Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Facebookvirus verschickt über meinen Account Links (https://www.trojaner-board.de/105025-facebookvirus-verschickt-meinen-account-links.html)

Sarah1109199 12.11.2011 11:15
Facebookvirus verschickt über meinen Account Links
 
Hallo Leute,

ich habe seit gestern das Problem, dass Facebook über meinen Account ständig Links an all meine Freunde verschickt. Ich habe wahrscheinlich dummerweise versehentlich auf soeinen Link geklickt und mich mit diesem Phorpiex Schädling infiziert (der heißt doch so oder?).

Die Links die versendet werden sehen so aus: ":D ahahahahhapkf!! :O hxxp:// ... " bzw. "Sie in das Bild??vyg_ hxxp://..."

Avira hat nichts gefunden auf meinem PC und habe mir dann Malwarebytes runtergeladen, einen Vollscan durchgeführt und die Einträge entfernt.

Bei Facebook habe ich alle informiert, dass sie den Link bloß nicht öffnen sollen.

Wie bekomme ich den Virus jetzt vollständig von meinem PC?
Ich mache zB auch Onlinebanking über meinen Laptop!

cosinus 12.11.2011 13:32
Zitat:
mir dann Malwarebytes runtergeladen, einen Vollscan durchgeführt und die Einträge entfernt.
Die Logs von Malwarebytes sind alle nachzureichen

Sarah1109199 12.11.2011 13:43
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8142

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

11.11.2011 22:56:38
mbam-log-2011-11-11 (22-56-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 324355
Laufzeit: 1 Stunde(n), 1 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 29

Infizierte Speicherprozesse:
c:\Users\msi mobile\AppData\Roaming\regsrv64.exe (Worm.Ngrbot) -> 3012 -> Unloaded process successfully.
c:\Users\msi mobile\AppData\Roaming\A958.exe (Worm.Ngrbot) -> 4644 -> Unloaded process successfully.
c:\Users\msi mobile\AppData\Roaming\F3FF.exe (Spyware.Passwords.XGen) -> 4748 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft DLL Registration (Worm.Ngrbot) -> Value: Microsoft DLL Registration -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vkmmmh (Trojan.Agent) -> Value: Vkmmmh -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\msi mobile\AppData\Roaming\regsrv64.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\A958.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\F3FF.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\Vkmmmh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\2IDXKA2R\b3[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\835O9HFI\b3[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Local\Temp\install-1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\DBFE.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\22FC.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\23EC.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\658.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\760.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\7C31.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\86BF.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\9730.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\B2FE.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\B990.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\BC2C.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\BD7.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\D1B2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\D5F7.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\DC5D.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\EBD4.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\F29C.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\FF2C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Local\Temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

Sarah1109199 13.11.2011 11:33
Kann mir denn hier niemand helfen? :(

cosinus 14.11.2011 12:31
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Sarah1109199 14.11.2011 17:13
Nein, habe nur die eine Logdatei! Woher weiß ich denn jetzt, ob mein System noch infiziert ist oder nicht?

cosinus 14.11.2011 19:59
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Sarah1109199 15.11.2011 23:19
Hallo, ich habe ESET ausgeführt, hat ganz schön lange gedauert!

Hier die Logdaten:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=722c9f04af97134ab210e502484a64b3
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-14 11:30:46
# local_time=2011-11-15 12:30:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 15651540 15651540 0 0
# compatibility_mode=1797 16775165 100 94 1491796 57847177 1506964 0
# compatibility_mode=5892 16776574 100 100 23279031 158843084 0 0
# compatibility_mode=8192 67108863 100 0 3909 3909 0 0
# scanned=24453
# found=0
# cleaned=0
# scan_time=3090
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=722c9f04af97134ab210e502484a64b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-15 10:16:07
# local_time=2011-11-15 11:16:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 15725181 15725181 0 0
# compatibility_mode=1797 16775165 100 94 3910 57920818 0 0
# compatibility_mode=5892 16776574 100 100 23352672 158916725 0 0
# compatibility_mode=8192 67108863 100 0 77550 77550 0 0
# scanned=169535
# found=3
# cleaned=0
# scan_time=11372
C:\Users\MSI Mobile\AppData\Local\Temp\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\MSI Mobile\Downloads\SoftonicDownloader_fuer_avira-antivir.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\MSI Mobile\Downloads\SoftonicDownloader_fuer_nero-lite.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

cosinus 16.11.2011 09:31
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Sarah1109199 16.11.2011 12:30
OTL Logfile:
Code:
OTL logfile created on: 16.11.2011 11:40:40 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\MSI Mobile\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,20% Memory free
6,19 Gb Paging File | 5,11 Gb Available in Paging File | 82,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 10,37 Gb Free Space | 10,62% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 156,63 Gb Free Space | 78,15% Space Free | Partition Type: NTFS
 
Computer Name: MSIMOBILE-PC | User Name: MSI Mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.16 11:38:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MSI Mobile\Downloads\OTL.exe
PRC - [2011.08.02 07:37:54 | 003,630,936 | ---- | M] () -- D:\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2011.07.28 13:44:22 | 001,851,224 | ---- | M] (Tobit.Software) -- D:\Tobit Radio.fx\Client\rfx-tray.exe
PRC - [2011.06.29 13:55:51 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.17 12:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.04.14 10:32:28 | 000,421,160 | ---- | M] (Apple Inc.) -- D:\Programme\i tunes\iTunesHelper.exe
PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.12.14 14:35:38 | 000,330,696 | ---- | M] () -- D:\Programme\Verbindungsassi Aldi\WTGService.exe
PRC - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Programme\Daemon Tools\DAEMON Tools Lite\DTLite.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.09.22 12:36:48 | 000,708,608 | ---- | M] (Mirco-Star International  CO., LTD.) -- C:\Programme\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.26 15:52:14 | 000,159,744 | ---- | M] () -- C:\Programme\System Control Manager\MSIService.exe
PRC - [2008.08.20 11:35:20 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.07.20 16:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2004.11.26 10:43:34 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.21 22:32:51 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll
MOD - [2011.10.19 18:48:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.19 18:47:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.19 18:45:08 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.19 18:44:32 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.08.02 10:15:30 | 000,213,504 | ---- | M] () -- D:\Tobit Radio.fx\Client\rfx-client$.ger
MOD - [2011.08.01 12:20:08 | 008,617,472 | ---- | M] () -- D:\Tobit Radio.fx\Client\tobitclt.dll
MOD - [2010.11.17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008.08.25 10:47:16 | 000,192,512 | ---- | M] () -- C:\Programme\System Control Manager\MSIWmiAcpi.dll
MOD - [2008.07.18 12:39:04 | 000,053,248 | ---- | M] () -- C:\Programme\System Control Manager\MGKBHook.dll
MOD - [2004.07.26 16:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.02 07:37:54 | 003,630,936 | ---- | M] () [Auto | Running] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.06.29 13:55:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.12.14 14:35:38 | 000,330,696 | ---- | M] () [Auto | Running] -- D:\Programme\Verbindungsassi Aldi\WTGService.exe -- (WTGService)
SRV - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.08.26 15:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.07.20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.29 13:55:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 13:55:52 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.12.21 06:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.12.21 06:55:02 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2010.12.21 06:55:02 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010.12.21 06:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2010.10.21 19:01:20 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.04 12:50:14 | 000,261,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.09.24 05:26:00 | 007,585,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.04.28 18:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.10.11 11:24:00 | 000,079,104 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\sleen16.sys -- (SLEE_16_DRIVER)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Willkommen bei Facebook - anmelden, registrieren oder mehr erfahren
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D FC 23 78 92 56 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 212.23.97.9:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\i tunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Picasa\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\MSI Mobile\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.04 19:50:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.05.17 19:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.09.30 19:17:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.05.09 18:49:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.04 19:50:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.09.30 19:17:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.05.09 18:49:58 | 000,000,000 | ---D | M]
 
