0354 3968  bthserv - ok
21:03:24.0417 3968  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:03:24.0479 3968  cdfs - ok
21:03:24.0495 3968  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
21:03:24.0541 3968  cdrom - ok
21:03:24.0573 3968  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:03:24.0619 3968  CertPropSvc - ok
21:03:24.0651 3968  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:03:24.0682 3968  circlass - ok
21:03:24.0713 3968  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
21:03:24.0744 3968  CLFS - ok
21:03:24.0869 3968  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:03:24.0885 3968  clr_optimization_v2.0.50727_32 - ok
21:03:24.0916 3968  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:03:24.0931 3968  clr_optimization_v4.0.30319_32 - ok
21:03:24.0947 3968  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:03:24.0963 3968  CmBatt - ok
21:03:24.0978 3968  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:03:24.0994 3968  cmdide - ok
21:03:25.0025 3968  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
21:03:25.0056 3968  CNG - ok
21:03:25.0072 3968  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:03:25.0072 3968  Compbatt - ok
21:03:25.0119 3968  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:03:25.0150 3968  CompositeBus - ok
21:03:25.0165 3968  COMSysApp - ok
21:03:25.0212 3968  [ 085D4E5714BC641286C43239E8CB267F ] cphs            C:\Windows\system32\IntelCpHeciSvc.exe
21:03:25.0228 3968  cphs - ok
21:03:25.0259 3968  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:03:25.0275 3968  crcdisk - ok
21:03:25.0306 3968  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:03:25.0353 3968  CryptSvc - ok
21:03:25.0399 3968  [ 7CAAF4AF453EF3582FEF65DD72CAA0AA ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
21:03:25.0431 3968  dc3d - ok
21:03:25.0462 3968  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:03:25.0509 3968  DcomLaunch - ok
21:03:25.0524 3968  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:03:25.0571 3968  defragsvc - ok
21:03:25.0602 3968  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:03:25.0633 3968  DfsC - ok
21:03:25.0665 3968  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:03:25.0711 3968  Dhcp - ok
21:03:25.0727 3968  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
21:03:25.0758 3968  discache - ok
21:03:25.0789 3968  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:03:25.0789 3968  Disk - ok
21:03:25.0821 3968  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:03:25.0836 3968  Dnscache - ok
21:03:25.0867 3968  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:03:25.0899 3968  dot3svc - ok
21:03:25.0930 3968  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:03:25.0961 3968  Dot4 - ok
21:03:25.0992 3968  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
21:03:26.0023 3968  Dot4Print - ok
21:03:26.0039 3968  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:03:26.0086 3968  dot4usb - ok
21:03:26.0101 3968  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
21:03:26.0133 3968  DPS - ok
21:03:26.0164 3968  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:03:26.0195 3968  drmkaud - ok
21:03:26.0226 3968  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:03:26.0257 3968  DXGKrnl - ok
21:03:26.0273 3968  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
21:03:26.0320 3968  EapHost - ok
21:03:26.0413 3968  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
21:03:26.0507 3968  ebdrv - ok
21:03:26.0523 3968  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
21:03:26.0554 3968  EFS - ok
21:03:26.0601 3968  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:03:26.0647 3968  ehRecvr - ok
21:03:26.0663 3968  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
21:03:26.0710 3968  ehSched - ok
21:03:26.0741 3968  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
21:03:26.0757 3968  ElbyCDIO - ok
21:03:26.0803 3968  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:03:26.0835 3968  elxstor - ok
21:03:26.0850 3968  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:03:26.0866 3968  ErrDev - ok
21:03:26.0913 3968  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
21:03:26.0959 3968  EventSystem - ok
21:03:26.0991 3968  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
21:03:27.0037 3968  exfat - ok
21:03:27.0069 3968  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:03:27.0115 3968  fastfat - ok
21:03:27.0147 3968  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
21:03:27.0193 3968  Fax - ok
21:03:27.0209 3968  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:03:27.0240 3968  fdc - ok
21:03:27.0256 3968  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
21:03:27.0287 3968  fdPHost - ok
21:03:27.0303 3968  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
21:03:27.0334 3968  FDResPub - ok
21:03:27.0349 3968  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:03:27.0365 3968  FileInfo - ok
21:03:27.0365 3968  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:03:27.0412 3968  Filetrace - ok
21:03:27.0459 3968  [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:03:27.0490 3968  FLEXnet Licensing Service - ok
21:03:27.0521 3968  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:03:27.0552 3968  flpydisk - ok
21:03:27.0583 3968  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:03:27.0599 3968  FltMgr - ok
21:03:27.0630 3968  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
21:03:27.0661 3968  FontCache - ok
21:03:27.0708 3968  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:03:27.0724 3968  FontCache3.0.0.0 - ok
21:03:27.0739 3968  FscBapi - ok
21:03:27.0755 3968  [ 578CB7252D3C807E145D5B1E18423A2E ] FscEfDmi        C:\Windows\system32\DRIVERS\FscEfDmi.sys
21:03:27.0802 3968  FscEfDmi - ok
21:03:27.0817 3968  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:03:27.0833 3968  FsDepends - ok
21:03:27.0849 3968  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:03:27.0880 3968  Fs_Rec - ok
21:03:27.0911 3968  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:03:27.0927 3968  fvevol - ok
21:03:27.0958 3968  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:03:27.0973 3968  gagp30kx - ok
21:03:28.0005 3968  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:03:28.0051 3968  gpsvc - ok
21:03:28.0114 3968  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:03:28.0129 3968  gupdate - ok
21:03:28.0129 3968  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:03:28.0145 3968  gupdatem - ok
21:03:28.0176 3968  [ 995178A443B07FA9EEAEA041D7B4B5CA ] hardlock        C:\Windows\system32\drivers\hardlock.sys
21:03:28.0239 3968  hardlock - ok
21:03:28.0239 3968  hasplms - ok
21:03:28.0254 3968  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:03:28.0301 3968  hcw85cir - ok
21:03:28.0332 3968  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:03:28.0363 3968  HdAudAddService - ok
21:03:28.0379 3968  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:03:28.0410 3968  HDAudBus - ok
21:03:28.0441 3968  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:03:28.0473 3968  HidBatt - ok
21:03:28.0488 3968  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:03:28.0519 3968  HidBth - ok
21:03:28.0535 3968  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:03:28.0566 3968  HidIr - ok
21:03:28.0582 3968  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
21:03:28.0644 3968  hidserv - ok
21:03:28.0675 3968  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:03:28.0707 3968  HidUsb - ok
21:03:28.0722 3968  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:03:28.0769 3968  hkmsvc - ok
21:03:28.0785 3968  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:03:28.0816 3968  HomeGroupListener - ok
21:03:28.0847 3968  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:03:28.0863 3968  HomeGroupProvider - ok
21:03:29.0019 3968  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:03:29.0050 3968  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:03:29.0050 3968  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:03:29.0081 3968  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:03:29.0097 3968  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:03:29.0097 3968  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:03:29.0143 3968  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:03:29.0159 3968  HpSAMD - ok
21:03:29.0190 3968  [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:03:29.0206 3968  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:03:29.0206 3968  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:03:29.0253 3968  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:03:29.0284 3968  HTTP - ok
21:03:29.0315 3968  [ 7DECCB2612255F4B538976AD25DA0D29 ] hugoio          C:\Program Files\i-Menu\hugoio.sys
21:03:29.0331 3968  hugoio - ok
21:03:29.0331 3968  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:03:29.0331 3968  hwpolicy - ok
21:03:29.0362 3968  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:03:29.0393 3968  i8042prt - ok
21:03:29.0440 3968  [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:03:29.0455 3968  iaStor - ok
21:03:29.0502 3968  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:03:29.0518 3968  iaStorV - ok
21:03:29.0580 3968  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:03:29.0611 3968  idsvc - ok
21:03:29.0799 3968  [ 0FEB90F92A8AB77A7E5E6BA052138351 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
