Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.JS.Iframe.BY auf PC gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.10.2012, 21:03   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Code:
ATTFilter
PRC - [2012.10.10 19:26:55 | 003,084,176 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.10.05 14:30:36 | 000,876,240 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
         
Sry sowas geht echt garnicht, zwei solcher Virenscanner sollte man nie gleichzeitig/parallel betreiben
A-Squared wäre nicht meine 1. Wahl als Virenscanner und von Comodo IS muss man schon aus Prinzip abraten weil SecuritySuites idR blanker kontraproduktiver Unsinn sind

Ich würde empfehlen du deinstallierst beide und wenn wir durch sind kann wieder ein Virenscanner rauf, sowas wie Avast oder MSE - meinetwegen kannst du es aber auch bei A-Squared belassen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.10.2012, 11:48   #17
Kaby
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Hallo!

Sorry, dass ich mich jetzt erst jetzt melde, war gestern Abend doch ziemlich fertig.

Ich dachte es ist okay, wenn ich nur ein Programm mit Aktivschutz laufen lasse und Emisoft nur hin und wieder mal aktivere um zu scannen. Beide Programme sind jetzt unten. Windows ist jetzt halt unglücklich, weil ich im Moment gar keinen Aktivvirenscanner habe.

Als ich auf meinem Administratoraccount einloggte, um die beiden Programme zu deinstallieren, ist mir dort ein Programm auf dem Desktop namens "Recent Places" aufgefallen! Ich bin mir sehr sicher, dass das beim letzten Mal noch nicht dort war, obwohl es angeblich schon im März installiert wurde.

Was könnte das sein? Ist das gefährlich?
__________________


Alt 21.10.2012, 12:14   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Recent Places sagt mir nichts

Mach bitte wie o.g. ein neues OTL-Log
__________________
__________________

Alt 21.10.2012, 12:28   #19
Kaby
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Okay

Hier ist das neue Log!

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.10.2012 13:18:38 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kerstin normal\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 6,98 Gb Available Physical Memory | 87,35% Memory free
15,97 Gb Paging File | 14,90 Gb Available in Paging File | 93,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 12,45 Gb Free Space | 22,31% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 765,46 Gb Free Space | 82,17% Space Free | Partition Type: NTFS
Drive E: | 4,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ANGELSCAGE | User Name: Kerstin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.21 13:16:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kerstin normal\Desktop\OTL.exe
PRC - [2012.10.11 18:15:26 | 001,853,584 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2012.10.03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011.08.12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.08.12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.22 15:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.08.12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2011.08.12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2011.08.12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2011.08.12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2011.08.12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2011.08.12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.11 18:15:26 | 001,853,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012.10.09 20:37:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.03.01 03:00:15 | 000,398,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011.12.13 19:44:16 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011.12.12 22:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.12.12 22:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.11.24 09:30:43 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.11.24 09:30:43 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.19 11:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011.08.19 11:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.06.10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.06.10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.14 10:38:20 | 000,364,520 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.04.14 10:38:20 | 000,121,832 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.03.07 11:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.03.07 11:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.04.13 16:08:04 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2010.04.13 16:08:04 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2010.04.13 16:08:00 | 000,340,008 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2006.11.01 07:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.04.19 11:13:50 | 000,010,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programme\Afterburner\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3808264291-3804557767-2819016222-1001\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3808264291-3804557767-2819016222-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3808264291-3804557767-2819016222-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3808264291-3804557767-2819016222-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3808264291-3804557767-2819016222-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 21 62 D8 76 04 CD 01  [binary data]
IE - HKU\S-1-5-21-3808264291-3804557767-2819016222-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3808264291-3804557767-2819016222-1002\..\SearchScopes\{3F5C58FB-8CC0-4D7A-B274-CFD5BC4D8FBE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=ee03736b-e452-4293-8a0b-9c303deca396&apn_sauid=AA2118E6-414A-4A89-BC1F-B2951F411BC9
IE - HKU\S-1-5-21-3808264291-3804557767-2819016222-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3808264291-3804557767-2819016222-1005\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3808264291-3804557767-2819016222-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/#hl=de&output=search&sclient=psy-ab&q=trojaner+board&oq=troj&gs_l=hp.1.0.35i39l2j0l2.1674.2217.0.4083.4.4.0.0.0.0.217.491.3j0j1.4.0...0.0...1c.1.NjLosBuOkus&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.&fp=1f8edf929568f4b3&bpcl=35277026&biw=1920&bih=956|https://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 13:26:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.17 22:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Extensions
[2012.10.14 01:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\w3cwazlb.default\extensions
[2012.07.24 22:27:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Kerstin\AppData\Roaming\mozilla\firefox\profiles\w3cwazlb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.18 16:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.13 13:26:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.11 16:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012.06.18 13:55:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 10:43:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 13:55:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 13:55:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 13:55:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 13:55:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3808264291-3804557767-2819016222-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3808264291-3804557767-2819016222-1002..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-3808264291-3804557767-2819016222-1002..\Run: [ICQ] D:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3808264291-3804557767-2819016222-1002..\Run: [Skype] D:\Programme\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3808264291-3804557767-2819016222-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC636A3E-06B9-46C7-9DEF-F294984D0CB7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.07.31 03:20:10 | 000,055,176 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2012.05.22 23:23:10 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{69bf699e-7067-11e1-985c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{69bf699e-7067-11e1-985c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.07.31 03:20:10 | 000,055,176 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.RTV1 - C:\Windows\SysWow64\rtvcvfw32.dll ()
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.16 08:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.16 08:04:07 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Kerstin\Desktop\esetsmartinstaller_enu.exe
[2012.10.16 07:59:25 | 000,000,000 | ---D | C] -- C:\Users\Kerstin\AppData\Local\Logitech® Webcam-Software
[2012.10.16 07:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.10.16 07:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS
[2012.10.16 07:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012.10.14 19:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.14 19:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.10.13 21:04:40 | 000,000,000 | ---D | C] -- C:\Users\Kerstin\AppData\Local\Mozilla
[2012.09.30 00:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.09.22 16:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.21 12:54:28 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 12:54:28 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 12:51:37 | 001,529,252 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.21 12:51:37 | 000,665,062 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.21 12:51:37 | 000,625,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.21 12:51:37 | 000,134,972 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.21 12:51:37 | 000,110,624 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.21 12:47:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.21 12:47:21 | 2136,592,383 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.21 01:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.20 12:56:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.20 12:40:01 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.10.19 21:06:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.10.18 18:15:41 | 000,001,112 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.10.16 08:04:08 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Kerstin\Desktop\esetsmartinstaller_enu.exe
[2012.10.16 07:53:25 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2012.10.14 20:19:13 | 000,002,485 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.10.14 19:33:44 | 000,005,898 | ---- | M] () -- C:\Users\Kerstin\Desktop\Logfile.7z
[2012.10.14 18:00:09 | 000,000,000 | ---- | M] () -- C:\Users\Kerstin\defogger_reenable
[2012.10.14 02:07:05 | 000,050,477 | ---- | M] () -- C:\Users\Kerstin\Desktop\Defogger.exe
[2012.10.10 08:32:20 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012.10.03 00:21:00 | 000,016,127 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.10.02 21:51:15 | 003,536,817 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.22 16:34:37 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.16 07:53:53 | 000,001,112 | ---- | C] () -- C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.10.16 07:53:25 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2012.10.14 19:33:44 | 000,005,898 | ---- | C] () -- C:\Users\Kerstin\Desktop\Logfile.7z
[2012.10.14 18:00:09 | 000,000,000 | ---- | C] () -- C:\Users\Kerstin\defogger_reenable
[2012.10.14 02:07:05 | 000,050,477 | ---- | C] () -- C:\Users\Kerstin\Desktop\Defogger.exe
[2012.07.23 22:25:28 | 000,007,605 | ---- | C] () -- C:\Users\Kerstin\AppData\Local\Resmon.ResmonCfg
[2012.04.21 20:48:19 | 000,000,095 | ---- | C] () -- C:\Users\Kerstin\AppData\Local\fusioncache.dat
[2012.03.18 17:17:21 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.03.18 17:17:21 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.03.18 16:33:22 | 001,554,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.15 12:11:06 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Ad-Aware Antivirus
[2012.10.20 12:53:37 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\ICQ
[2012.07.27 14:07:07 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Leadertech
[2012.09.14 20:39:51 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Origin
[2012.03.18 19:52:48 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\RIFT
[2012.10.18 19:14:16 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\SoftGrid Client
[2012.03.18 16:34:24 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\TP
[2012.10.20 03:18:41 | 000,000,000 | ---D | M] -- C:\Users\Kerstin normal\AppData\Roaming\ICQ
[2012.10.19 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Kerstin normal\AppData\Roaming\SoftGrid Client
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.15 12:11:06 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Ad-Aware Antivirus
[2012.03.27 22:17:29 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Adobe
[2012.10.20 12:53:37 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\ICQ
[2012.03.17 21:36:27 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Identities
[2012.07.27 14:07:07 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Leadertech
[2012.03.18 20:34:49 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Macromedia
[2012.07.05 23:01:05 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Malwarebytes
[2010.11.21 09:00:23 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Media Center Programs
[2012.09.14 19:52:36 | 000,000,000 | --SD | M] -- C:\Users\Kerstin\AppData\Roaming\Microsoft
[2012.04.22 23:58:56 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Mozilla
[2012.06.29 20:38:24 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\NVIDIA
[2012.09.14 20:39:51 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Origin
[2012.03.18 19:52:48 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\RIFT
[2012.10.20 12:39:34 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Skype
[2012.10.18 19:14:16 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\SoftGrid Client
[2012.03.18 16:34:24 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\TP
 