[2010.09.18 19:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Extensions
[2011.10.04 18:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions
[2010.11.07 15:21:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.29 19:39:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.08 15:52:04 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com
[2011.11.11 14:58:21 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-1.xml
[2011.08.17 21:25:48 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-10.xml
[2011.08.21 14:02:16 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-11.xml
[2011.09.14 19:13:33 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-12.xml
[2011.09.16 17:44:04 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-13.xml
[2011.09.29 21:30:42 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-14.xml
[2011.10.03 17:20:15 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-15.xml
[2010.12.12 14:25:28 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-2.xml
[2011.02.18 19:59:59 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-3.xml
[2011.03.21 18:34:18 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-4.xml
[2011.05.02 17:32:50 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-5.xml
[2011.05.09 18:50:42 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-6.xml
[2011.05.10 19:13:09 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-7.xml
[2011.06.22 21:42:53 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-8.xml
[2011.07.04 19:39:43 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-9.xml
[2010.10.27 17:50:03 | 000,001,056 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\Programme\i tunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\Daemon Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKCU..\Run: [rfxsrvtray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Vkmmmh] C:\Users\MSI Mobile\AppData\Roaming\Vkmmmh.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42D05106-6CA9-499D-9DBC-0658FD350B0D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE49E988-18DE-464E-B24C-F2111873A485}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\MSI Mobile\AppData\Local\Microsoft\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Users\MSI Mobile\AppData\Local\Microsoft\Wallpaper1.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3166b86d-c25b-11df-8dea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3166b86d-c25b-11df-8dea-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDSetup.exe
O33 - MountPoints2\{35f09913-ef6a-11df-a37b-002185bb7981}\Shell - "" = AutoRun
O33 - MountPoints2\{35f09913-ef6a-11df-a37b-002185bb7981}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5efbf702-261e-11e0-a13b-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{5efbf702-261e-11e0-a13b-002185e13cb9}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\DVR/AutoRun.exe start.exe
O33 - MountPoints2\{6353bb64-f0c4-11df-925a-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{6353bb64-f0c4-11df-925a-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{755b3009-04ae-11e1-9d39-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{755b3009-04ae-11e1-9d39-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7a536951-c332-11df-b4f7-002185bb7981}\Shell - "" = AutoRun
O33 - MountPoints2\{7a536951-c332-11df-b4f7-002185bb7981}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{965824b7-ef24-11df-9f48-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{965824b7-ef24-11df-9f48-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{965824ca-ef24-11df-9f48-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{965824ca-ef24-11df-9f48-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{dfa4424b-0513-11e0-8c94-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{dfa4424b-0513-11e0-8c94-002185e13cb9}\Shell\AutoRun\command - "" = F:\VTP_Manager.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.14 23:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.13 17:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.11.13 17:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.11.13 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.11.11 21:51:15 | 000,000,000 | ---D | C] -- C:\Users\MSI Mobile\AppData\Roaming\Malwarebytes
[2011.11.11 21:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.11 21:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.11 21:50:55 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.11 21:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.22 05:03:18 | 000,000,000 | ---D | C] -- C:\Users\MSI Mobile\AppData\Roaming\WinRAR
[2011.10.22 05:03:18 | 000,000,000 | ---D | C] -- C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.10.22 05:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.10.22 05:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.10.19 19:01:03 | 000,000,000 | ---D | C] -- C:\Users\MSI Mobile\Documents\N3DS
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.16 11:39:02 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000UA.job
[2011.11.16 11:35:14 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.16 11:35:14 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.16 11:35:14 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.16 11:35:14 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.16 11:29:45 | 000,116,074 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.16 11:29:37 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.16 11:29:37 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.16 11:29:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.16 11:28:58 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.14 23:34:26 | 000,000,900 | ---- | M] () -- C:\Users\MSI Mobile\Desktop\esetsmartinstaller_enu - Verknüpfung.lnk
[2011.11.14 23:19:44 | 000,116,074 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.11.14 17:39:04 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000Core.job
[2011.11.13 17:50:00 | 000,001,055 | ---- | M] () -- C:\Users\MSI Mobile\Desktop\Spybot - Search & Destroy.lnk
[2011.11.11 22:56:49 | 000,002,631 | ---- | M] () -- C:\Users\MSI Mobile\Desktop\Microsoft Office Word 2007.lnk
[2011.11.11 21:51:01 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.09 19:29:05 | 000,000,680 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Local\d3d9caps.dat
[2011.10.27 19:09:36 | 000,057,344 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2011.11.14 23:34:26 | 000,000,900 | ---- | C] () -- C:\Users\MSI Mobile\Desktop\esetsmartinstaller_enu - Verknüpfung.lnk
[2011.11.13 17:50:00 | 000,001,055 | ---- | C] () -- C:\Users\MSI Mobile\Desktop\Spybot - Search & Destroy.lnk
[2011.11.11 21:51:01 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 20:29:16 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.02.04 19:41:15 | 000,233,481 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.01.08 18:50:49 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.01.08 18:50:49 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.01.08 18:50:49 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.01.08 18:50:49 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.01.08 18:50:49 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.01.08 18:50:49 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.01.08 18:50:49 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.01.08 18:50:49 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.01.08 18:50:49 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.01.08 18:50:49 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.01.08 18:50:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.01.08 18:50:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.01.08 18:50:49 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.01.08 18:50:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.01.08 18:50:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.01.08 18:50:49 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.01.08 18:50:49 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.01.08 18:50:49 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.08 18:50:49 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.01.08 18:43:08 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX400DEFGIPSDaFiNoSv.ini
[2010.11.07 15:02:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.28 19:12:47 | 000,341,498 | ---- | C] () -- C:\Users\MSI Mobile\AppData\Roaming\mdbu.bin
[2010.09.22 19:02:19 | 000,000,000 | ---- | C] () -- C:\Users\MSI Mobile\AppData\Roaming\wklnhst.dat
[2010.09.18 12:40:45 | 000,057,344 | ---- | C] () -- C:\Users\MSI Mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.17 16:41:39 | 000,000,104 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini
[2010.09.17 16:18:51 | 000,116,074 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.09.17 15:57:27 | 000,116,074 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.09.17 14:18:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.09.17 14:18:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.09.17 14:18:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.09.17 14:06:56 | 000,000,680 | ---- | C] () -- C:\Users\MSI Mobile\AppData\Local\d3d9caps.dat
[2010.04.01 00:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,451,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000061.DLL
 