21:03:30.0064 3968  igfx - ok
21:03:30.0111 3968  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:03:30.0126 3968  iirsp - ok
21:03:30.0157 3968  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:03:30.0189 3968  IKEEXT - ok
21:03:30.0282 3968  [ B44C0357D1FC7C9E4C0B0983A9E96FF9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:03:30.0360 3968  IntcAzAudAddService - ok
21:03:30.0376 3968  [ 5576AD2F0039D2BCCCA3567FC0BF981C ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:03:30.0407 3968  IntcDAud - ok
21:03:30.0423 3968  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:03:30.0438 3968  intelide - ok
21:03:30.0485 3968  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:03:30.0501 3968  intelppm - ok
21:03:30.0516 3968  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:03:30.0579 3968  IPBusEnum - ok
21:03:30.0594 3968  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:03:30.0641 3968  IpFilterDriver - ok
21:03:30.0688 3968  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:03:30.0735 3968  iphlpsvc - ok
21:03:30.0766 3968  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:03:30.0766 3968  IPMIDRV - ok
21:03:30.0781 3968  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:03:30.0828 3968  IPNAT - ok
21:03:30.0859 3968  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:03:30.0891 3968  IRENUM - ok
21:03:30.0937 3968  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:03:30.0937 3968  isapnp - ok
21:03:30.0969 3968  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:03:30.0969 3968  iScsiPrt - ok
21:03:31.0000 3968  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:03:31.0015 3968  kbdclass - ok
21:03:31.0031 3968  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:03:31.0047 3968  kbdhid - ok
21:03:31.0062 3968  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
21:03:31.0078 3968  KeyIso - ok
21:03:31.0093 3968  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:03:31.0109 3968  KSecDD - ok
21:03:31.0125 3968  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:03:31.0140 3968  KSecPkg - ok
21:03:31.0156 3968  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:03:31.0187 3968  KtmRm - ok
21:03:31.0203 3968  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:03:31.0218 3968  LanmanServer - ok
21:03:31.0218 3968  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:03:31.0249 3968  LanmanWorkstation - ok
21:03:31.0281 3968  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:03:31.0327 3968  lltdio - ok
21:03:31.0359 3968  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:03:31.0390 3968  lltdsvc - ok
21:03:31.0405 3968  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:03:31.0437 3968  lmhosts - ok
21:03:31.0452 3968  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:03:31.0468 3968  LSI_FC - ok
21:03:31.0483 3968  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:03:31.0499 3968  LSI_SAS - ok
21:03:31.0515 3968  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:03:31.0530 3968  LSI_SAS2 - ok
21:03:31.0546 3968  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:03:31.0561 3968  LSI_SCSI - ok
21:03:31.0577 3968  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
21:03:31.0608 3968  luafv - ok
21:03:31.0639 3968  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:03:31.0655 3968  MBAMProtector - ok
21:03:31.0717 3968  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:03:31.0733 3968  MBAMScheduler - ok
21:03:31.0764 3968  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:03:31.0795 3968  MBAMService - ok
21:03:31.0811 3968  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:03:31.0858 3968  Mcx2Svc - ok
21:03:31.0889 3968  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:03:31.0905 3968  megasas - ok
21:03:31.0936 3968  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:03:31.0951 3968  MegaSR - ok
21:03:31.0967 3968  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
21:03:32.0014 3968  MMCSS - ok
21:03:32.0014 3968  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
21:03:32.0045 3968  Modem - ok
21:03:32.0076 3968  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:03:32.0092 3968  monitor - ok
21:03:32.0107 3968  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:03:32.0123 3968  mouclass - ok
21:03:32.0139 3968  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:03:32.0170 3968  mouhid - ok
21:03:32.0185 3968  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:03:32.0201 3968  mountmgr - ok
21:03:32.0248 3968  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:03:32.0263 3968  MozillaMaintenance - ok
21:03:32.0279 3968  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:03:32.0310 3968  mpio - ok
21:03:32.0326 3968  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:03:32.0388 3968  mpsdrv - ok
21:03:32.0419 3968  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:03:32.0466 3968  MpsSvc - ok
21:03:32.0482 3968  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:03:32.0497 3968  MRxDAV - ok
21:03:32.0529 3968  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:03:32.0560 3968  mrxsmb - ok
21:03:32.0591 3968  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:03:32.0607 3968  mrxsmb10 - ok
21:03:32.0622 3968  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:03:32.0653 3968  mrxsmb20 - ok
21:03:32.0669 3968  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
21:03:32.0685 3968  msahci - ok
21:03:32.0716 3968  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:03:32.0747 3968  msdsm - ok
21:03:32.0763 3968  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
21:03:32.0794 3968  MSDTC - ok
21:03:32.0841 3968  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:03:32.0872 3968  Msfs - ok
21:03:32.0887 3968  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:03:32.0934 3968  mshidkmdf - ok
21:03:32.0950 3968  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:03:32.0965 3968  msisadrv - ok
21:03:32.0981 3968  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:03:33.0028 3968  MSiSCSI - ok
21:03:33.0028 3968  msiserver - ok
21:03:33.0043 3968  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:03:33.0075 3968  MSKSSRV - ok
21:03:33.0075 3968  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:03:33.0106 3968  MSPCLOCK - ok
21:03:33.0106 3968  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:03:33.0137 3968  MSPQM - ok
21:03:33.0153 3968  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:03:33.0153 3968  MsRPC - ok
21:03:33.0168 3968  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:03:33.0184 3968  mssmbios - ok
21:03:33.0199 3968  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:03:33.0215 3968  MSTEE - ok
21:03:33.0231 3968  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:03:33.0262 3968  MTConfig - ok
21:03:33.0277 3968  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:03:33.0293 3968  Mup - ok
21:03:33.0309 3968  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
21:03:33.0340 3968  napagent - ok
21:03:33.0371 3968  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:03:33.0387 3968  NativeWifiP - ok
21:03:33.0433 3968  [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate        C:\Program Files\Nero\Update\NASvc.exe
21:03:33.0449 3968  NAUpdate - ok
21:03:33.0496 3968  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:03:33.0511 3968  NDIS - ok
21:03:33.0527 3968  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:03:33.0558 3968  NdisCap - ok
21:03:33.0574 3968  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:03:33.0605 3968  NdisTapi - ok
21:03:33.0636 3968  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:03:33.0667 3968  Ndisuio - ok
21:03:33.0699 3968  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:03:33.0730 3968  NdisWan - ok
21:03:33.0745 3968  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:03:33.0777 3968  NDProxy - ok
21:03:33.0808 3968  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:03:33.0808 3968  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:03:33.0808 3968  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:03:33.0839 3968  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:03:33.0886 3968  NetBIOS - ok
21:03:33.0901 3968  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:03:33.0964 3968  NetBT - ok
21:03:33.0979 3968  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
21:03:33.0979 3968  Netlogon - ok
21:03:34.0011 3968  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
21:03:34.0042 3968  Netman - ok
21:03:34.0073 3968  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:34.0089 3968  NetMsmqActivator - ok
21:03:34.0104 3968  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:34.0120 3968  NetPipeActivator - ok
21:03:34.0135 3968  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
21:03:34.0182 3968  netprofm - ok
21:03:34.0182 3968  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:34.0198 3968  NetTcpActivator - ok
21:03:34.0198 3968  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:34.0213 3968  NetTcpPortSharing - ok
21:03:34.0229 3968  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:03:34.0245 3968  nfrd960 - ok
21:03:34.0260 3968  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:03:34.0291 3968  NlaSvc - ok
21:03:34.0291 3968  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:03:34.0338 3968  Npfs - ok