< %APPDATA%\*.exe /s >
[2012.10.16 07:53:53 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Kerstin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.09.14 19:52:36 | 000,010,134 | R--- | M] () -- C:\Users\Kerstin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.11.24 09:30:43 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.11.24 09:30:43 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.11.24 09:30:43 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.11.24 09:30:43 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.11.24 09:30:43 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.11.24 09:30:43 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.11.24 09:30:43 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.11.24 09:30:43 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---

Alt 21.10.2012, 12:48   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Ist recht unauffällig

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.10.2012, 13:11   #21
Kaby
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Huhu!

Okay, hier ist das TDSS-Log

Code:
ATTFilter
14:06:45.0165 3196  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:06:45.0337 3196  ============================================================
14:06:45.0337 3196  Current date / time: 2012/10/21 14:06:45.0337
14:06:45.0337 3196  SystemInfo:
14:06:45.0337 3196  
14:06:45.0337 3196  OS Version: 6.1.7601 ServicePack: 1.0
14:06:45.0337 3196  Product type: Workstation
14:06:45.0337 3196  ComputerName: ANGELSCAGE
14:06:45.0337 3196  UserName: Kerstin
14:06:45.0337 3196  Windows directory: C:\Windows
14:06:45.0337 3196  System windows directory: C:\Windows
14:06:45.0337 3196  Running under WOW64
14:06:45.0337 3196  Processor architecture: Intel x64
14:06:45.0337 3196  Number of processors: 6
14:06:45.0337 3196  Page size: 0x1000
14:06:45.0337 3196  Boot type: Normal boot
14:06:45.0337 3196  ============================================================
14:06:45.0555 3196  Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:06:45.0571 3196  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:06:45.0587 3196  ============================================================
14:06:45.0587 3196  \Device\Harddisk0\DR0:
14:06:45.0587 3196  MBR partitions:
14:06:45.0587 3196  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:06:45.0587 3196  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
14:06:45.0587 3196  \Device\Harddisk1\DR1:
14:06:45.0587 3196  MBR partitions:
14:06:45.0587 3196  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:06:45.0587 3196  ============================================================
14:06:45.0587 3196  C: <-> \Device\Harddisk0\DR0\Partition2
14:06:45.0602 3196  D: <-> \Device\Harddisk1\DR1\Partition1
14:06:45.0602 3196  ============================================================
14:06:45.0602 3196  Initialize success
14:06:45.0602 3196  ============================================================
14:07:23.0635 4556  ============================================================
14:07:23.0635 4556  Scan started
14:07:23.0635 4556  Mode: Manual; SigCheck; TDLFS; 
14:07:23.0635 4556  ============================================================
14:07:23.0744 4556  ================ Scan system memory ========================
14:07:23.0744 4556  System memory - ok
14:07:23.0744 4556  ================ Scan services =============================
14:07:23.0791 4556  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:07:23.0822 4556  1394ohci - ok
14:07:23.0822 4556  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:07:23.0838 4556  ACPI - ok
14:07:23.0838 4556  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:07:23.0853 4556  AcpiPmi - ok
14:07:23.0869 4556  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:07:23.0869 4556  AdobeARMservice - ok
14:07:23.0885 4556  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:07:23.0900 4556  AdobeFlashPlayerUpdateSvc - ok
14:07:23.0900 4556  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:07:23.0916 4556  adp94xx - ok
14:07:23.0931 4556  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:07:23.0931 4556  adpahci - ok
14:07:23.0947 4556  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:07:23.0947 4556  adpu320 - ok
14:07:23.0963 4556  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:07:23.0978 4556  AeLookupSvc - ok
14:07:23.0978 4556  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:07:23.0994 4556  AFD - ok
14:07:24.0009 4556  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:07:24.0009 4556  agp440 - ok
14:07:24.0009 4556  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:07:24.0025 4556  ALG - ok
14:07:24.0025 4556  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:07:24.0025 4556  aliide - ok
14:07:24.0041 4556  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:07:24.0041 4556  amdide - ok
14:07:24.0041 4556  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:07:24.0056 4556  AmdK8 - ok
14:07:24.0056 4556  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:07:24.0056 4556  AmdPPM - ok
14:07:24.0072 4556  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:07:24.0072 4556  amdsata - ok
14:07:24.0072 4556  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:07:24.0087 4556  amdsbs - ok
14:07:24.0087 4556  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:07:24.0103 4556  amdxata - ok
14:07:24.0103 4556  [ A1434F35B7B171CB697D74D33F7D029F ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
14:07:24.0103 4556  amd_sata - ok
14:07:24.0119 4556  [ E9B5A82FA268BB2D1B012030D5F4E096 ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
14:07:24.0119 4556  amd_xata - ok
14:07:24.0119 4556  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:07:24.0197 4556  AppID - ok
14:07:24.0197 4556  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:07:24.0228 4556  AppIDSvc - ok
14:07:24.0228 4556  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:07:24.0259 4556  Appinfo - ok
14:07:24.0259 4556  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
14:07:24.0259 4556  arc - ok
14:07:24.0275 4556  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:07:24.0275 4556  arcsas - ok
14:07:24.0275 4556  [ E3B9C89D2ED4A538AB2FC6EC76FA2B17 ] asmthub3        C:\Windows\system32\drivers\asmthub3.sys
14:07:24.0290 4556  asmthub3 - ok
14:07:24.0290 4556  [ 88CE83BE5176020BE39194A6369AF2C2 ] asmtxhci        C:\Windows\system32\drivers\asmtxhci.sys
14:07:24.0306 4556  asmtxhci - ok
14:07:24.0321 4556  aspnet_state - ok
14:07:24.0321 4556  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:07:24.0337 4556  AsyncMac - ok
14:07:24.0337 4556  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:07:24.0353 4556  atapi - ok
14:07:24.0353 4556  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:07:24.0384 4556  AudioEndpointBuilder - ok
14:07:24.0399 4556  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:07:24.0415 4556  AudioSrv - ok
14:07:24.0431 4556  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:07:24.0431 4556  AxInstSV - ok
14:07:24.0446 4556  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:07:24.0462 4556  b06bdrv - ok
14:07:24.0462 4556  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:07:24.0477 4556  b57nd60a - ok
14:07:24.0477 4556  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:07:24.0493 4556  BDESVC - ok
14:07:24.0493 4556  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:07:24.0509 4556  Beep - ok
14:07:24.0524 4556  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:07:24.0555 4556  BFE - ok
14:07:24.0555 4556  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:07:24.0587 4556  BITS - ok
14:07:24.0602 4556  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:07:24.0602 4556  blbdrive - ok
14:07:24.0602 4556  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:07:24.0618 4556  bowser - ok
14:07:24.0618 4556  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:07:24.0633 4556  BrFiltLo - ok
14:07:24.0633 4556  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:07:24.0633 4556  BrFiltUp - ok
14:07:24.0649 4556  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:07:24.0649 4556  Browser - ok
14:07:24.0649 4556  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:07:24.0665 4556  Brserid - ok
14:07:24.0665 4556  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:07:24.0680 4556  BrSerWdm - ok
14:07:24.0680 4556  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:07:24.0696 4556  BrUsbMdm - ok
14:07:24.0696 4556  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:07:24.0696 4556  BrUsbSer - ok
14:07:24.0711 4556  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:07:24.0711 4556  BTHMODEM - ok
14:07:24.0727 4556  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:07:24.0743 4556  bthserv - ok
14:07:24.0743 4556  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:07:24.0774 4556  cdfs - ok
14:07:24.0774 4556  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
14:07:24.0789 4556  cdrom - ok
14:07:24.0789 4556  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:07:24.0805 4556  CertPropSvc - ok
14:07:24.0821 4556  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:07:24.0821 4556  circlass - ok
14:07:24.0836 4556  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:07:24.0836 4556  CLFS - ok
14:07:24.0852 4556  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:07:24.0852 4556  clr_optimization_v2.0.50727_32 - ok
14:07:24.0852 4556  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:07:24.0867 4556  clr_optimization_v2.0.50727_64 - ok