========== LOP Check ==========
 
[2011.03.20 14:08:00 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Auslogics
[2011.02.18 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\AVG10
[2010.10.21 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\DAEMON Tools Lite
[2011.10.03 19:21:22 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\ICQ
[2010.11.30 16:28:01 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Programme
[2010.10.21 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\ProtectDISC
[2011.07.24 17:31:33 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Samsung
[2011.04.26 20:29:34 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Tobit
[2011.04.29 19:22:34 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Ulead Systems
[2011.11.01 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi
[2010.11.28 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Wildlife Park 2
[2011.11.14 17:39:04 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000Core.job
[2011.11.16 11:39:02 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000UA.job
[2011.11.15 23:21:39 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.13 18:21:15 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Adobe
[2011.01.23 19:52:01 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Apple Computer
[2011.03.20 14:08:00 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Auslogics
[2011.02.18 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\AVG10
[2011.05.17 20:38:48 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Avira
[2010.10.21 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\DAEMON Tools Lite
[2011.02.04 20:04:34 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\HP
[2011.04.25 18:49:14 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\HpUpdate
[2011.10.03 19:21:22 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\ICQ
[2010.09.17 14:07:03 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Identities
[2010.09.17 16:24:20 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\InstallShield
[2010.09.19 11:11:19 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Macromedia
[2011.11.11 21:51:15 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Media Center Programs
[2011.05.12 19:07:09 | 000,000,000 | --SD | M] -- C:\Users\MSI Mobile\AppData\Roaming\Microsoft
[2010.09.18 19:03:40 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla
[2010.09.19 17:52:49 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Nero
[2010.11.30 16:28:01 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Programme
[2010.10.21 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\ProtectDISC
[2011.07.24 17:31:33 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Samsung
[2011.11.10 23:30:14 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Skype
[2011.07.04 19:16:23 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\skypePM
[2011.04.26 20:29:34 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Tobit
[2010.10.19 19:25:11 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\U3
[2011.04.29 19:22:34 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Ulead Systems
[2011.11.01 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi
[2011.07.24 19:27:15 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\vlc
[2010.11.28 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Wildlife Park 2
[2011.10.22 05:03:23 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.02.04 20:07:27 | 000,010,134 | R--- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2010.10.19 19:18:29 | 000,010,134 | R--- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.06.07 23:11:36 | 000,052,616 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\content\issigned.exe
[2011.11.05 00:36:30 | 000,347,088 | ---- | M] (Ask.com) -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\content\NeroApplicationManager.exe
[2011.06.14 14:20:41 | 003,486,088 | ---- | M] (Ask) -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2009.01.14 11:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\Del_CD_ROM.exe
[2010.11.13 21:59:51 | 000,042,448 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\InstallWTGService.exe
[2009.03.03 12:44:55 | 000,251,344 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\OSU.exe
[2010.11.13 21:59:50 | 001,148,368 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\Setup.exe
[2010.11.13 21:59:50 | 001,111,504 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\Uninstaller.exe
[2010.11.13 21:59:50 | 007,247,312 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\Verbindungsassistent.exe
[2010.11.13 21:59:50 | 000,497,104 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\Verbindungsassistent_SMSMMS.exe
[2010.11.13 21:59:51 | 000,329,168 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\WTGService.exe
[2009.03.03 12:45:15 | 000,243,152 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\WTGVistaUtil.exe
[2009.01.14 11:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\Del_CD_ROM.exe
[2009.03.03 12:44:48 | 000,030,160 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\InstallWTGService.exe
[2009.03.03 12:44:55 | 000,251,344 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\OSU.exe
[2009.03.03 12:45:08 | 000,693,712 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\Setup.exe
[2009.03.03 12:45:05 | 001,091,024 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\Uninstaller.exe
[2009.03.03 12:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\Verbindungsassistent.exe
[2009.03.04 08:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\Verbindungsassistent_SMSMMS.exe
[2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\WTGService.exe
[2009.03.03 12:45:15 | 000,243,152 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\WTGVistaUtil.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.07.20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.07.20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\iaStor.sys
[2008.07.20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys
[2008.07.20 16:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.10.21 19:01:20 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<          >