21:03:34.0338 3968  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
21:03:34.0369 3968  nsi - ok
21:03:34.0401 3968  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:03:34.0432 3968  nsiproxy - ok
21:03:34.0479 3968  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:03:34.0525 3968  Ntfs - ok
21:03:34.0541 3968  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
21:03:34.0588 3968  Null - ok
21:03:34.0619 3968  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:03:34.0635 3968  nvraid - ok
21:03:34.0650 3968  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:03:34.0666 3968  nvstor - ok
21:03:34.0713 3968  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:03:34.0728 3968  nv_agp - ok
21:03:34.0775 3968  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:03:34.0822 3968  ohci1394 - ok
21:03:34.0869 3968  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:03:34.0884 3968  ose - ok
21:03:34.0993 3968  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:03:35.0056 3968  osppsvc - ok
21:03:35.0071 3968  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:03:35.0118 3968  p2pimsvc - ok
21:03:35.0149 3968  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:03:35.0181 3968  p2psvc - ok
21:03:35.0212 3968  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:03:35.0243 3968  Parport - ok
21:03:35.0259 3968  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:03:35.0274 3968  partmgr - ok
21:03:35.0290 3968  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
21:03:35.0305 3968  Parvdm - ok
21:03:35.0321 3968  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:03:35.0352 3968  PcaSvc - ok
21:03:35.0368 3968  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
21:03:35.0383 3968  pci - ok
21:03:35.0399 3968  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
21:03:35.0399 3968  pciide - ok
21:03:35.0430 3968  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:03:35.0446 3968  pcmcia - ok
21:03:35.0461 3968  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
21:03:35.0477 3968  pcw - ok
21:03:35.0493 3968  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:03:35.0524 3968  PEAUTH - ok
21:03:35.0571 3968  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
21:03:35.0633 3968  pla - ok
21:03:35.0680 3968  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:03:35.0695 3968  PlugPlay - ok
21:03:35.0742 3968  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:03:35.0758 3968  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:03:35.0758 3968  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:03:35.0789 3968  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:03:35.0836 3968  PNRPAutoReg - ok
21:03:35.0851 3968  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:03:35.0867 3968  PNRPsvc - ok
21:03:35.0898 3968  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:03:35.0929 3968  PolicyAgent - ok
21:03:35.0945 3968  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
21:03:35.0961 3968  Power - ok
21:03:35.0976 3968  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:03:36.0023 3968  PptpMiniport - ok
21:03:36.0039 3968  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:03:36.0054 3968  Processor - ok
21:03:36.0070 3968  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
21:03:36.0101 3968  ProfSvc - ok
21:03:36.0117 3968  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:03:36.0132 3968  ProtectedStorage - ok
21:03:36.0148 3968  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:03:36.0179 3968  Psched - ok
21:03:36.0210 3968  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
21:03:36.0226 3968  PSI - ok
21:03:36.0273 3968  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:03:36.0319 3968  ql2300 - ok
21:03:36.0335 3968  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:03:36.0335 3968  ql40xx - ok
21:03:36.0366 3968  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
21:03:36.0382 3968  QWAVE - ok
21:03:36.0382 3968  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:03:36.0429 3968  QWAVEdrv - ok
21:03:36.0444 3968  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:03:36.0507 3968  RasAcd - ok
21:03:36.0538 3968  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:03:36.0569 3968  RasAgileVpn - ok
21:03:36.0585 3968  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
21:03:36.0600 3968  RasAuto - ok
21:03:36.0631 3968  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:03:36.0663 3968  Rasl2tp - ok
21:03:36.0678 3968  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
21:03:36.0725 3968  RasMan - ok
21:03:36.0741 3968  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:03:36.0772 3968  RasPppoe - ok
21:03:36.0772 3968  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:03:36.0803 3968  RasSstp - ok
21:03:36.0834 3968  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:03:36.0850 3968  rdbss - ok
21:03:36.0865 3968  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:03:36.0881 3968  rdpbus - ok
21:03:36.0897 3968  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:03:36.0928 3968  RDPCDD - ok
21:03:36.0928 3968  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:03:36.0959 3968  RDPENCDD - ok
21:03:36.0975 3968  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:03:37.0006 3968  RDPREFMP - ok
21:03:37.0053 3968  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:03:37.0084 3968  RDPWD - ok
21:03:37.0099 3968  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:03:37.0131 3968  rdyboost - ok
21:03:37.0162 3968  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:03:37.0193 3968  RemoteAccess - ok
21:03:37.0209 3968  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:03:37.0240 3968  RemoteRegistry - ok
21:03:37.0255 3968  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:03:37.0302 3968  RpcEptMapper - ok
21:03:37.0318 3968  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
21:03:37.0349 3968  RpcLocator - ok
21:03:37.0365 3968  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
21:03:37.0411 3968  RpcSs - ok
21:03:37.0427 3968  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:03:37.0458 3968  rspndr - ok
21:03:37.0489 3968  [ F83FEAF4C5A3A559A6CC98E112B62744 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
21:03:37.0505 3968  RTL8167 - ok
21:03:37.0521 3968  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
21:03:37.0536 3968  SamSs - ok
21:03:37.0567 3968  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:03:37.0583 3968  sbp2port - ok
21:03:37.0630 3968  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:03:37.0677 3968  SCardSvr - ok
21:03:37.0708 3968  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:03:37.0739 3968  scfilter - ok
21:03:37.0770 3968  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
21:03:37.0801 3968  Schedule - ok
21:03:37.0817 3968  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:03:37.0833 3968  SCPolicySvc - ok
21:03:37.0864 3968  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:03:37.0895 3968  SDRSVC - ok
21:03:37.0926 3968  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:03:37.0973 3968  secdrv - ok
21:03:37.0973 3968  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
21:03:38.0004 3968  seclogon - ok
21:03:38.0082 3968  [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
21:03:38.0129 3968  Secunia PSI Agent - ok
21:03:38.0145 3968  [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
21:03:38.0160 3968  Secunia Update Agent - ok
21:03:38.0160 3968  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
21:03:38.0191 3968  SENS - ok
21:03:38.0207 3968  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:03:38.0223 3968  SensrSvc - ok
21:03:38.0238 3968  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:03:38.0285 3968  Serenum - ok
21:03:38.0285 3968  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:03:38.0332 3968  Serial - ok
21:03:38.0363 3968  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:03:38.0379 3968  sermouse - ok
21:03:38.0410 3968  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:03:38.0441 3968  SessionEnv - ok
21:03:38.0472 3968  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:03:38.0503 3968  sffdisk - ok
21:03:38.0519 3968  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:03:38.0550 3968  sffp_mmc - ok
21:03:38.0550 3968  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:03:38.0581 3968  sffp_sd - ok
21:03:38.0597 3968  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:03:38.0628 3968  sfloppy - ok
21:03:38.0659 3968  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:03:38.0706 3968  SharedAccess - ok
21:03:38.0722 3968  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:03:38.0769 3968  ShellHWDetection - ok
21:03:38.0815 3968  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:03:38.0815 3968  sisagp - ok
21:03:38.0831 3968  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:03:38.0847 3968  SiSRaid2 - ok
21:03:38.0862 3968  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:03:38.0878 3968  SiSRaid4 - ok
21:03:38.0909 3968  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:03:38.0940 3968  Smb - ok
21:03:38.0971 3968  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:03:38.0971 3968  SNMPTRAP - ok
21:03:38.0987 3968  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:03:38.0987 3968  spldr - ok
21:03:39.0018 3968  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