14:07:24.0867 4556  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:07:24.0883 4556  clr_optimization_v4.0.30319_32 - ok
14:07:24.0883 4556  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:07:24.0883 4556  clr_optimization_v4.0.30319_64 - ok
14:07:24.0899 4556  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:07:24.0899 4556  CmBatt - ok
14:07:24.0899 4556  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:07:24.0914 4556  cmdide - ok
14:07:24.0914 4556  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:07:24.0930 4556  CNG - ok
14:07:24.0945 4556  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:07:24.0945 4556  Compbatt - ok
14:07:24.0945 4556  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:07:24.0961 4556  CompositeBus - ok
14:07:24.0961 4556  COMSysApp - ok
14:07:24.0961 4556  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:07:24.0977 4556  crcdisk - ok
14:07:24.0977 4556  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:07:24.0992 4556  CryptSvc - ok
14:07:24.0992 4556  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:07:25.0008 4556  cvhsvc - ok
14:07:25.0023 4556  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:07:25.0055 4556  DcomLaunch - ok
14:07:25.0055 4556  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:07:25.0086 4556  defragsvc - ok
14:07:25.0086 4556  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:07:25.0101 4556  DfsC - ok
14:07:25.0117 4556  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:07:25.0133 4556  Dhcp - ok
14:07:25.0133 4556  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:07:25.0164 4556  discache - ok
14:07:25.0164 4556  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:07:25.0179 4556  Disk - ok
14:07:25.0179 4556  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:07:25.0195 4556  Dnscache - ok
14:07:25.0195 4556  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:07:25.0211 4556  dot3svc - ok
14:07:25.0226 4556  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:07:25.0242 4556  DPS - ok
14:07:25.0257 4556  [ 28A88BB61B6B4A352729BA22BD2D2604 ] DragonUpdater   C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
14:07:25.0289 4556  DragonUpdater - ok
14:07:25.0289 4556  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:07:25.0304 4556  drmkaud - ok
14:07:25.0320 4556  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:07:25.0320 4556  DXGKrnl - ok
14:07:25.0335 4556  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:07:25.0351 4556  EapHost - ok
14:07:25.0398 4556  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:07:25.0445 4556  ebdrv - ok
14:07:25.0445 4556  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:07:25.0460 4556  EFS - ok
14:07:25.0476 4556  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:07:25.0491 4556  ehRecvr - ok
14:07:25.0507 4556  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:07:25.0507 4556  ehSched - ok
14:07:25.0523 4556  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:07:25.0538 4556  elxstor - ok
14:07:25.0538 4556  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:07:25.0538 4556  ErrDev - ok
14:07:25.0554 4556  [ 3663291D0D26001A2BB67678AB61D14C ] EtronHub3       C:\Windows\System32\Drivers\EtronHub3.sys
14:07:25.0554 4556  EtronHub3 - ok
14:07:25.0554 4556  [ 744420D6C062C38F7361870F010D6D4B ] EtronXHCI       C:\Windows\System32\Drivers\EtronXHCI.sys
14:07:25.0569 4556  EtronXHCI - ok
14:07:25.0569 4556  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:07:25.0601 4556  EventSystem - ok
14:07:25.0601 4556  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:07:25.0632 4556  exfat - ok
14:07:25.0632 4556  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:07:25.0663 4556  fastfat - ok
14:07:25.0663 4556  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:07:25.0679 4556  Fax - ok
14:07:25.0679 4556  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
14:07:25.0694 4556  fdc - ok
14:07:25.0694 4556  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:07:25.0710 4556  fdPHost - ok
14:07:25.0725 4556  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:07:25.0741 4556  FDResPub - ok
14:07:25.0741 4556  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:07:25.0757 4556  FileInfo - ok
14:07:25.0757 4556  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:07:25.0772 4556  Filetrace - ok
14:07:25.0772 4556  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:07:25.0788 4556  flpydisk - ok
14:07:25.0788 4556  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:07:25.0803 4556  FltMgr - ok
14:07:25.0819 4556  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
14:07:25.0835 4556  FontCache - ok
14:07:25.0850 4556  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:07:25.0850 4556  FontCache3.0.0.0 - ok
14:07:25.0850 4556  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:07:25.0866 4556  FsDepends - ok
14:07:25.0866 4556  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:07:25.0866 4556  Fs_Rec - ok
14:07:25.0866 4556  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:07:25.0881 4556  fvevol - ok
14:07:25.0881 4556  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:07:25.0897 4556  gagp30kx - ok
14:07:25.0913 4556  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:07:25.0928 4556  gpsvc - ok
14:07:25.0944 4556  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:07:25.0944 4556  hcw85cir - ok
14:07:25.0944 4556  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:07:25.0959 4556  HDAudBus - ok
14:07:25.0959 4556  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:07:25.0975 4556  HidBatt - ok
14:07:25.0975 4556  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:07:25.0991 4556  HidBth - ok
14:07:25.0991 4556  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:07:25.0991 4556  HidIr - ok
14:07:26.0006 4556  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
14:07:26.0022 4556  hidserv - ok
14:07:26.0022 4556  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:07:26.0037 4556  HidUsb - ok
14:07:26.0037 4556  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:07:26.0053 4556  hkmsvc - ok
14:07:26.0069 4556  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:07:26.0069 4556  HomeGroupListener - ok
14:07:26.0084 4556  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:07:26.0084 4556  HomeGroupProvider - ok
14:07:26.0084 4556  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:07:26.0100 4556  HpSAMD - ok
14:07:26.0115 4556  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:07:26.0131 4556  HTTP - ok
14:07:26.0147 4556  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:07:26.0147 4556  hwpolicy - ok
14:07:26.0147 4556  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:07:26.0162 4556  i8042prt - ok
14:07:26.0162 4556  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
14:07:26.0178 4556  iaStor - ok
14:07:26.0178 4556  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:07:26.0193 4556  iaStorV - ok
14:07:26.0209 4556  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:07:26.0225 4556  idsvc - ok
14:07:26.0225 4556  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:07:26.0225 4556  iirsp - ok
14:07:26.0240 4556  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:07:26.0271 4556  IKEEXT - ok
14:07:26.0318 4556  [ A5F7CEF8A939EBE270462EDEFD629F20 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:07:26.0349 4556  IntcAzAudAddService - ok
14:07:26.0349 4556  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:07:26.0349 4556  intelide - ok
14:07:26.0365 4556  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
14:07:26.0365 4556  intelppm - ok
14:07:26.0365 4556  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:07:26.0396 4556  IPBusEnum - ok
14:07:26.0396 4556  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:07:26.0427 4556  IpFilterDriver - ok
14:07:26.0427 4556  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:07:26.0459 4556  iphlpsvc - ok
14:07:26.0459 4556  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:07:26.0474 4556  IPMIDRV - ok
14:07:26.0474 4556  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:07:26.0490 4556  IPNAT - ok
14:07:26.0505 4556  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:07:26.0505 4556  IRENUM - ok
14:07:26.0505 4556  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:07:26.0521 4556  isapnp - ok
14:07:26.0521 4556  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:07:26.0537 4556  iScsiPrt - ok
14:07:26.0537 4556  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:07:26.0552 4556  kbdclass - ok
14:07:26.0552 4556  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:07:26.0552 4556  kbdhid - ok
14:07:26.0552 4556  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:07:26.0568 4556  KeyIso - ok
14:07:26.0568 4556  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:07:26.0583 4556  KSecDD - ok
14:07:26.0583 4556  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:07:26.0583 4556  KSecPkg - ok
14:07:26.0599 4556  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:07:26.0615 4556  ksthunk - ok
14:07:26.0630 4556  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:07:26.0646 4556  KtmRm - ok
14:07:26.0661 4556  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:07:26.0677 4556  LanmanServer - ok
14:07:26.0693 4556  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:07:26.0708 4556  LanmanWorkstation - ok
14:07:26.0708 4556  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:07:26.0739 4556  lltdio - ok
14:07:26.0739 4556  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:07:26.0771 4556  lltdsvc - ok
14:07:26.0771 4556  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:07:26.0802 4556  lmhosts - ok