< End of report >
--- --- ---

cosinus 16.11.2011 12:37
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
PRC - [2011.05.17 12:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Willkommen bei Facebook - anmelden, registrieren oder mehr erfahren
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D FC 23 78 92 56 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 212.23.97.9:8080
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
[2011.06.29 19:39:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.08 15:52:04 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com
[2011.11.11 14:58:21 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-1.xml
[2011.08.17 21:25:48 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-10.xml
[2011.08.21 14:02:16 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-11.xml
[2011.09.14 19:13:33 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-12.xml
[2011.09.16 17:44:04 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-13.xml
[2011.09.29 21:30:42 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-14.xml
[2011.10.03 17:20:15 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-15.xml
[2010.12.12 14:25:28 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-2.xml
[2011.02.18 19:59:59 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-3.xml
[2011.03.21 18:34:18 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-4.xml
[2011.05.02 17:32:50 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-5.xml
[2011.05.09 18:50:42 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-6.xml
[2011.05.10 19:13:09 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-7.xml
[2011.06.22 21:42:53 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-8.xml
[2011.07.04 19:39:43 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-9.xml
[2010.10.27 17:50:03 | 000,001,056 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin.xml
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Vkmmmh] C:\Users\MSI Mobile\AppData\Roaming\Vkmmmh.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3166b86d-c25b-11df-8dea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3166b86d-c25b-11df-8dea-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDSetup.exe
O33 - MountPoints2\{35f09913-ef6a-11df-a37b-002185bb7981}\Shell - "" = AutoRun
O33 - MountPoints2\{35f09913-ef6a-11df-a37b-002185bb7981}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5efbf702-261e-11e0-a13b-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{5efbf702-261e-11e0-a13b-002185e13cb9}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\DVR/AutoRun.exe start.exe
O33 - MountPoints2\{6353bb64-f0c4-11df-925a-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{6353bb64-f0c4-11df-925a-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{755b3009-04ae-11e1-9d39-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{755b3009-04ae-11e1-9d39-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7a536951-c332-11df-b4f7-002185bb7981}\Shell - "" = AutoRun
O33 - MountPoints2\{7a536951-c332-11df-b4f7-002185bb7981}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{965824b7-ef24-11df-9f48-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{965824b7-ef24-11df-9f48-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{965824ca-ef24-11df-9f48-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{965824ca-ef24-11df-9f48-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{dfa4424b-0513-11e0-8c94-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{dfa4424b-0513-11e0-8c94-002185e13cb9}\Shell\AutoRun\command - "" = F:\VTP_Manager.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2011.02.18 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\AVG10
:Files
C:\Programme\Ask.com
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Sarah1109199 18.11.2011 14:57
All processes killed
========== OTL ==========
No active process named Updater.exe was found!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: toolbar@ask.com:3.11.3.15590 removed from extensions.enabledItems
Prefs.js: avg@igeared:6.103.018.001 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from keyword.URL
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-09-Nov-2011-13-21-59-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-09-Nov-2011-13-21-54-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-01-Jun-2011-11-09-53-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-14-53-55-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-22-Sep-2011-16-28-27-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-10-Nov-2011-16-50-15-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-04-Nov-2010-17-42-03-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-24-Oct-2010-10-01-41-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-20-Mar-2011-21-16-32-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-07-Nov-2010-14-22-04-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-06-Aug-2011-10-45-51-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-07-Nov-2011-17-17-39-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Nov-2011-14-10-31-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Nov-2011-14-06-08-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Nov-2011-14-03-59-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Nov-2011-14-02-03-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Nov-2011-13-56-27-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Nov-2011-13-54-32-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Programme\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Vkmmmh deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3166b86d-c25b-11df-8dea-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3166b86d-c25b-11df-8dea-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3166b86d-c25b-11df-8dea-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3166b86d-c25b-11df-8dea-806e6f6e6963}\ not found.
File E:\CDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35f09913-ef6a-11df-a37b-002185bb7981}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35f09913-ef6a-11df-a37b-002185bb7981}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35f09913-ef6a-11df-a37b-002185bb7981}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35f09913-ef6a-11df-a37b-002185bb7981}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efbf702-261e-11e0-a13b-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efbf702-261e-11e0-a13b-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efbf702-261e-11e0-a13b-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efbf702-261e-11e0-a13b-002185e13cb9}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\DVR/AutoRun.exe start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6353bb64-f0c4-11df-925a-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6353bb64-f0c4-11df-925a-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6353bb64-f0c4-11df-925a-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6353bb64-f0c4-11df-925a-002185e13cb9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{755b3009-04ae-11e1-9d39-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{755b3009-04ae-11e1-9d39-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{755b3009-04ae-11e1-9d39-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{755b3009-04ae-11e1-9d39-002185e13cb9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a536951-c332-11df-b4f7-002185bb7981}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a536951-c332-11df-b4f7-002185bb7981}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a536951-c332-11df-b4f7-002185bb7981}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a536951-c332-11df-b4f7-002185bb7981}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{965824b7-ef24-11df-9f48-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965824b7-ef24-11df-9f48-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{965824b7-ef24-11df-9f48-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965824b7-ef24-11df-9f48-002185e13cb9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{965824ca-ef24-11df-9f48-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965824ca-ef24-11df-9f48-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{965824ca-ef24-11df-9f48-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965824ca-ef24-11df-9f48-002185e13cb9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\ not found.
File H:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfa4424b-0513-11e0-8c94-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa4424b-0513-11e0-8c94-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfa4424b-0513-11e0-8c94-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa4424b-0513-11e0-8c94-002185e13cb9}\ not found.
File F:\VTP_Manager.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\MSI Mobile\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\AVG10 folder moved successfully.
========== FILES ==========
File\Folder C:\Programme\Ask.com not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MSI Mobile
->Temp folder emptied: 114338741 bytes
->Temporary Internet Files folder emptied: 55206301 bytes
->Java cache emptied: 10591130 bytes
->FireFox cache emptied: 216142322 bytes
->Flash cache emptied: 20532 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 156381070 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 527,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11182011_144718