21:03:39.0065 3968  Spooler - ok
21:03:39.0127 3968  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:03:39.0174 3968  sppsvc - ok
21:03:39.0190 3968  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:03:39.0205 3968  sppuinotify - ok
21:03:39.0237 3968  [ 7B426B8E809EDF081D771EF429345528 ] sp_rsdrv2       C:\Windows\system32\drivers\sp_rsdrv2.sys
21:03:39.0252 3968  sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
21:03:39.0252 3968  sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
21:03:39.0299 3968  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:03:39.0315 3968  srv - ok
21:03:39.0346 3968  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:03:39.0361 3968  srv2 - ok
21:03:39.0377 3968  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:03:39.0408 3968  srvnet - ok
21:03:39.0439 3968  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:03:39.0486 3968  SSDPSRV - ok
21:03:39.0502 3968  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:03:39.0517 3968  ssmdrv - ok
21:03:39.0533 3968  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:03:39.0564 3968  SstpSvc - ok
21:03:39.0611 3968  [ B2A463132872D42B5637262215046926 ] ST2012_Svc      C:\Program Files\Spyware Terminator\st_rsser.exe
21:03:39.0611 3968  ST2012_Svc - ok
21:03:39.0642 3968  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:03:39.0658 3968  stexstor - ok
21:03:39.0689 3968  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:03:39.0736 3968  StiSvc - ok
21:03:39.0751 3968  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:03:39.0767 3968  swenum - ok
21:03:39.0798 3968  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
21:03:39.0829 3968  swprv - ok
21:03:39.0876 3968  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
21:03:39.0939 3968  SysMain - ok
21:03:39.0954 3968  [ F354CD3EFDA0FEBADEA8C56FCA346364 ] SysmonCharos    C:\Windows\system32\DRIVERS\SysmonCharos.sys
21:03:39.0970 3968  SysmonCharos - ok
21:03:40.0001 3968  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:03:40.0032 3968  TabletInputService - ok
21:03:40.0063 3968  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:03:40.0095 3968  TapiSrv - ok
21:03:40.0110 3968  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
21:03:40.0141 3968  TBS - ok
21:03:40.0204 3968  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:03:40.0251 3968  Tcpip - ok
21:03:40.0297 3968  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:03:40.0313 3968  TCPIP6 - ok
21:03:40.0329 3968  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:03:40.0375 3968  tcpipreg - ok
21:03:40.0391 3968  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:03:40.0438 3968  TDPIPE - ok
21:03:40.0438 3968  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:03:40.0485 3968  TDTCP - ok
21:03:40.0500 3968  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:03:40.0531 3968  tdx - ok
21:03:40.0547 3968  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:03:40.0563 3968  TermDD - ok
21:03:40.0578 3968  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
21:03:40.0625 3968  TermService - ok
21:03:40.0641 3968  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
21:03:40.0656 3968  Themes - ok
21:03:40.0672 3968  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:03:40.0687 3968  THREADORDER - ok
21:03:40.0719 3968  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
21:03:40.0734 3968  TrkWks - ok
21:03:40.0781 3968  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:03:40.0812 3968  TrustedInstaller - ok
21:03:40.0828 3968  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:03:40.0875 3968  tssecsrv - ok
21:03:40.0906 3968  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:03:40.0921 3968  TsUsbFlt - ok
21:03:40.0953 3968  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:03:40.0999 3968  tunnel - ok
21:03:41.0015 3968  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:03:41.0031 3968  uagp35 - ok
21:03:41.0046 3968  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:03:41.0077 3968  udfs - ok
21:03:41.0093 3968  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:03:41.0124 3968  UI0Detect - ok
21:03:41.0124 3968  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:03:41.0140 3968  uliagpkx - ok
21:03:41.0155 3968  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
21:03:41.0155 3968  umbus - ok
21:03:41.0187 3968  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:03:41.0187 3968  UmPass - ok
21:03:41.0202 3968  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
21:03:41.0218 3968  upnphost - ok
21:03:41.0249 3968  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:03:41.0265 3968  usbccgp - ok
21:03:41.0296 3968  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:03:41.0311 3968  usbcir - ok
21:03:41.0327 3968  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:03:41.0343 3968  usbehci - ok
21:03:41.0374 3968  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:03:41.0389 3968  usbhub - ok
21:03:41.0405 3968  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:03:41.0421 3968  usbohci - ok
21:03:41.0436 3968  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:03:41.0452 3968  usbprint - ok
21:03:41.0467 3968  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:03:41.0483 3968  usbscan - ok
21:03:41.0499 3968  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:03:41.0530 3968  USBSTOR - ok
21:03:41.0545 3968  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:03:41.0577 3968  usbuhci - ok
21:03:41.0592 3968  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
21:03:41.0639 3968  UxSms - ok
21:03:41.0670 3968  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
21:03:41.0686 3968  VaultSvc - ok
21:03:41.0701 3968  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
21:03:41.0717 3968  VClone - ok
21:03:41.0733 3968  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:03:41.0748 3968  vdrvroot - ok
21:03:41.0779 3968  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
21:03:41.0826 3968  vds - ok
21:03:41.0857 3968  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:03:41.0873 3968  vga - ok
21:03:41.0889 3968  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:03:41.0920 3968  VgaSave - ok
21:03:41.0967 3968  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:03:41.0982 3968  vhdmp - ok
21:03:41.0998 3968  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:03:42.0013 3968  viaagp - ok
21:03:42.0029 3968  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
21:03:42.0045 3968  ViaC7 - ok
21:03:42.0060 3968  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
21:03:42.0091 3968  viaide - ok
21:03:42.0091 3968  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:03:42.0107 3968  volmgr - ok
21:03:42.0123 3968  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:03:42.0138 3968  volmgrx - ok
21:03:42.0154 3968  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:03:42.0154 3968  volsnap - ok
21:03:42.0185 3968  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:03:42.0185 3968  vsmraid - ok
21:03:42.0216 3968  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
21:03:42.0247 3968  VSS - ok
21:03:42.0247 3968  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:03:42.0279 3968  vwifibus - ok
21:03:42.0294 3968  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
21:03:42.0325 3968  W32Time - ok
21:03:42.0357 3968  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:03:42.0372 3968  WacomPen - ok
21:03:42.0388 3968  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:03:42.0419 3968  WANARP - ok
21:03:42.0419 3968  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:03:42.0435 3968  Wanarpv6 - ok
21:03:42.0481 3968  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
21:03:42.0559 3968  wbengine - ok
21:03:42.0575 3968  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:03:42.0606 3968  WbioSrvc - ok
21:03:42.0622 3968  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:03:42.0637 3968  wcncsvc - ok
21:03:42.0653 3968  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:03:42.0700 3968  WcsPlugInService - ok
21:03:42.0715 3968  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:03:42.0731 3968  Wd - ok
21:03:42.0762 3968  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:03:42.0778 3968  Wdf01000 - ok
21:03:42.0793 3968  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:03:42.0856 3968  WdiServiceHost - ok
21:03:42.0856 3968  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:03:42.0887 3968  WdiSystemHost - ok
21:03:42.0903 3968  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
21:03:42.0918 3968  WebClient - ok
21:03:42.0949 3968  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:03:42.0981 3968  Wecsvc - ok
21:03:43.0012 3968  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:03:43.0043 3968  wercplsupport - ok
21:03:43.0059 3968  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:03:43.0090 3968  WerSvc - ok
21:03:43.0090 3968  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:03:43.0121 3968  WfpLwf - ok
21:03:43.0137 3968  [ 4D7602B0B5CA33720CBE08CBC4A9D8E3 ] WIBUKEY         C:\Windows\system32\DRIVERS\WibuKey.sys
21:03:43.0152 3968  WIBUKEY - ok
21:03:43.0168 3968  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:03:43.0183 3968  WIMMount - ok
21:03:43.0215 3968  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:03:43.0230 3968  WinDefend - ok