14:07:26.0802 4556  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:07:26.0817 4556  LSI_FC - ok
14:07:26.0817 4556  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:07:26.0817 4556  LSI_SAS - ok
14:07:26.0833 4556  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:07:26.0833 4556  LSI_SAS2 - ok
14:07:26.0833 4556  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:07:26.0849 4556  LSI_SCSI - ok
14:07:26.0849 4556  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:07:26.0880 4556  luafv - ok
14:07:26.0880 4556  [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64        C:\Windows\system32\DRIVERS\LVPr2M64.sys
14:07:26.0880 4556  LVPr2M64 - ok
14:07:26.0880 4556  [ EF2BE2F45D4F06410A3BD2A3467325B0 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
14:07:26.0895 4556  LVRS64 - ok
14:07:26.0927 4556  [ AC22F92C6078640FE8A70D662A2F3AD5 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
14:07:26.0989 4556  LVUVC64 - ok
14:07:26.0989 4556  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:07:27.0005 4556  Mcx2Svc - ok
14:07:27.0005 4556  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:07:27.0020 4556  megasas - ok
14:07:27.0020 4556  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:07:27.0036 4556  MegaSR - ok
14:07:27.0036 4556  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:07:27.0051 4556  MMCSS - ok
14:07:27.0067 4556  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:07:27.0083 4556  Modem - ok
14:07:27.0083 4556  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:07:27.0098 4556  monitor - ok
14:07:27.0098 4556  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:07:27.0114 4556  mouclass - ok
14:07:27.0114 4556  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:07:27.0114 4556  mouhid - ok
14:07:27.0114 4556  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:07:27.0129 4556  mountmgr - ok
14:07:27.0129 4556  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:07:27.0145 4556  mpio - ok
14:07:27.0145 4556  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:07:27.0161 4556  mpsdrv - ok
14:07:27.0176 4556  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:07:27.0207 4556  MpsSvc - ok
14:07:27.0223 4556  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:07:27.0223 4556  MRxDAV - ok
14:07:27.0239 4556  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:07:27.0239 4556  mrxsmb - ok
14:07:27.0254 4556  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:07:27.0254 4556  mrxsmb10 - ok
14:07:27.0270 4556  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:07:27.0270 4556  mrxsmb20 - ok
14:07:27.0270 4556  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:07:27.0285 4556  msahci - ok
14:07:27.0285 4556  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:07:27.0285 4556  msdsm - ok
14:07:27.0301 4556  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:07:27.0301 4556  MSDTC - ok
14:07:27.0317 4556  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:07:27.0332 4556  Msfs - ok
14:07:27.0332 4556  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:07:27.0363 4556  mshidkmdf - ok
14:07:27.0363 4556  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:07:27.0363 4556  msisadrv - ok
14:07:27.0363 4556  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:07:27.0395 4556  MSiSCSI - ok
14:07:27.0395 4556  msiserver - ok
14:07:27.0395 4556  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:07:27.0426 4556  MSKSSRV - ok
14:07:27.0426 4556  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:07:27.0441 4556  MSPCLOCK - ok
14:07:27.0457 4556  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:07:27.0473 4556  MSPQM - ok
14:07:27.0473 4556  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:07:27.0488 4556  MsRPC - ok
14:07:27.0488 4556  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:07:27.0504 4556  mssmbios - ok
14:07:27.0504 4556  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:07:27.0519 4556  MSTEE - ok
14:07:27.0519 4556  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:07:27.0535 4556  MTConfig - ok
14:07:27.0535 4556  [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor        C:\Windows\system32\drivers\ASACPI.sys
14:07:27.0535 4556  MTsensor - ok
14:07:27.0551 4556  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:07:27.0551 4556  Mup - ok
14:07:27.0566 4556  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:07:27.0597 4556  napagent - ok
14:07:27.0597 4556  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:07:27.0613 4556  NativeWifiP - ok
14:07:27.0613 4556  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:07:27.0629 4556  NDIS - ok
14:07:27.0644 4556  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:07:27.0660 4556  NdisCap - ok
14:07:27.0660 4556  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:07:27.0691 4556  NdisTapi - ok
14:07:27.0691 4556  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:07:27.0707 4556  Ndisuio - ok
14:07:27.0707 4556  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:07:27.0738 4556  NdisWan - ok
14:07:27.0738 4556  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:07:27.0769 4556  NDProxy - ok
14:07:27.0769 4556  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:07:27.0785 4556  NetBIOS - ok
14:07:27.0800 4556  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:07:27.0816 4556  NetBT - ok
14:07:27.0816 4556  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:07:27.0831 4556  Netlogon - ok
14:07:27.0831 4556  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:07:27.0863 4556  Netman - ok
14:07:27.0863 4556  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:07:27.0894 4556  netprofm - ok
14:07:27.0894 4556  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:07:27.0909 4556  NetTcpPortSharing - ok
14:07:27.0909 4556  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:07:27.0909 4556  nfrd960 - ok
14:07:27.0925 4556  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:07:27.0941 4556  NlaSvc - ok
14:07:27.0941 4556  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:07:27.0972 4556  Npfs - ok
14:07:27.0972 4556  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:07:27.0987 4556  nsi - ok
14:07:28.0003 4556  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:07:28.0019 4556  nsiproxy - ok
14:07:28.0034 4556  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:07:28.0065 4556  Ntfs - ok
14:07:28.0065 4556  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:07:28.0081 4556  Null - ok
14:07:28.0081 4556  [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
14:07:28.0097 4556  nusb3hub - ok
14:07:28.0097 4556  [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
14:07:28.0112 4556  nusb3xhc - ok
14:07:28.0112 4556  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
14:07:28.0112 4556  NVHDA - ok
14:07:28.0206 4556  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:07:28.0331 4556  nvlddmkm - ok
14:07:28.0346 4556  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:07:28.0346 4556  nvraid - ok
14:07:28.0362 4556  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:07:28.0362 4556  nvstor - ok
14:07:28.0362 4556  [ 8AC306A237D714C4D0451E422D91B4AF ] NvStUSB         C:\Windows\system32\drivers\nvstusb.sys
14:07:28.0377 4556  NvStUSB - ok
14:07:28.0393 4556  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:07:28.0409 4556  nvsvc - ok
14:07:28.0409 4556  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:07:28.0440 4556  nvUpdatusService - ok
14:07:28.0440 4556  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:07:28.0440 4556  nv_agp - ok
14:07:28.0455 4556  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:07:28.0455 4556  ohci1394 - ok
14:07:28.0471 4556  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:07:28.0471 4556  ose - ok
14:07:28.0533 4556  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:07:28.0627 4556  osppsvc - ok
14:07:28.0643 4556  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:07:28.0658 4556  p2pimsvc - ok
14:07:28.0658 4556  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:07:28.0674 4556  p2psvc - ok
14:07:28.0674 4556  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
14:07:28.0689 4556  Parport - ok
14:07:28.0689 4556  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:07:28.0689 4556  partmgr - ok
14:07:28.0705 4556  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:07:28.0705 4556  PcaSvc - ok
14:07:28.0721 4556  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:07:28.0721 4556  pci - ok
14:07:28.0721 4556  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:07:28.0736 4556  pciide - ok
14:07:28.0736 4556  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:07:28.0752 4556  pcmcia - ok
14:07:28.0752 4556  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:07:28.0752 4556  pcw - ok
14:07:28.0767 4556  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:07:28.0799 4556  PEAUTH - ok
14:07:28.0814 4556  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:07:28.0830 4556  PerfHost - ok
14:07:28.0845 4556  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:07:28.0877 4556  pla - ok
14:07:28.0892 4556  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:07:28.0892 4556  PlugPlay - ok
14:07:28.0908 4556  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:07:28.0908 4556  PNRPAutoReg - ok
14:07:28.0908 4556  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:07:28.0923 4556  PNRPsvc - ok
14:07:28.0923 4556  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:07:28.0955 4556  PolicyAgent - ok