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 18.11.2011 16:05
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Sarah1109199 18.11.2011 18:04
18:01:20.0448 3476 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
18:01:20.0873 3476 ============================================================
18:01:20.0873 3476 Current date / time: 2011/11/18 18:01:20.0873
18:01:20.0873 3476 SystemInfo:
18:01:20.0873 3476
18:01:20.0874 3476 OS Version: 6.0.6002 ServicePack: 2.0
18:01:20.0874 3476 Product type: Workstation
18:01:20.0874 3476 ComputerName: MSIMOBILE-PC
18:01:20.0874 3476 UserName: MSI Mobile
18:01:20.0874 3476 Windows directory: C:\Windows
18:01:20.0874 3476 System windows directory: C:\Windows
18:01:20.0874 3476 Processor architecture: Intel x86
18:01:20.0874 3476 Number of processors: 2
18:01:20.0874 3476 Page size: 0x1000
18:01:20.0874 3476 Boot type: Normal boot
18:01:20.0875 3476 ============================================================
18:01:21.0543 3476 Initialize success
18:01:43.0842 5832 ============================================================
18:01:43.0842 5832 Scan started
18:01:43.0842 5832 Mode: Manual; SigCheck; TDLFS;
18:01:43.0842 5832 ============================================================
18:01:44.0288 5832 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
18:01:44.0622 5832 acedrv11 - ok
18:01:44.0672 5832 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:01:44.0705 5832 ACPI - ok
18:01:44.0780 5832 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:01:44.0845 5832 adp94xx - ok
18:01:44.0869 5832 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:01:44.0919 5832 adpahci - ok
18:01:44.0955 5832 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:01:44.0990 5832 adpu160m - ok
18:01:45.0037 5832 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:01:45.0086 5832 adpu320 - ok
18:01:45.0204 5832 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:01:45.0309 5832 AFD - ok
18:01:45.0469 5832 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
18:01:45.0885 5832 AgereSoftModem - ok
18:01:45.0941 5832 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:01:45.0975 5832 agp440 - ok
18:01:45.0992 5832 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:01:46.0024 5832 aic78xx - ok
18:01:46.0052 5832 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:01:46.0073 5832 aliide - ok
18:01:46.0088 5832 ALIWEHCD - ok
18:01:46.0123 5832 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:01:46.0154 5832 amdagp - ok
18:01:46.0173 5832 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:01:46.0201 5832 amdide - ok
18:01:46.0228 5832 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:01:46.0342 5832 AmdK7 - ok
18:01:46.0366 5832 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:01:46.0435 5832 AmdK8 - ok
18:01:46.0513 5832 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:01:46.0551 5832 arc - ok
18:01:46.0569 5832 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:01:46.0606 5832 arcsas - ok
18:01:46.0637 5832 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:46.0709 5832 AsyncMac - ok
18:01:46.0742 5832 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:01:46.0765 5832 atapi - ok
18:01:46.0808 5832 AVGIDSShim - ok
18:01:46.0847 5832 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
18:01:46.0890 5832 avgntflt - ok
18:01:46.0916 5832 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
18:01:46.0952 5832 avipbb - ok
18:01:46.0994 5832 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:01:47.0154 5832 Beep - ok
18:01:47.0206 5832 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:01:47.0299 5832 blbdrive - ok
18:01:47.0351 5832 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:01:47.0470 5832 bowser - ok
18:01:47.0510 5832 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:01:47.0666 5832 BrFiltLo - ok
18:01:47.0696 5832 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:01:47.0790 5832 BrFiltUp - ok
18:01:47.0825 5832 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:01:48.0006 5832 Brserid - ok
18:01:48.0031 5832 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:01:48.0141 5832 BrSerWdm - ok
18:01:48.0165 5832 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:01:48.0281 5832 BrUsbMdm - ok
18:01:48.0303 5832 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:01:48.0412 5832 BrUsbSer - ok
18:01:48.0446 5832 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:01:48.0560 5832 BTHMODEM - ok
18:01:48.0640 5832 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:01:48.0742 5832 cdfs - ok
18:01:48.0771 5832 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:01:48.0818 5832 cdrom - ok
18:01:48.0856 5832 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
18:01:48.0972 5832 circlass - ok
18:01:49.0032 5832 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:01:49.0098 5832 CLFS - ok
18:01:49.0203 5832 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:01:49.0268 5832 CmBatt - ok
18:01:49.0291 5832 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:01:49.0334 5832 cmdide - ok
18:01:49.0361 5832 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:01:49.0384 5832 Compbatt - ok
18:01:49.0413 5832 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:01:49.0442 5832 crcdisk - ok
18:01:49.0461 5832 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:01:49.0534 5832 Crusoe - ok
18:01:49.0642 5832 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:01:49.0716 5832 DfsC - ok
18:01:49.0754 5832 dgderdrv - ok
18:01:49.0802 5832 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:01:49.0826 5832 disk - ok
18:01:49.0925 5832 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:01:49.0996 5832 drmkaud - ok
18:01:50.0155 5832 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:01:50.0199 5832 DXGKrnl - ok
18:01:50.0218 5832 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:01:50.0275 5832 E1G60 - ok
18:01:50.0315 5832 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:01:50.0359 5832 Ecache - ok
18:01:50.0402 5832 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:01:50.0447 5832 elxstor - ok
18:01:50.0486 5832 enecir (6c74035909b31f873d85b25e00beb984) C:\Windows\system32\DRIVERS\enecir.sys
18:01:50.0524 5832 enecir - ok
18:01:50.0545 5832 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:01:50.0607 5832 ErrDev - ok
18:01:50.0658 5832 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:01:50.0712 5832 exfat - ok
18:01:50.0744 5832 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:01:50.0807 5832 fastfat - ok
18:01:50.0824 5832 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:01:50.0902 5832 fdc - ok
18:01:50.0925 5832 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:01:50.0957 5832 FileInfo - ok
18:01:50.0974 5832 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:01:51.0033 5832 Filetrace - ok
18:01:51.0052 5832 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:01:51.0115 5832 flpydisk - ok
18:01:51.0148 5832 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:01:51.0190 5832 FltMgr - ok
18:01:51.0249 5832 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:01:51.0305 5832 Fs_Rec - ok
18:01:51.0338 5832 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:01:51.0371 5832 gagp30kx - ok
18:01:51.0400 5832 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:01:51.0424 5832 GEARAspiWDM - ok
18:01:51.0501 5832 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
18:01:51.0560 5832 HdAudAddService - ok
18:01:51.0620 5832 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:01:51.0713 5832 HDAudBus - ok
18:01:51.0742 5832 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:01:51.0853 5832 HidBth - ok
18:01:51.0886 5832 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
18:01:51.0941 5832 HidIr - ok
18:01:51.0990 5832 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:01:52.0041 5832 HidUsb - ok
18:01:52.0076 5832 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:01:52.0108 5832 HpCISSs - ok
18:01:52.0177 5832 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:01:52.0305 5832 HTTP - ok
18:01:52.0339 5832 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:01:52.0368 5832 hwdatacard - ok
18:01:52.0388 5832 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:01:52.0438 5832 i2omp - ok
18:01:52.0476 5832 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:01:52.0532 5832 i8042prt - ok
18:01:52.0583 5832 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys
18:01:52.0609 5832 iaStor - ok
18:01:52.0632 5832 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:01:52.0681 5832 iaStorV - ok
18:01:52.0722 5832 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:01:52.0751 5832 iirsp - ok
18:01:52.0918 5832 IntcAzAudAddService (f4ec36c333ac09011ab1931ce9582c56) C:\Windows\system32\drivers\RTKVHDA.sys
18:01:53.0030 5832 IntcAzAudAddService - ok
18:01:53.0105 5832 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:01:53.0134 5832 intelide - ok
18:01:53.0159 5832 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:01:53.0225 5832 intelppm - ok
18:01:53.0255 5832 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:01:53.0329 5832 IpFilterDriver - ok
18:01:53.0347 5832 IpInIp - ok
18:01:53.0376 5832 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:01:53.0463 5832 IPMIDRV - ok
18:01:53.0497 5832 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:01:53.0564 5832 IPNAT - ok
18:01:53.0591 5832 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:01:53.0658 5832 IRENUM - ok
18:01:53.0686 5832 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:01:53.0718 5832 isapnp - ok
18:01:53.0756 5832 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:01:53.0785 5832 iScsiPrt - ok
18:01:53.0807 5832 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:01:53.0835 5832 iteatapi - ok
18:01:53.0874 5832 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:01:53.0901 5832 iteraid - ok
18:01:53.0914 5832 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:01:53.0945 5832 kbdclass - ok
18:01:53.0976 5832 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:01:54.0022 5832 kbdhid - ok
18:01:54.0062 5832 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:01:54.0123 5832 KSecDD - ok
18:01:54.0163 5832 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:01:54.0237 5832 lltdio - ok
18:01:54.0285 5832 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:01:54.0321 5832 LSI_FC - ok
18:01:54.0343 5832 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:01:54.0385 5832 LSI_SAS - ok
18:01:54.0419 5832 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:01:54.0457 5832 LSI_SCSI - ok
18:01:54.0474 5832 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:01:54.0565 5832 luafv - ok
18:01:54.0586 5832 MBAMSwissArmy - ok
18:01:54.0623 5832 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:01:54.0653 5832 megasas - ok
18:01:54.0699 5832 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:01:54.0775 5832 MegaSR - ok
18:01:54.0837 5832 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:01:54.0895 5832 Modem - ok
18:01:54.0916 5832 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:01:54.0968 5832 monitor - ok
18:01:54.0985 5832 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:01:55.0014 5832 mouclass - ok
18:01:55.0032 5832 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:01:55.0096 5832 mouhid - ok
18:01:55.0112 5832 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:01:55.0148 5832 MountMgr - ok
18:01:55.0173 5832 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:01:55.0207 5832 mpio - ok
18:01:55.0227 5832 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:01:55.0283 5832 mpsdrv - ok
18:01:55.0316 5832 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:01:55.0351 5832 Mraid35x - ok
18:01:55.0377 5832 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:01:55.0438 5832 MRxDAV - ok
18:01:55.0477 5832 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:01:55.0542 5832 mrxsmb - ok
18:01:55.0633 5832 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:01:55.0690 5832 mrxsmb10 - ok
18:01:55.0709 5832 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:01:55.0763 5832 mrxsmb20 - ok
18:01:55.0798 5832 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:01:55.0829 5832 msahci - ok
18:01:55.0856 5832 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:01:55.0879 5832 msdsm - ok
18:01:55.0920 5832 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:01:56.0002 5832 Msfs - ok
18:01:56.0028 5832 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:01:56.0056 5832 msisadrv - ok
18:01:56.0089 5832 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:01:56.0152 5832 MSKSSRV - ok
18:01:56.0198 5832 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:01:56.0255 5832 MSPCLOCK - ok
18:01:56.0282 5832 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:01:56.0339 5832 MSPQM - ok
18:01:56.0388 5832 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:01:56.0416 5832 MsRPC - ok
18:01:56.0451 5832 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:01:56.0473 5832 mssmbios - ok
18:01:56.0504 5832 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:01:56.0577 5832 MSTEE - ok
18:01:56.0607 5832 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:01:56.0691 5832 Mup - ok
18:01:56.0733 5832 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:01:56.0782 5832 NativeWifiP - ok