21:03:43.0230 3968  WinHttpAutoProxySvc - ok
21:03:43.0277 3968  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:03:43.0324 3968  Winmgmt - ok
21:03:43.0355 3968  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:03:43.0402 3968  WinRM - ok
21:03:43.0433 3968  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:03:43.0449 3968  WinUsb - ok
21:03:43.0480 3968  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:03:43.0511 3968  Wlansvc - ok
21:03:43.0527 3968  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:03:43.0542 3968  WmiAcpi - ok
21:03:43.0558 3968  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:03:43.0573 3968  wmiApSrv - ok
21:03:43.0636 3968  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:03:43.0683 3968  WMPNetworkSvc - ok
21:03:43.0714 3968  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:03:43.0745 3968  WPCSvc - ok
21:03:43.0761 3968  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:03:43.0792 3968  WPDBusEnum - ok
21:03:43.0807 3968  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:03:43.0854 3968  ws2ifsl - ok
21:03:43.0870 3968  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:03:43.0917 3968  wscsvc - ok
21:03:43.0917 3968  WSearch - ok
21:03:43.0963 3968  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:03:44.0041 3968  wuauserv - ok
21:03:44.0041 3968  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:03:44.0073 3968  WudfPf - ok
21:03:44.0104 3968  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:03:44.0135 3968  WUDFRd - ok
21:03:44.0151 3968  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:03:44.0182 3968  wudfsvc - ok
21:03:44.0213 3968  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:03:44.0244 3968  WwanSvc - ok
21:03:44.0260 3968  ================ Scan global ===============================
21:03:44.0275 3968  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:03:44.0291 3968  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
21:03:44.0307 3968  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
21:03:44.0322 3968  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:03:44.0338 3968  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:03:44.0353 3968  [Global] - ok
21:03:44.0353 3968  ================ Scan MBR ==================================
21:03:44.0353 3968  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:03:44.0759 3968  \Device\Harddisk0\DR0 - ok
21:03:44.0759 3968  ================ Scan VBR ==================================
21:03:44.0759 3968  [ FA4F1FDC3D8B868E67A81228CBFBD665 ] \Device\Harddisk0\DR0\Partition1
21:03:44.0759 3968  \Device\Harddisk0\DR0\Partition1 - ok
21:03:44.0759 3968  ============================================================
21:03:44.0759 3968  Scan finished
21:03:44.0759 3968  ============================================================
21:03:44.0775 6044  Detected object count: 7
21:03:44.0775 6044  Actual detected object count: 7
21:04:59.0171 6044  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0171 6044  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:04:59.0171 6044  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0171 6044  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:04:59.0171 6044  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0171 6044  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:04:59.0171 6044  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0171 6044  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:04:59.0187 6044  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0187 6044  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:04:59.0187 6044  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0187 6044  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:04:59.0187 6044  sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0187 6044  sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 20.09.2012, 11:21   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.09.2012, 19:33   #25
tobias8311
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Code:
ATTFilter
ComboFix 12-09-20.02 - Admin 20.09.2012  20:21:27.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2978.2010 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-20 bis 2012-09-20  ))))))))))))))))))))))))))))))
.
.
2012-09-20 18:26 . 2012-09-20 18:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-19 19:28 . 2012-09-19 19:28	--------	d-----w-	c:\users\***
2012-09-19 19:01 . 2012-09-19 19:01	--------	d-----w-	c:\users\***\AppData\Local\ElevatedDiagnostics
2012-09-12 14:05 . 2012-09-12 14:05	--------	d-----w-	c:\users\***\AppData\Local\Diagnostics
2012-09-12 13:43 . 2012-09-12 13:43	--------	d-----w-	C:\_OTL
2012-09-12 06:51 . 2012-08-02 16:57	490496	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-12 06:51 . 2012-08-22 17:16	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 06:51 . 2012-08-22 17:16	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 06:51 . 2012-08-22 17:16	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 06:51 . 2012-08-22 17:16	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 06:51 . 2012-07-04 19:45	33280	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-06 19:31 . 2012-09-06 19:31	--------	d-----w-	c:\program files\ESET
2012-09-06 06:36 . 2012-09-06 06:36	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2012-09-05 12:31 . 2012-09-05 12:31	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2012-09-05 11:50 . 2012-09-05 11:50	--------	d-----w-	c:\program files\Common Files\xing shared
2012-09-05 11:32 . 2012-09-05 11:32	--------	d-----w-	c:\users\***\AppData\Local\Mozilla
2012-09-05 11:26 . 2012-09-05 11:26	--------	d-----w-	c:\program files\Common Files\Java
2012-09-05 11:25 . 2012-09-05 11:25	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-05 09:06 . 2012-09-05 09:06	--------	d-----w-	c:\program files\Secunia
2012-09-05 08:53 . 2012-09-05 08:53	--------	d-----w-	c:\users\***\AppData\Local\Mozilla
2012-09-05 08:53 . 2012-09-07 17:49	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-08-30 09:20 . 2012-08-30 09:20	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2012-08-30 07:42 . 2012-02-11 05:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2012-08-30 07:42 . 2012-02-11 05:37	317440	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-30 07:40 . 2012-05-05 07:46	400896	----a-w-	c:\windows\system32\srcore.dll
2012-08-30 07:30 . 2012-08-30 07:30	--------	d-----w-	c:\users\***\AppData\Roaming\RealNetworks
2012-08-30 07:27 . 2012-08-30 07:27	--------	d-----w-	c:\users\***\AppData\Local\WindowsUpdate
2012-08-30 07:24 . 2012-08-30 07:24	--------	d-----w-	c:\users\***\AppData\Local\Secunia PSI
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2012-07-09 20:47	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-05 12:31 . 2012-07-13 11:06	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-05 12:31 . 2012-01-15 13:06	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 11:49 . 2009-05-21 19:21	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-09-05 11:49 . 2009-05-21 17:57	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-09-05 11:25 . 2012-01-22 15:57	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-18 17:47 . 2012-08-14 20:06	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-14 20:06	41984	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-14 20:06	102912	----a-w-	c:\windows\system32\browser.dll
2012-06-29 00:16 . 2012-08-15 16:12	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-15 16:12	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-15 16:12	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 16:12	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 16:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\system32\msxml4.dll
2012-09-07 09:48 . 2012-09-07 09:48	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecureBanking"="c:\program files\Secure Banking\SecureBanking.exe" [2012-09-10 372736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 144664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 187672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-09-05 296096]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Secure Banking.lnk - c:\program files\Secure Banking\SecureBanking.exe [2012-9-10 372736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
2012-06-21 22:09	2786512	----a-w-	c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-05 11:49	296096	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\system32\IntelCpHeciSvc.exe [x]
R3 FscBapi;FscBapi;c:\windows\system32\DRIVERS\FscBapi.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 hugoio;hugoio;c:\program files\i-Menu\hugoio.sys [x]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 FscEfDmi;FscEfDmi;c:\windows\system32\DRIVERS\FscEfDmi.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SysmonCharos;SysmonCharos;c:\windows\system32\DRIVERS\SysmonCharos.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 12:31]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-28 15:05]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-28 15:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\razzfai9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-20  20:27:44
ComboFix-quarantined-files.txt  2012-09-20 18:27
.
Vor Suchlauf: 11 Verzeichnis(se), 320.150.065.152 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 320.048.041.984 Bytes frei
.
- - End Of File - - A5677F3CE9461251647BC32F9D2C60C9
         