14:07:28.0970 4556  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:07:28.0986 4556  Power - ok
14:07:28.0986 4556  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:07:29.0017 4556  PptpMiniport - ok
14:07:29.0017 4556  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
14:07:29.0033 4556  Processor - ok
14:07:29.0033 4556  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:07:29.0048 4556  ProfSvc - ok
14:07:29.0048 4556  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:07:29.0048 4556  ProtectedStorage - ok
14:07:29.0064 4556  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:07:29.0079 4556  Psched - ok
14:07:29.0095 4556  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:07:29.0126 4556  ql2300 - ok
14:07:29.0142 4556  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:07:29.0142 4556  ql40xx - ok
14:07:29.0157 4556  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:07:29.0157 4556  QWAVE - ok
14:07:29.0173 4556  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:07:29.0173 4556  QWAVEdrv - ok
14:07:29.0173 4556  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:07:29.0204 4556  RasAcd - ok
14:07:29.0204 4556  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:07:29.0235 4556  RasAgileVpn - ok
14:07:29.0235 4556  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:07:29.0251 4556  RasAuto - ok
14:07:29.0267 4556  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:07:29.0282 4556  Rasl2tp - ok
14:07:29.0282 4556  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:07:29.0313 4556  RasMan - ok
14:07:29.0313 4556  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:07:29.0345 4556  RasPppoe - ok
14:07:29.0345 4556  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:07:29.0360 4556  RasSstp - ok
14:07:29.0376 4556  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:07:29.0391 4556  rdbss - ok
14:07:29.0391 4556  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:07:29.0407 4556  rdpbus - ok
14:07:29.0407 4556  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:07:29.0438 4556  RDPCDD - ok
14:07:29.0438 4556  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:07:29.0454 4556  RDPENCDD - ok
14:07:29.0454 4556  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:07:29.0485 4556  RDPREFMP - ok
14:07:29.0485 4556  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:07:29.0501 4556  RDPWD - ok
14:07:29.0501 4556  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:07:29.0516 4556  rdyboost - ok
14:07:29.0516 4556  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:07:29.0532 4556  RemoteAccess - ok
14:07:29.0547 4556  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:07:29.0563 4556  RemoteRegistry - ok
14:07:29.0563 4556  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:07:29.0594 4556  RpcEptMapper - ok
14:07:29.0594 4556  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:07:29.0594 4556  RpcLocator - ok
14:07:29.0610 4556  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:07:29.0641 4556  RpcSs - ok
14:07:29.0641 4556  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:07:29.0657 4556  rspndr - ok
14:07:29.0719 4556  [ 4B60EF388071E0BAF299496E3D6590AE ] RTCore64        D:\Programme\Afterburner\MSI Afterburner\RTCore64.sys
14:07:29.0750 4556  RTCore64 - ok
14:07:29.0766 4556  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:07:29.0781 4556  RTL8167 - ok
14:07:29.0781 4556  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:07:29.0797 4556  SamSs - ok
14:07:29.0797 4556  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:07:29.0797 4556  sbp2port - ok
14:07:29.0813 4556  SBRE - ok
14:07:29.0813 4556  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:07:29.0844 4556  SCardSvr - ok
14:07:29.0844 4556  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:07:29.0859 4556  scfilter - ok
14:07:29.0875 4556  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:07:29.0906 4556  Schedule - ok
14:07:29.0906 4556  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:07:29.0937 4556  SCPolicySvc - ok
14:07:29.0937 4556  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:07:29.0953 4556  SDRSVC - ok
14:07:29.0953 4556  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:07:29.0969 4556  secdrv - ok
14:07:29.0969 4556  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:07:30.0000 4556  seclogon - ok
14:07:30.0000 4556  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:07:30.0031 4556  SENS - ok
14:07:30.0031 4556  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:07:30.0031 4556  SensrSvc - ok
14:07:30.0031 4556  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:07:30.0047 4556  Serenum - ok
14:07:30.0047 4556  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
14:07:30.0062 4556  Serial - ok
14:07:30.0062 4556  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:07:30.0062 4556  sermouse - ok
14:07:30.0078 4556  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:07:30.0093 4556  SessionEnv - ok
14:07:30.0093 4556  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:07:30.0109 4556  sffdisk - ok
14:07:30.0109 4556  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:07:30.0125 4556  sffp_mmc - ok
14:07:30.0125 4556  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:07:30.0125 4556  sffp_sd - ok
14:07:30.0140 4556  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:07:30.0140 4556  sfloppy - ok
14:07:30.0156 4556  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
14:07:30.0156 4556  Sftfs - ok
14:07:30.0171 4556  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:07:30.0187 4556  sftlist - ok
14:07:30.0187 4556  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:07:30.0203 4556  Sftplay - ok
14:07:30.0203 4556  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:07:30.0203 4556  Sftredir - ok
14:07:30.0203 4556  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
14:07:30.0218 4556  Sftvol - ok
14:07:30.0218 4556  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:07:30.0234 4556  sftvsa - ok
14:07:30.0234 4556  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:07:30.0265 4556  SharedAccess - ok
14:07:30.0265 4556  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:07:30.0296 4556  ShellHWDetection - ok
14:07:30.0296 4556  [ DA492C8305434EC6F9BDD60C8B83B10E ] Si3124r5        C:\Windows\system32\drivers\Si3124r5.sys
14:07:30.0312 4556  Si3124r5 - ok
14:07:30.0312 4556  [ 8D10887A1699CF61E74467694B929B09 ] SiFilter        C:\Windows\system32\drivers\SiWinAcc.sys
14:07:30.0312 4556  SiFilter - ok
14:07:30.0327 4556  [ 94E1EDA9A0B305A67EE1BBD0A68CE21A ] SiRemFil        C:\Windows\system32\drivers\SiRemFil.sys
14:07:30.0327 4556  SiRemFil - ok
14:07:30.0327 4556  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:07:30.0343 4556  SiSRaid2 - ok
14:07:30.0343 4556  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:07:30.0343 4556  SiSRaid4 - ok
14:07:30.0374 4556  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     D:\Programme\Updater\Updater.exe
14:07:30.0374 4556  SkypeUpdate - ok
14:07:30.0390 4556  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:07:30.0405 4556  Smb - ok
14:07:30.0405 4556  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:07:30.0421 4556  SNMPTRAP - ok
14:07:30.0421 4556  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:07:30.0437 4556  spldr - ok
14:07:30.0437 4556  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:07:30.0452 4556  Spooler - ok
14:07:30.0499 4556  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:07:30.0561 4556  sppsvc - ok
14:07:30.0561 4556  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:07:30.0593 4556  sppuinotify - ok
14:07:30.0593 4556  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:07:30.0608 4556  srv - ok
14:07:30.0624 4556  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:07:30.0639 4556  srv2 - ok
14:07:30.0639 4556  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:07:30.0639 4556  srvnet - ok
14:07:30.0655 4556  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:07:30.0671 4556  SSDPSRV - ok
14:07:30.0686 4556  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:07:30.0702 4556  SstpSvc - ok
14:07:30.0702 4556  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:07:30.0717 4556  Stereo Service - ok
14:07:30.0717 4556  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:07:30.0733 4556  stexstor - ok
14:07:30.0733 4556  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:07:30.0749 4556  stisvc - ok
14:07:30.0764 4556  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:07:30.0764 4556  swenum - ok
14:07:30.0764 4556  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:07:30.0795 4556  swprv - ok
14:07:30.0827 4556  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:07:30.0858 4556  SysMain - ok
14:07:30.0858 4556  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:07:30.0873 4556  TabletInputService - ok
14:07:30.0873 4556  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:07:30.0905 4556  TapiSrv - ok
14:07:30.0905 4556  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:07:30.0936 4556  TBS - ok
14:07:30.0951 4556  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:07:30.0967 4556  Tcpip - ok
14:07:30.0983 4556  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:07:31.0014 4556  TCPIP6 - ok
14:07:31.0014 4556  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:07:31.0029 4556  tcpipreg - ok
14:07:31.0045 4556  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:07:31.0045 4556  TDPIPE - ok
14:07:31.0045 4556  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:07:31.0061 4556  TDTCP - ok