18:01:56.0827 5832 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:01:56.0872 5832 NDIS - ok
18:01:56.0909 5832 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:01:56.0971 5832 NdisTapi - ok
18:01:56.0995 5832 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:01:57.0059 5832 Ndisuio - ok
18:01:57.0079 5832 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:01:57.0143 5832 NdisWan - ok
18:01:57.0170 5832 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:01:57.0213 5832 NDProxy - ok
18:01:57.0256 5832 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:01:57.0313 5832 NetBIOS - ok
18:01:57.0344 5832 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:01:57.0411 5832 netbt - ok
18:01:57.0556 5832 netr28 (3f540b257442cc1a2220dd8f73ac1c77) C:\Windows\system32\DRIVERS\netr28.sys
18:01:57.0631 5832 netr28 - ok
18:01:57.0668 5832 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:01:57.0700 5832 nfrd960 - ok
18:01:57.0716 5832 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:01:57.0781 5832 Npfs - ok
18:01:57.0812 5832 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:01:57.0884 5832 nsiproxy - ok
18:01:57.0938 5832 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:01:58.0064 5832 Ntfs - ok
18:01:58.0094 5832 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:01:58.0191 5832 ntrigdigi - ok
18:01:58.0203 5832 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:01:58.0266 5832 Null - ok
18:01:58.0496 5832 nvlddmkm (e8651dce7db8094d06d2d2622df98982) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:01:59.0006 5832 nvlddmkm - ok
18:01:59.0036 5832 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:01:59.0076 5832 nvraid - ok
18:01:59.0107 5832 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:01:59.0137 5832 nvstor - ok
18:01:59.0160 5832 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:01:59.0197 5832 nv_agp - ok
18:01:59.0208 5832 NwlnkFlt - ok
18:01:59.0222 5832 NwlnkFwd - ok
18:01:59.0265 5832 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:01:59.0374 5832 ohci1394 - ok
18:01:59.0410 5832 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:01:59.0531 5832 Parport - ok
18:01:59.0544 5832 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:01:59.0579 5832 partmgr - ok
18:01:59.0605 5832 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:01:59.0697 5832 Parvdm - ok
18:01:59.0732 5832 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:01:59.0777 5832 pci - ok
18:01:59.0807 5832 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:01:59.0844 5832 pciide - ok
18:01:59.0893 5832 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:01:59.0965 5832 pcmcia - ok
18:02:00.0033 5832 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:02:00.0186 5832 PEAUTH - ok
18:02:00.0294 5832 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:02:00.0367 5832 PptpMiniport - ok
18:02:00.0406 5832 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:02:00.0489 5832 Processor - ok
18:02:00.0526 5832 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:02:00.0577 5832 PSched - ok
18:02:00.0639 5832 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:02:00.0774 5832 ql2300 - ok
18:02:00.0808 5832 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:02:00.0850 5832 ql40xx - ok
18:02:00.0868 5832 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:02:00.0932 5832 QWAVEdrv - ok
18:02:00.0993 5832 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:02:01.0055 5832 RasAcd - ok
18:02:01.0080 5832 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:02:01.0136 5832 Rasl2tp - ok
18:02:01.0175 5832 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:02:01.0238 5832 RasPppoe - ok
18:02:01.0267 5832 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:02:01.0306 5832 RasSstp - ok
18:02:01.0328 5832 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:02:01.0388 5832 rdbss - ok
18:02:01.0402 5832 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:02:01.0462 5832 RDPCDD - ok
18:02:01.0493 5832 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:02:01.0568 5832 rdpdr - ok
18:02:01.0580 5832 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:02:01.0634 5832 RDPENCDD - ok
18:02:01.0661 5832 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:02:01.0731 5832 RDPWD - ok
18:02:01.0765 5832 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:02:01.0823 5832 rspndr - ok
18:02:01.0853 5832 RTL8169 (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:02:01.0884 5832 RTL8169 - ok
18:02:01.0917 5832 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
18:02:01.0959 5832 RTSTOR - ok
18:02:01.0994 5832 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:02:02.0027 5832 sbp2port - ok
18:02:02.0079 5832 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:02:02.0181 5832 secdrv - ok
18:02:02.0224 5832 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:02:02.0315 5832 Serenum - ok
18:02:02.0340 5832 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:02:02.0437 5832 Serial - ok
18:02:02.0463 5832 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:02:02.0534 5832 sermouse - ok
18:02:02.0576 5832 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:02:02.0620 5832 sffdisk - ok
18:02:02.0650 5832 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:02:02.0706 5832 sffp_mmc - ok
18:02:02.0723 5832 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:02:02.0777 5832 sffp_sd - ok
18:02:02.0800 5832 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:02:02.0905 5832 sfloppy - ok
18:02:02.0945 5832 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:02:02.0976 5832 sisagp - ok
18:02:02.0997 5832 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:02:03.0032 5832 SiSRaid2 - ok
18:02:03.0057 5832 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:02:03.0089 5832 SiSRaid4 - ok
18:02:03.0151 5832 SLEE_16_DRIVER (4723512c035a3a880db4657705466240) C:\Windows\system32\drivers\Sleen16.sys
18:02:03.0182 5832 SLEE_16_DRIVER - ok
18:02:03.0223 5832 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:02:03.0273 5832 Smb - ok
18:02:03.0298 5832 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:02:03.0326 5832 spldr - ok
18:02:03.0377 5832 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
18:02:03.0377 5832 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:02:03.0380 5832 sptd ( LockedFile.Multi.Generic ) - warning
18:02:03.0381 5832 sptd - detected LockedFile.Multi.Generic (1)
18:02:03.0412 5832 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:02:03.0493 5832 srv - ok
18:02:03.0526 5832 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:02:03.0576 5832 srv2 - ok
18:02:03.0607 5832 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:02:03.0655 5832 srvnet - ok
18:02:03.0687 5832 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:02:03.0712 5832 ssmdrv - ok
18:02:03.0748 5832 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
18:02:03.0781 5832 ss_bbus - ok
18:02:03.0805 5832 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
18:02:03.0827 5832 ss_bmdfl - ok
18:02:03.0867 5832 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
18:02:03.0898 5832 ss_bmdm - ok
18:02:03.0921 5832 ss_bserd (994d2e5378cc337ec7dd73c1e04fcaa4) C:\Windows\system32\DRIVERS\ss_bserd.sys
18:02:03.0952 5832 ss_bserd - ok
18:02:03.0996 5832 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
18:02:04.0037 5832 StillCam - ok
18:02:04.0065 5832 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:02:04.0094 5832 swenum - ok
18:02:04.0129 5832 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:02:04.0157 5832 Symc8xx - ok
18:02:04.0176 5832 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:02:04.0205 5832 Sym_hi - ok
18:02:04.0226 5832 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:02:04.0254 5832 Sym_u3 - ok
18:02:04.0334 5832 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:02:04.0467 5832 Tcpip - ok
18:02:04.0495 5832 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:02:04.0564 5832 Tcpip6 - ok
18:02:04.0604 5832 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:02:04.0649 5832 tcpipreg - ok
18:02:04.0689 5832 TcUsb (55fe712f574da1a726ad74b20886a529) C:\Windows\system32\Drivers\tcusb.sys
18:02:04.0718 5832 TcUsb - ok
18:02:04.0743 5832 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:02:04.0807 5832 TDPIPE - ok
18:02:04.0834 5832 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:02:04.0895 5832 TDTCP - ok
18:02:04.0941 5832 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:02:04.0997 5832 tdx - ok
18:02:05.0034 5832 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:02:05.0071 5832 TermDD - ok
18:02:05.0124 5832 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:02:05.0191 5832 tssecsrv - ok
18:02:05.0225 5832 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:02:05.0279 5832 tunmp - ok
18:02:05.0308 5832 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
18:02:05.0368 5832 tunnel - ok
18:02:05.0387 5832 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:02:05.0418 5832 uagp35 - ok
18:02:05.0446 5832 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:02:05.0517 5832 udfs - ok
18:02:05.0559 5832 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:02:05.0590 5832 uliagpkx - ok
18:02:05.0620 5832 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:02:05.0670 5832 uliahci - ok
18:02:05.0699 5832 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:02:05.0734 5832 UlSata - ok
18:02:05.0768 5832 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:02:05.0792 5832 ulsata2 - ok
18:02:05.0813 5832 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:02:05.0870 5832 umbus - ok
18:02:05.0918 5832 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
18:02:05.0977 5832 USBAAPL - ok
18:02:06.0013 5832 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:02:06.0078 5832 usbccgp - ok
18:02:06.0131 5832 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:02:06.0253 5832 usbcir - ok
18:02:06.0303 5832 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:02:06.0362 5832 usbehci - ok
18:02:06.0397 5832 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:02:06.0462 5832 usbhub - ok
18:02:06.0486 5832 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:02:06.0603 5832 usbohci - ok
18:02:06.0638 5832 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:02:06.0695 5832 usbprint - ok
18:02:06.0725 5832 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:02:06.0788 5832 usbscan - ok
18:02:06.0806 5832 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:02:06.0858 5832 USBSTOR - ok
18:02:06.0899 5832 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:02:06.0946 5832 usbuhci - ok
18:02:06.0987 5832 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:02:07.0062 5832 usbvideo - ok
18:02:07.0104 5832 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:02:07.0162 5832 vga - ok
18:02:07.0191 5832 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:02:07.0259 5832 VgaSave - ok
18:02:07.0286 5832 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:02:07.0318 5832 viaagp - ok
18:02:07.0339 5832 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:02:07.0413 5832 ViaC7 - ok
18:02:07.0442 5832 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:02:07.0470 5832 viaide - ok
18:02:07.0492 5832 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:02:07.0531 5832 volmgr - ok
18:02:07.0595 5832 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:02:07.0647 5832 volmgrx - ok
18:02:07.0668 5832 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:02:07.0722 5832 volsnap - ok
18:02:07.0771 5832 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:02:07.0807 5832 vsmraid - ok
18:02:07.0871 5832 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:02:07.0983 5832 WacomPen - ok
18:02:08.0012 5832 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:08.0061 5832 Wanarp - ok
18:02:08.0086 5832 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:08.0128 5832 Wanarpv6 - ok
18:02:08.0173 5832 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:02:08.0209 5832 Wd - ok
18:02:08.0247 5832 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:02:08.0321 5832 Wdf01000 - ok
18:02:08.0468 5832 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:02:08.0521 5832 WmiAcpi - ok
18:02:08.0595 5832 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:02:08.0656 5832 WpdUsb - ok
18:02:08.0696 5832 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:02:08.0762 5832 ws2ifsl - ok
18:02:08.0827 5832 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:02:08.0907 5832 WUDFRd - ok
18:02:08.0937 5832 WUSBVBus - ok
18:02:08.0986 5832 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:02:09.0080 5832 \Device\Harddisk0\DR0 - ok
18:02:09.0087 5832 Boot (0x1200) (c589ca9f7dbccaf858765734b012aa64) \Device\Harddisk0\DR0\Partition0
18:02:09.0089 5832 \Device\Harddisk0\DR0\Partition0 - ok
18:02:09.0118 5832 Boot (0x1200) (80aa40493704716c9c3c694be4db57b5) \Device\Harddisk0\DR0\Partition1
18:02:09.0120 5832 \Device\Harddisk0\DR0\Partition1 - ok
18:02:09.0121 5832 ============================================================
18:02:09.0121 5832 Scan finished
18:02:09.0121 5832 ============================================================
18:02:09.0142 3800 Detected object count: 1
18:02:09.0142 3800 Actual detected object count: 1
18:02:49.0413 3800 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:02:49.0414 3800 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