Alt 21.09.2012, 11:44   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.09.2012, 18:31   #27
tobias8311
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Bei aswMBR kam die beschriebene Fehlermeldung, der Scan wurde dann mit "none" durchgeführt.

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-21 18:05:10
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500DM0 rev.KC44
Running: 0e3f691p.exe; Driver: C:\Users\***\AppData\Local\Temp\afriiuoc.sys


---- System - GMER 1.0.15 ----

SSDT                                                                                                                                  \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                         ZwClose [0x8F8FE444]
SSDT                                                                                                                                  \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                         ZwCreateFile [0x8F8FDC8A]
SSDT                                                                                                                                  \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                         ZwCreateKey [0x8F8FD958]
SSDT                                                                                                                                  \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                         ZwCreateSection [0x8F8FF520]
SSDT                                                                                                                                  90ECE4B6                                                                                              ZwCreateSymbolicLinkObject
SSDT                                                                                                                                  \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                         ZwDeleteKey [0x8F8FDA68]
SSDT                                                                                                                                  \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                         ZwDeleteValueKey [0x8F8FDB5A]
SSDT                                                                                                                                  \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                         ZwLoadDriver [0x8F8FE780]
SSDT                                                                                                                                  \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                         ZwOpenFile [0x8F8FDF9C]
SSDT                                                                                                                                  90ECE4B1                                                                                              ZwOpenSection
SSDT                                                                                                                                  90ECE4E8                                                                                              ZwRequestWaitReplyPort
SSDT                                                                                                                                  90ECE4E3                                                                                              ZwSetContextThread
SSDT                                                                                                                                  \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                         ZwSetInformationFile [0x8F8FE0D2]
SSDT                                                                                                                                  90ECE4ED                                                                                              ZwSetSecurityObject
SSDT                                                                                                                                  90ECE4C0                                                                                              ZwSetSystemInformation
SSDT                                                                                                                                  \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                         ZwSetValueKey [0x8F8FD77E]
SSDT                                                                                                                                  90ECE4F2                                                                                              ZwSystemDebugControl
SSDT                                                                                                                                  \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                         ZwTerminateProcess [0x8F8FE6C8]
SSDT                                                                                                                                  \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                         ZwWriteFile [0x8F8FE2BC]
SSDT                                                                                                                                  90ECE47A                                                                                              ZwWriteVirtualMemory
SSDT                                                                                                                                  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                          ZwOpenKey [0x82E4AFE7]
SSDT                                                                                                                                  \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82E4AFE7]                                         ZwOpenKey [0x82E4AFE7]