14:07:31.0061 4556  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:07:31.0076 4556  tdx - ok
14:07:31.0092 4556  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:07:31.0092 4556  TermDD - ok
14:07:31.0107 4556  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:07:31.0123 4556  TermService - ok
14:07:31.0139 4556  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:07:31.0139 4556  Themes - ok
14:07:31.0154 4556  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:07:31.0170 4556  THREADORDER - ok
14:07:31.0170 4556  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:07:31.0201 4556  TrkWks - ok
14:07:31.0201 4556  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:07:31.0232 4556  TrustedInstaller - ok
14:07:31.0232 4556  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:07:31.0248 4556  tssecsrv - ok
14:07:31.0248 4556  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:07:31.0263 4556  TsUsbFlt - ok
14:07:31.0263 4556  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:07:31.0263 4556  TsUsbGD - ok
14:07:31.0279 4556  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:07:31.0295 4556  tunnel - ok
14:07:31.0295 4556  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:07:31.0310 4556  uagp35 - ok
14:07:31.0310 4556  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:07:31.0341 4556  udfs - ok
14:07:31.0341 4556  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:07:31.0357 4556  UI0Detect - ok
14:07:31.0357 4556  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:07:31.0357 4556  uliagpkx - ok
14:07:31.0373 4556  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:07:31.0373 4556  umbus - ok
14:07:31.0373 4556  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:07:31.0388 4556  UmPass - ok
14:07:31.0388 4556  [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
14:07:31.0404 4556  UMVPFSrv - ok
14:07:31.0404 4556  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:07:31.0435 4556  upnphost - ok
14:07:31.0435 4556  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:07:31.0451 4556  usbaudio - ok
14:07:31.0451 4556  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:07:31.0451 4556  usbccgp - ok
14:07:31.0466 4556  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:07:31.0466 4556  usbcir - ok
14:07:31.0482 4556  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:07:31.0482 4556  usbehci - ok
14:07:31.0482 4556  [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
14:07:31.0497 4556  usbfilter - ok
14:07:31.0497 4556  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
14:07:31.0513 4556  usbhub - ok
14:07:31.0513 4556  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:07:31.0513 4556  usbohci - ok
14:07:31.0529 4556  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
14:07:31.0529 4556  usbprint - ok
14:07:31.0529 4556  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:07:31.0544 4556  USBSTOR - ok
14:07:31.0544 4556  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:07:31.0544 4556  usbuhci - ok
14:07:31.0560 4556  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:07:31.0575 4556  UxSms - ok
14:07:31.0575 4556  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:07:31.0591 4556  VaultSvc - ok
14:07:31.0591 4556  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:07:31.0591 4556  vdrvroot - ok
14:07:31.0607 4556  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:07:31.0622 4556  vds - ok
14:07:31.0638 4556  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:07:31.0638 4556  vga - ok
14:07:31.0638 4556  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:07:31.0669 4556  VgaSave - ok
14:07:31.0669 4556  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:07:31.0685 4556  vhdmp - ok
14:07:31.0685 4556  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:07:31.0685 4556  viaide - ok
14:07:31.0685 4556  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:07:31.0700 4556  volmgr - ok
14:07:31.0700 4556  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:07:31.0716 4556  volmgrx - ok
14:07:31.0716 4556  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:07:31.0731 4556  volsnap - ok
14:07:31.0731 4556  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:07:31.0747 4556  vsmraid - ok
14:07:31.0763 4556  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:07:31.0809 4556  VSS - ok
14:07:31.0809 4556  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:07:31.0825 4556  vwifibus - ok
14:07:31.0825 4556  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:07:31.0856 4556  W32Time - ok
14:07:31.0856 4556  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:07:31.0872 4556  WacomPen - ok
14:07:31.0872 4556  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:07:31.0903 4556  WANARP - ok
14:07:31.0903 4556  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:07:31.0919 4556  Wanarpv6 - ok
14:07:31.0934 4556  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:07:31.0950 4556  wbengine - ok
14:07:31.0965 4556  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:07:31.0965 4556  WbioSrvc - ok
14:07:31.0981 4556  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:07:31.0997 4556  wcncsvc - ok
14:07:31.0997 4556  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:07:32.0012 4556  WcsPlugInService - ok
14:07:32.0012 4556  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
14:07:32.0012 4556  Wd - ok
14:07:32.0028 4556  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:07:32.0043 4556  Wdf01000 - ok
14:07:32.0043 4556  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:07:32.0059 4556  WdiServiceHost - ok
14:07:32.0059 4556  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:07:32.0075 4556  WdiSystemHost - ok
14:07:32.0075 4556  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:07:32.0090 4556  WebClient - ok
14:07:32.0090 4556  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:07:32.0121 4556  Wecsvc - ok
14:07:32.0121 4556  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:07:32.0153 4556  wercplsupport - ok
14:07:32.0153 4556  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:07:32.0168 4556  WerSvc - ok
14:07:32.0184 4556  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:07:32.0199 4556  WfpLwf - ok
14:07:32.0199 4556  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:07:32.0215 4556  WIMMount - ok
14:07:32.0215 4556  WinDefend - ok
14:07:32.0215 4556  WinHttpAutoProxySvc - ok
14:07:32.0231 4556  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:07:32.0246 4556  Winmgmt - ok
14:07:32.0262 4556  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:07:32.0309 4556  WinRM - ok
14:07:32.0309 4556  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:07:32.0324 4556  WinUsb - ok
14:07:32.0340 4556  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:07:32.0355 4556  Wlansvc - ok
14:07:32.0355 4556  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:07:32.0371 4556  WmiAcpi - ok
14:07:32.0371 4556  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:07:32.0387 4556  wmiApSrv - ok
14:07:32.0387 4556  WMPNetworkSvc - ok
14:07:32.0387 4556  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:07:32.0387 4556  WPCSvc - ok
14:07:32.0402 4556  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:07:32.0418 4556  WPDBusEnum - ok
14:07:32.0418 4556  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:07:32.0433 4556  ws2ifsl - ok
14:07:32.0449 4556  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
14:07:32.0449 4556  wscsvc - ok
14:07:32.0449 4556  WSearch - ok
14:07:32.0480 4556  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:07:32.0527 4556  wuauserv - ok
14:07:32.0527 4556  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:07:32.0558 4556  WudfPf - ok
14:07:32.0558 4556  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:07:32.0574 4556  WUDFRd - ok
14:07:32.0589 4556  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:07:32.0605 4556  wudfsvc - ok
14:07:32.0605 4556  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:07:32.0621 4556  WwanSvc - ok
14:07:32.0621 4556  ================ Scan global ===============================
14:07:32.0621 4556  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:07:32.0636 4556  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
14:07:32.0636 4556  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
14:07:32.0636 4556  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:07:32.0652 4556  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:07:32.0652 4556  [Global] - ok
14:07:32.0652 4556  ================ Scan MBR ==================================
14:07:32.0652 4556  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:07:32.0730 4556  \Device\Harddisk0\DR0 - ok
14:07:32.0730 4556  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:07:32.0792 4556  \Device\Harddisk1\DR1 - ok
14:07:32.0792 4556  ================ Scan VBR ==================================
14:07:32.0792 4556  [ 14F33D901EB03952C834E48C28FCF4EF ] \Device\Harddisk0\DR0\Partition1
14:07:32.0792 4556  \Device\Harddisk0\DR0\Partition1 - ok
14:07:32.0808 4556  [ 2AF00395356ABA69A0D971E164BC2536 ] \Device\Harddisk0\DR0\Partition2
14:07:32.0808 4556  \Device\Harddisk0\DR0\Partition2 - ok
14:07:32.0808 4556  [ 5BB7869DECB0F6ADCC89483823852CB7 ] \Device\Harddisk1\DR1\Partition1
14:07:32.0823 4556  \Device\Harddisk1\DR1\Partition1 - ok
14:07:32.0823 4556  ============================================================
14:07:32.0823 4556  Scan finished
14:07:32.0823 4556  ============================================================
14:07:32.0823 1448  Detected object count: 0
14:07:32.0823 1448  Actual detected object count: 0
         