cosinus 18.11.2011 18:46
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Sarah1109199 19.11.2011 12:04
Combofix Logfile:
Code:
ComboFix 11-11-19.03 - MSI Mobile 19.11.2011  11:29:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.1955 [GMT 1:00]
ausgeführt von:: c:\users\MSI Mobile\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\muzapp.exe
c:\windows\UA000061.DLL
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-10-19 bis 2011-11-19  ))))))))))))))))))))))))))))))
.
.
2011-11-19 10:38 . 2011-11-19 10:38        --------        d-----w-        c:\users\MSI Mobile\AppData\Local\temp
2011-11-19 10:38 . 2011-11-19 10:38        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-11-19 09:38 . 2011-11-19 09:38        63115        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-11-19 09:38 . 2011-11-19 09:38        9310        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-11-19 09:38 . 2011-11-19 09:38        8646        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-11-19 09:38 . 2011-11-19 09:38        8613        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-11-19 09:38 . 2011-11-19 09:38        6429        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-11-19 09:38 . 2011-11-19 09:38        5927        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-11-19 09:38 . 2011-11-19 09:38        4599        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-11-19 09:38 . 2011-11-19 09:38        6910        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-11-19 09:38 . 2011-11-19 09:38        1651        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-11-19 09:37 . 2011-11-19 09:37        8288        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-11-19 09:37 . 2011-11-19 09:37        6208        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-11-19 09:37 . 2011-11-19 09:37        18541        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-11-19 09:37 . 2011-11-19 09:37        51852        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-11-19 09:37 . 2011-11-19 09:37        23327        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-11-19 09:37 . 2011-11-19 09:37        20719        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-11-19 09:37 . 2011-11-19 09:37        8782        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-11-19 09:37 . 2011-11-19 09:37        7271        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-11-18 13:47 . 2011-11-18 13:47        --------        d-----w-        C:\_OTL
2011-11-14 22:34 . 2011-11-14 22:34        --------        d-----w-        c:\program files\ESET
2011-11-13 16:49 . 2011-11-18 13:47        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2011-11-13 16:49 . 2011-11-13 18:25        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-11-11 20:51 . 2011-11-11 20:51        --------        d-----w-        c:\users\MSI Mobile\AppData\Roaming\Malwarebytes
2011-11-11 20:51 . 2011-11-11 20:51        --------        d-----w-        c:\programdata\Malwarebytes
2011-11-11 20:50 . 2011-11-11 20:51        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-11-11 20:50 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-11-09 13:37 . 2011-10-17 11:41        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 13:37 . 2011-09-20 21:02        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:32 . 2011-09-30 15:57        707584        ----a-w-        c:\program files\Common Files\System\wab32.dll
2011-10-27 10:40 . 2011-08-13 04:43        6144        ----a-w-        c:\program files\Internet Explorer\iecompat.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 23:06 . 2011-10-16 11:12        916480        ----a-w-        c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-16 11:12        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-16 11:12        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-16 11:12        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2011-09-30 23:01 . 2011-10-16 11:12        71680        ----a-w-        c:\windows\system32\iesetup.dll
2011-09-30 22:07 . 2011-10-16 11:12        385024        ----a-w-        c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-16 11:12        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-16 10:52        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-09-06 13:30 . 2011-10-14 12:17        2043392        ----a-w-        c:\windows\system32\win32k.sys
2011-08-25 16:15 . 2011-10-14 14:15        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-14 14:15        238080        ----a-w-        c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-14 14:15        563712        ----a-w-        c:\windows\system32\oleaut32.dll
2011-08-25 13:31 . 2011-10-14 14:15        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"DAEMON Tools Lite"="d:\programme\Daemon Tools\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"rfxsrvtray"="d:\tobit radio.fx\Client\rfx-tray.exe" [2011-07-28 1851224]
"Facebook Update"="c:\users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-09 137536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-24 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-24 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-20 6265376]
"Skytel"="Skytel.exe" [2008-08-20 1833504]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-09-22 708608]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"iTunesHelper"="d:\programme\i tunes\iTunesHelper.exe" [2011-04-14 421160]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"avgnt"="d:\programme\Avira_AntiVir\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3700083461-3758754058-1150892198-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-16 136176]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2008-08-26 159744]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-16 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 100224]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-21 691696]
S1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\Sleen16.sys [2007-10-11 10:24 79104]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira_AntiVir\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Radio.fx;Radio.fx Server;d:\tobit radio.fx\Server\rfx-server.exe [2011-11-18 3673944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WTGService;WTGService;d:\programme\Verbindungsassi Aldi\wtgservice.exe [2010-12-14 330696]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-05-19 380416]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
HPService        REG_MULTI_SZ          HPSLPSVC
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000Core.job
- c:\users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-09 15:34]
.
2011-11-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000UA.job
- c:\users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-09 15:34]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-16 13:10]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-16 13:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uDefault_Search_URL =
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-19 11:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-11-19  11:41:43
ComboFix-quarantined-files.txt  2011-11-19 10:41
.
Vor Suchlauf: 9 Verzeichnis(se), 12.864.409.600 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 12.166.873.088 Bytes frei
.
- - End Of File - - F3FDD2E11743BC6454661D1584EB7C8C
--- --- ---