INT 0x03                                                                                                                              \SystemRoot\system32\ntkrnlpa.exe[unknown section]                                                    82E4AFFB

---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                              82E883C9 1 Byte  [06]
.text                                                                                                                                 ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                82EC1D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                   82EC8E24 4 Bytes  [44, E4, 8F, 8F]
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 11AF                                                                   82EC8E64 4 Bytes  [8A, DC, 8F, 8F]
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 11BF                                                                   82EC8E74 4 Bytes  [58, D9, 8F, 8F]
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                   82EC8EAC 4 Bytes  [20, F5, 8F, 8F]
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                                   82EC8EB4 4 Bytes  [B6, E4, EC, 90] {MOV DH, 0xe4; IN AL, DX ; NOP }
.text                                                                                                                                 ...                                                                                                   
.text                                                                                                                                 C:\Windows\system32\drivers\aksfridge.sys                                                             section is writeable [0x9A421000, 0x49379, 0xE0000020]
.init                                                                                                                                 C:\Windows\system32\drivers\aksfridge.sys                                                             entry point in ".init" section [0x9A477224]
.init                                                                                                                                 C:\Windows\system32\drivers\aksfridge.sys                                                             unknown last code section [0x9A477000, 0x4000, 0xE20000E0]
.text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys                                                              section is writeable [0x9A47B400, 0x6EB98, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9A505C20]  C:\Windows\system32\drivers\hardlock.sys                                                              entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9A505C20]
.protectÿÿÿÿhardlockunknown last code section [0x9A505A00, 0x50CA, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys                                                              unknown last code section [0x9A505A00, 0x50CA, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\Program Files\Real\RealPlayer\Update\realsched.exe[2308] kernel32.dll!SetUnhandledExceptionFilter  7726F4FB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                       [744724CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                  [7445562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                 [744556EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                        [74472546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]              [744685AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                [74464D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]               [74465105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]              [744651DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]     [74466707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]               [74468301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]          [74468850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]        [744690B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]              [7446E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                  [74464C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume1                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume1                                                                rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device                                                                                                                                \Driver\ACPI_HAL \Device\0000004c                                                                     halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device                                                                                                                                \Driver\Disk \Device\Harddisk0\DR0                                                                    aksfridge.sys

AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:13:02 on 21.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL
"Nero BurnRights 10" - "Nero AG" - C:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"afriiuoc" (afriiuoc) - ? - C:\Users\***\AppData\Local\Temp\afriiuoc.sys  (Hidden registry entry, rootkit activity | File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"FscBapi" (FscBapi) - ? - C:\Windows\System32\DRIVERS\FscBapi.sys  (File not found)
"hugoio" (hugoio) - ? - C:\Program Files\i-Menu\hugoio.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys
"Spyware Terminator 2012 Realtime Shield Driver" (sp_rsdrv2) - ? - C:\Windows\system32\drivers\sp_rsdrv2.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"WIBU-KEY Kernel Driver" (WIBUKEY) - "WIBU-SYSTEMS AG" - C:\Windows\System32\DRIVERS\WibuKey.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{9F2C5BFD-3CB1-419F-9F5F-90B32ADD5BA8} "AdpShellExt Class" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Shell\AdpWShellExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{00020000-0000-1011-8004-0000C06B5161} "WIBU-SYSTEMS Shell Extension" - "WIBU-SYSTEMS AG" - C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{4B392032-A759-43ED-9469-377C80A4472D} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM18.dll
{5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll
{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{F32C83B9-DF1D-42AD-9741-C52909703957} "STShellHandler" - "Crawler.com" - C:\Program Files\Spyware Terminator\STShell.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{00020000-0000-1011-8004-0000C06B5161} "WIBU-SYSTEMS Shell Extension" - "WIBU-SYSTEMS AG" - C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_265.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SecureBanking" - ? - C:\Program Files\Secure Banking\SecureBanking.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BrStsMon00" - "Brother Industries, Ltd." - C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Autodesk Content Service" (Autodesk Content Service) - ? - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"BrYNSvc" (BrYNSvc) - "Brother Industries, Ltd." - C:\Program Files\Browny02\BrYNSvc.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Flexera Software, Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files\Secunia\PSI\sua.exe
"Spyware Terminator 2012 Realtime Shield Service" (ST2012_Svc) - "Crawler.com" - C:\Program Files\Spyware Terminator\st_rsser.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 19:20:30
-----------------------------
19:20:30.047    OS Version: Windows 6.1.7601 Service Pack 1
19:20:30.047    Number of processors: 4 586 0x2A07
19:20:30.048    ComputerName: ***  UserName: ***
19:20:33.236    Initialize success
19:20:37.751    AVAST engine defs: 12092100
19:20:48.660    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:20:48.661    Disk 0 Vendor: ST500DM0 KC44 Size: 476940MB BusType: 3
19:20:48.832    Disk 0 MBR read successfully
19:20:48.833    Disk 0 MBR scan
19:20:48.836    Disk 0 Windows 7 default MBR code
19:20:48.867    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476937 MB offset 63
19:20:48.991    Disk 0 scanning sectors +976768065
19:20:49.343    Disk 0 scanning C:\Windows\system32\drivers
19:21:56.476    Service scanning
19:22:17.965    Modules scanning
19:23:30.427    Disk 0 trace - called modules:
19:23:30.468    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
19:23:30.470    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x879731f8]
19:23:30.474    3 CLASSPNP.SYS[8b78559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85e19028]
19:23:30.477    Scan finished successfully
19:24:01.666    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
19:24:01.670    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         

Alt 21.09.2012, 21:29   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.09.2012, 17:27   #29
tobias8311
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/23/2012 at 06:11 PM

Application Version : 5.5.1016

Core Rules Database Version : 9275
Trace Rules Database Version: 7087

Scan type       : Complete Scan
Total Scan Time : 01:49:23

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 742
Memory threats detected   : 0
Registry items scanned    : 38898
Registry threats detected : 1
File items scanned        : 207754
File threats detected     : 244