Alt 21.10.2012, 13:17   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Ist auch unauffällig, noch Probleme offen?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.10.2012, 13:20   #23
Kaby
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Nein... wie gesagt, der PC lief eigentlich durchgehend gut. Ich hatte nur Angst, weil ich eben auf diese eine HP gegangen war und dem Fund, den ich danach hatte, dass der Trojaner eben irgendetwas im System angestellt hat, dass ich so bei der normalen Benutzung nicht merke, bzw. was halt noch nicht aktiv ist.

Edit: Ach ja, und das komische Recent Places ist noch da...

Alt 21.10.2012, 13:26   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.10.2012, 14:31   #25
Kaby
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Okay, hier sind die beiden Logs!

Ich habe die Funde von SUPERAntiSpyware jetzt noch nicht gelöscht, sondern nur in Quarantäne verschoben.

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/21/2012 at 03:24 PM

Application Version : 5.6.1012

Core Rules Database Version : 9446
Trace Rules Database Version: 7258

Scan type       : Complete Scan
Total Scan Time : 00:26:13

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 521
Memory threats detected   : 0
Registry items scanned    : 77497
Registry threats detected : 0
File items scanned        : 138068
File threats detected     : 199

Adware.Tracking Cookie
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\PF7S0KL1.txt [ /invitemedia.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\AV0GVNF3.txt [ /adfarm1.adition.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\5Z2OTKQN.txt [ /ads.creative-serving.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\E4J5QEHY.txt [ /ad.zanox.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\LZPY4DYD.txt [ /apmebf.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\LKQNBKQL.txt [ /atdmt.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\3LMZ7UM0.txt [ /serving-sys.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\1Z0G6WJ2.txt [ /tradedoubler.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\4AAHWC58.txt [ /c.atdmt.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\CUNYCFGH.txt [ /ad.yieldmanager.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\3NE4692M.txt [ /mediaplex.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\Z3X6QII6.txt [ /doubleclick.net ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\17QS0T27.txt [ /server.adformdsp.net ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\91B1LNV9.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\05CECUQX.txt [ /bs.serving-sys.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\UG931IZT.txt [ /track.adform.net ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\MNWDFRMC.txt [ /ad.360yield.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\V03TOC9T.txt [ /eaeacom.112.2o7.net ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\UMZMQODX.txt [ /zanox.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\QRZDGMOA.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\3IK0E0ES.txt [ /adformdsp.net ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\BQLPZS5X.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\1ZZSH7HM.txt [ /fastclick.net ]
	C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Cookies\JUY6HFP3.txt [ /adform.net ]
	C:\USERS\KERSTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EBGB3P0V.txt [ Cookie:kerstin@adx.chip.de/ ]
	C:\USERS\KERSTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2WH8PVFV.txt [ Cookie:kerstin@atdmt.com/ ]
	C:\USERS\KERSTIN\Cookies\AV0GVNF3.txt [ Cookie:kerstin@adfarm1.adition.com/ ]
	C:\USERS\KERSTIN\Cookies\E4J5QEHY.txt [ Cookie:kerstin@ad.zanox.com/ ]
	C:\USERS\KERSTIN\Cookies\LZPY4DYD.txt [ Cookie:kerstin@apmebf.com/ ]
	C:\USERS\KERSTIN\Cookies\LKQNBKQL.txt [ Cookie:kerstin@atdmt.com/ ]
	C:\USERS\KERSTIN\Cookies\3LMZ7UM0.txt [ Cookie:kerstin@serving-sys.com/ ]
	C:\USERS\KERSTIN\Cookies\1Z0G6WJ2.txt [ Cookie:kerstin@tradedoubler.com/ ]
	C:\USERS\KERSTIN\Cookies\CUNYCFGH.txt [ Cookie:kerstin@ad.yieldmanager.com/ ]
	C:\USERS\KERSTIN\Cookies\3NE4692M.txt [ Cookie:kerstin@mediaplex.com/ ]
	C:\USERS\KERSTIN\Cookies\17QS0T27.txt [ Cookie:kerstin@server.adformdsp.net/ ]
	C:\USERS\KERSTIN\Cookies\05CECUQX.txt [ Cookie:kerstin@bs.serving-sys.com/ ]
	C:\USERS\KERSTIN\Cookies\UG931IZT.txt [ Cookie:kerstin@track.adform.net/ ]
	C:\USERS\KERSTIN\Cookies\V03TOC9T.txt [ Cookie:kerstin@eaeacom.112.2o7.net/ ]
	C:\USERS\KERSTIN\Cookies\UMZMQODX.txt [ Cookie:kerstin@zanox.com/ ]
	C:\USERS\KERSTIN\Cookies\QRZDGMOA.txt [ Cookie:kerstin@ad2.adfarm1.adition.com/ ]
	C:\USERS\KERSTIN\Cookies\3IK0E0ES.txt [ Cookie:kerstin@adformdsp.net/ ]
	C:\USERS\KERSTIN\Cookies\1ZZSH7HM.txt [ Cookie:kerstin@fastclick.net/ ]
	C:\USERS\KERSTIN\Cookies\JUY6HFP3.txt [ Cookie:kerstin@adform.net/ ]
	C:\USERS\KERSTIN NORMAL\AppData\Roaming\Microsoft\Windows\Cookies\BBURO10J.txt [ Cookie:kerstin normal@invitemedia.com/ ]
	C:\USERS\KERSTIN NORMAL\AppData\Roaming\Microsoft\Windows\Cookies\YOQCJT4U.txt [ Cookie:kerstin normal@mediaplex.com/ ]
	C:\USERS\KERSTIN NORMAL\AppData\Roaming\Microsoft\Windows\Cookies\9J6L2N50.txt [ Cookie:kerstin normal@ad2.adfarm1.adition.com/ ]
	C:\USERS\KERSTIN NORMAL\AppData\Roaming\Microsoft\Windows\Cookies\UXNY4597.txt [ Cookie:kerstin normal@doubleclick.net/ ]
	C:\USERS\KERSTIN NORMAL\AppData\Roaming\Microsoft\Windows\Cookies\XDO6EOWC.txt [ Cookie:kerstin normal@adfarm1.adition.com/ ]
	C:\USERS\KERSTIN NORMAL\AppData\Roaming\Microsoft\Windows\Cookies\ONA2ASUR.txt [ Cookie:kerstin normal@apmebf.com/ ]
	C:\USERS\KERSTIN NORMAL\AppData\Roaming\Microsoft\Windows\Cookies\CNIDM2ED.txt [ Cookie:kerstin normal@atdmt.com/ ]
	C:\USERS\KERSTIN NORMAL\AppData\Roaming\Microsoft\Windows\Cookies\A84XCRZ3.txt [ Cookie:kerstin normal@c.atdmt.com/ ]
	C:\USERS\KERSTIN NORMAL\Cookies\BBURO10J.txt [ Cookie:kerstin normal@invitemedia.com/ ]
	C:\USERS\KERSTIN NORMAL\Cookies\YOQCJT4U.txt [ Cookie:kerstin normal@mediaplex.com/ ]
	C:\USERS\KERSTIN NORMAL\Cookies\9J6L2N50.txt [ Cookie:kerstin normal@ad2.adfarm1.adition.com/ ]
	C:\USERS\KERSTIN NORMAL\Cookies\UXNY4597.txt [ Cookie:kerstin normal@doubleclick.net/ ]
	C:\USERS\KERSTIN NORMAL\Cookies\XDO6EOWC.txt [ Cookie:kerstin normal@adfarm1.adition.com/ ]
	C:\USERS\KERSTIN NORMAL\Cookies\ONA2ASUR.txt [ Cookie:kerstin normal@apmebf.com/ ]
	C:\USERS\KERSTIN NORMAL\Cookies\CNIDM2ED.txt [ Cookie:kerstin normal@atdmt.com/ ]
	C:\USERS\KERSTIN NORMAL\Cookies\A84XCRZ3.txt [ Cookie:kerstin normal@c.atdmt.com/ ]
	i.adultswim.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YD37N4Z4 ]
	s0.2mdn.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YD37N4Z4 ]
	www.mediadesign.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YD37N4Z4 ]
	.invitemedia.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	tracking.sim-technik.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.myaccount.turbine.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	tracking.reedge.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.bayern.pfadfinden.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.bayern.pfadfinden.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.mediadesign.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.mediadesign.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	www.mediadesign.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.account.swtor.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.countomat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.cmp.112.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.wir-finden-jobs.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.wir-finden-jobs.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	www.wir-finden-jobs.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	wstat.wibiya.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	uk.sitestat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	uk.sitestat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.libri.112.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	s07.flagcounter.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	track.zalando.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	games.adultswim.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.adultswim.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.myaccount.turbine.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.dmtracker.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	kursnet-finden.arbeitsagentur.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.sonyeurope.112.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.sonycorporate.112.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	pulse-analytics-beacon.reutersmedia.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	games.adultswim.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.apartmentfinder.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.apartmentfinder.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.apartmentfinder.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	www.apartmentfinder.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	www.apartmentfinder.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.apartmentfinder.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	www.apartmentfinder.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.apartmentfinder.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.apartmentfinder.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.apartmentfinder.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.apartmentfinder.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.apartmentfinder.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.clickbank.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.clickbank.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	ebusiness.springer-business-media.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.eqtracking.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.eqtracking.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.eqtracking.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.estat.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.stats.canalblog.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	livestat.derstandard.at [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.trackalyzer.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.seloger.122.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wgk4khdpefo.stats.esomniture.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	insight.torbit.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.stepstone.112.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.mediacet.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.tuiinteractive.122.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.flagcounter.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.eqtracking.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.eqtracking.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.flagcounter.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	www.ardmediathek.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.stats.paypal.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	stats.computecmedia.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.eaeacom.112.2o7.net [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	www.counterbox.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\KERSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3CWAZLB.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\KERSTIN NORMAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H3R44Z8G.DEFAULT\COOKIES.SQLITE ]
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kerstin :: ANGELSCAGE [Administrator]

21.10.2012 14:36:49
mbam-log-2012-10-21 (14-36-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 364503
Laufzeit: 10 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Weiß inzwischen auch, was dieses Recent Places war. Da habe ich mir einfach "Zuletzt Besucht" aus den Favoriten auf den Desktop gezogen.

Geändert von Kaby (21.10.2012 um 14:56 Uhr)

Alt 21.10.2012, 16:31   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.10.2012, 16:38   #27
Kaby
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Erstmal vielen, vielen Dank für die Hilfe!

Nein, es gibt keine weiteren Probleme oder Funde mit dem PC, ich würde mir nur gerne rasch wieder einen neuen Virenscanner holen. Werde mal Avast ausprobieren. Kann ich das jetzt machen oder soll ich damit noch warten?

Ansonsten werde ich mir mal Cookie Cullar holen und mich generell etwas wegen Cookies schlau machen

Alt 21.10.2012, 16:43   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Avast Free ist ok

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.10.2012, 18:48   #29
Kaby
 
Trojan.JS.Iframe.BY auf PC gefunden - Standard

Trojan.JS.Iframe.BY auf PC gefunden



Nochmal vielen lieben Dank für die Hilfe und die ganzen Tipps

Cookies werde ich wohl generell löschen, bzw. mir wohl auch einen zweiten Browser zulegen. Aber an sich logge ich mich eh meistens neu ein, wenn ich online gehe. Mein Acrobat Reader war wirklich eine ältere Version, ohne dass ich es gemerkt habe *hüstel*

Vielen Dank nochmal! Ich werde darauf achten, dass mein PC in Zukunft sicherer ist! Und mir vor allem für den Notfall Sicherungskopien ziehen!

Antwort

Themen zu Trojan.JS.Iframe.BY auf PC gefunden
.dll, ad-aware, adobe, adobe flash player, antivirus, autorun, einstellungen, emsisoft, explorer, festplatte, firefox, flash player, format, home, log, logfile, lws.exe, malware, nicht sicher, nvidia, nvidia update, object, programm, programme, realtek, recycle.bin, registry, security, traces, trojaner-board, windows




Ähnliche Themen: Trojan.JS.Iframe.BY auf PC gefunden


  1. Trojaner auf alter CD (Trojan.JS.Iframe.AGG)
    Log-Analyse und Auswertung - 07.07.2015 (6)
  2. Antivir hat JS/iFrame.ahk.1 gefunden und in Quarantäne verschoben
    Plagegeister aller Art und deren Bekämpfung - 14.06.2014 (9)
  3. trojan-downloader.js.iframe.deb auf Website
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (9)
  4. JS:Trojan.JS.Iframe.DH (Virus)
    Log-Analyse und Auswertung - 05.05.2013 (34)
  5. Verständnisfrage Trojan:JS/iframe.BT - Wirkungsweise
    Diskussionsforum - 31.01.2013 (1)
  6. Fund: Trojan:JS/iframe.BT
    Log-Analyse und Auswertung - 28.01.2013 (15)
  7. JS/TrojanDownloader.Iframe.NKE trojan
    Log-Analyse und Auswertung - 23.10.2012 (15)
  8. JS/TrojanDownloader.Iframe.NKE trojan/HTML/Fraud.BG trojan
    Log-Analyse und Auswertung - 30.09.2012 (3)
  9. Trojan.JS.Iframe.BDJ
    Plagegeister aller Art und deren Bekämpfung - 14.04.2012 (5)
  10. Trojan-Downloader.JS.Iframe.cqj
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (0)
  11. Trojan-Downloader.JS.Iframe.bcl auf Homepage
    Plagegeister aller Art und deren Bekämpfung - 29.09.2009 (1)
  12. Trojan-Downloader.JS.Iframe.bhy
    Plagegeister aller Art und deren Bekämpfung - 03.07.2009 (4)
  13. IFrame Trojan
    Mülltonne - 05.11.2008 (0)
  14. auf meiner Hp: Trojan-Downloader.HTML.IFrame.ds...und was nun??
    Plagegeister aller Art und deren Bekämpfung - 12.05.2008 (12)
  15. Trojan-Clicker.HTML.IFrame.ob ???
    Log-Analyse und Auswertung - 21.04.2008 (1)
  16. Trojan-Clicker.HTML.IFrame.ag
    Plagegeister aller Art und deren Bekämpfung - 01.10.2007 (1)
  17. Trojan-Clicker.HTML.IFrame.h
    Log-Analyse und Auswertung - 01.08.2006 (1)

Zum Thema Trojan.JS.Iframe.BY auf PC gefunden - Code: Alles auswählen Aufklappen ATTFilter PRC - [2012.10.10 19:26:55 | 003,084,176 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2012.10.05 14:30:36 | 000,876,240 | ---- - Trojan.JS.Iframe.BY auf PC gefunden...
Archiv
Du betrachtest: Trojan.JS.Iframe.BY auf PC gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.