Adware.IEPlugin
	HKCR\Remove

Adware.Tracking Cookie
	C:\Users***\AppData\Roaming\Microsoft\Windows\Cookies\QKYVCDKR.txt [ /2o7.net ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\6O6V65MX.txt [ Cookie:***@traffictrack.de/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\N5QNP0LZ.txt [ Cookie:***@quartermedia.de/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\Q9W62YJ0.txt [ Cookie:***@tradedoubler.com/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\GFL2BDQV.txt [ Cookie:***@de.sitestat.com/sport1/sport1-de/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\O7P2XZYV.txt [ Cookie:***@de.sitestat.com/sport1/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\ZEYDABMS.txt [ Cookie:***@ad.zanox.com/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\8UX07KGP.txt [ Cookie:***@zanox.com/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\P27930QS.txt [ Cookie:***@tracking.quisma.com/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\4DG9XDS9.txt [ Cookie:***@invitemedia.com/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\ZALC7H0W.txt [ Cookie:***@zanox-affiliate.de/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\E7TVFQAP.txt [ Cookie:***@adfarm1.adition.com/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\XRWHGVKU.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\Low\0SXXME30.txt [ Cookie:***@zieltrack.com/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\Low\FOAQCE1T.txt [ Cookie:***@doubleclick.net/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\Low\LQ3RSQSM.txt [ Cookie:***@ad.zanox.com/ ]
	C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\Low\IVB7VQKJ.txt [ Cookie:***@adfarm1.adition.com/ ]
	C:\USERS***\Cookies\6O6V65MX.txt [ Cookie:***@traffictrack.de/ ]
	C:\USERS***\Cookies\N5QNP0LZ.txt [ Cookie:***@quartermedia.de/ ]
	C:\USERS***\Cookies\Q9W62YJ0.txt [ Cookie:***@tradedoubler.com/ ]
	C:\USERS***\Cookies\GFL2BDQV.txt [ Cookie:***@de.sitestat.com/sport1/sport1-de/ ]
	C:\USERS***\Cookies\O7P2XZYV.txt [ Cookie:***@de.sitestat.com/sport1/ ]
	C:\USERS***\Cookies\ZEYDABMS.txt [ Cookie:***@ad.zanox.com/ ]
	C:\USERS***\Cookies\8UX07KGP.txt [ Cookie:***@zanox.com/ ]
	C:\USERS***\Cookies\P27930QS.txt [ Cookie:***@tracking.quisma.com/ ]
	C:\USERS***\Cookies\4DG9XDS9.txt [ Cookie:***@invitemedia.com/ ]
	C:\USERS***\Cookies\ZALC7H0W.txt [ Cookie:***@zanox-affiliate.de/ ]
	C:\USERS***\Cookies\E7TVFQAP.txt [ Cookie:***@adfarm1.adition.com/ ]
	C:\USERS***\Cookies\XRWHGVKU.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]
	.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	.112.2o7.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.tradetracker.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.ad2.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.ad4.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.de.sitestat.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.quartermedia.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.quartermedia.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.de.sitestat.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.ad1.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.ad.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.ad.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	server.lon.liveperson.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.tradetracker.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.a.revenuemax.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.office-discount.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.office-discount.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.office-discount.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wjloejdzmdp.stats.esomniture.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wdk4goazefo.stats.esomniture.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	count.asnetworks.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.ingfinder.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.ingfinder.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.stats.paypal.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.netgear.122.2o7.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.23.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ***PC-TOWER [Administrator]

Schutz: Deaktiviert

23.09.2012 12:28:50
mbam-log-2012-09-23 (12-28-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 467249
Laufzeit: 2 Stunde(n), 6 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 23.09.2012, 19:00   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infiziert mit Trojan.Ransom - Standard

Infiziert mit Trojan.Ransom



Sieht ok aus, da wurden nur Cookies und ein Überrest gefunden, kann alles weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Infiziert mit Trojan.Ransom
angehängt, datei, dateien, entferne, entfernen, folge, folgendes, gefunde, infiziert, kontrolle, log, log datei, malwarebytes, mbam, quarantäne, scan, suchlauf, tojan.ransom, troja, trojan.ransom, weiterer




Ähnliche Themen: Infiziert mit Trojan.Ransom


  1. Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (23)
  2. Nach spontanen mbam scan: Trojan.Phex.THAGen6 und Trojan.Ransom.ED
    Log-Analyse und Auswertung - 22.12.2013 (1)
  3. Trojan.Ransom.SUGen/PUM.Hijack.StartMenu/und Trojan Ransom
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (2)
  4. Mehrere Trojaner im Temp Ordner (Trojan.Citadel.IE, Trojan.Ransom.CT, Trojan.Zlob)
    Log-Analyse und Auswertung - 14.04.2013 (7)
  5. Trojan.Ransom.ED, Trojan.Agent.ED und Trojan.FakeMS.PRGen auf laptop
    Log-Analyse und Auswertung - 13.04.2013 (9)
  6. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  7. Bublik b.; Trojan.Ransom.ED; Trojan.Agent.ED und Trojan.FakeMS.PRGen in Email?
    Mülltonne - 28.03.2013 (0)
  8. Vista: Trojan.Ransom.Gen; Trojan.0Access; Trojan.Agent; Firewall inaktiv
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (3)
  9. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  10. Trojan.Downloader, Riskware.tool.ck, exploit.drop.gs & Trojan.Ransom.SUGen in different locations!
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (1)
  11. 2 Funde Trojan.Ransom.SUGen Trojan.Ransom
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (15)
  12. BKA-Virus, PUM.UserWLoad, Trojan.Delf, Trojan.Ransom.Gen, alles auf einmal
    Log-Analyse und Auswertung - 18.11.2012 (23)
  13. Hilfe Virus! Internet tot!Trojan.Ransom.FGen Trojan.0Access
    Log-Analyse und Auswertung - 07.10.2012 (13)
  14. Auf meinem PC: PUM.Disabled.SecurityCenter, Exploit.Drop.GS, Trojan.Delf, Trojan.Ransom.Gen
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (29)
  15. Infiziert mit Spyware.Zbot.DG und Trojan.Ransom.Gen
    Log-Analyse und Auswertung - 09.08.2012 (2)
  16. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)
  17. Computer mit TR/Ransom.EJ.3 infiziert
    Log-Analyse und Auswertung - 08.04.2012 (27)

Zum Thema Infiziert mit Trojan.Ransom - Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: - Infiziert mit Trojan.Ransom...

Alle Zeitangaben in WEZ +1. Es ist jetzt 13:41 Uhr.


Copyright ©2000-2024, Trojaner-Board
Archiv
Du betrachtest: Infiziert mit Trojan.Ransom auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.