cosinus 20.11.2011 12:19
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Sarah1109199 20.11.2011 19:56
GMER:GMER Logfile:
Code:
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-20 19:54:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0
Running: lptb88dq.exe; Driver: C:\Users\MSIMOB~1\AppData\Local\Temp\uwliiuob.sys


---- System - GMER 1.0.15 ----

SSDT      90820BEE                                                                                                            ZwCreateSection
SSDT      90820BF3                                                                                                            ZwSetContextThread
SSDT      90820B8F                                                                                                            ZwTerminateProcess

INT 0x72  ?                                                                                                                  88D0FF00
INT 0x82  ?                                                                                                                  88D0FF00
INT 0x82  ?                                                                                                                  88D0FF00
INT 0x92  ?                                                                                                                  88D0FF00
INT 0xA2  ?                                                                                                                  88D0FF00
INT 0xB2  ?                                                                                                                  87522BF8
INT 0xB2  ?                                                                                                                  88D0FF00
INT 0xB2  ?                                                                                                                  88D0FF00
INT 0xB2  ?                                                                                                                  87522BF8

---- Kernel code sections - GMER 1.0.15 ----

.text    ntkrnlpa.exe!KeSetEvent + 215                                                                                      842F9998 4 Bytes  [EE, 0B, 82, 90]
.text    ntkrnlpa.exe!KeSetEvent + 56D                                                                                      842F9CF0 4 Bytes  [F3, 0B, 82, 90]
.text    ntkrnlpa.exe!KeSetEvent + 621                                                                                      842F9DA4 4 Bytes  [8F, 0B, 82, 90]
?        System32\Drivers\spdv.sys                                                                                          Das System kann den angegebenen Pfad nicht finden. !
.text    C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                            section is writeable [0x90002320, 0x3F54F7, 0xE8000020]
.text    USBPORT.SYS!DllUnload                                                                                              8FE3341B 5 Bytes  JMP 88D0F4E0
.text    a4zkqmvz.SYS                                                                                                        8C3C5000 22 Bytes  [82, 13, 22, 84, 6C, 12, 22, ...]
.text    a4zkqmvz.SYS                                                                                                        8C3C5017 137 Bytes  [00, 32, 07, 79, 80, 3D, 05, ...]
.text    a4zkqmvz.SYS                                                                                                        8C3C50A1 43 Bytes  [60, 2F, 84, 74, 56, 29, 84, ...]
.text    a4zkqmvz.SYS                                                                                                        8C3C50CE 10 Bytes  [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text    a4zkqmvz.SYS                                                                                                        8C3C50DA 12 Bytes  [00, 00, 02, 00, 00, 00, 24, ...]
.text    ...                                                                                                               
.vmp2    C:\Windows\system32\drivers\acedrv11.sys                                                                            entry point in ".vmp2" section [0x83CFD69D]
?        C:\Users\MSIMOB~1\AppData\Local\Temp\aswMBR.sys                                                                    Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text    D:\Tobit Radio.fx\Server\rfx-server.exe[2700] kernel32.dll!SetUnhandledExceptionFilter                              7598A8C5 5 Bytes  JMP 00641870 D:\Tobit Radio.fx\Server\rfx-server.exe
.text    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2936] kernel32.dll!SetUnhandledExceptionFilter              7598A8C5 5 Bytes  JMP 5D625465 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2936] ole32.dll!OleLoadFromStream                            75FB1E80 5 Bytes  JMP 5D94B771 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!SetScrollRange                                              7567D185 5 Bytes  JMP 1006DE70 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!DefWindowProcA                                              7567DB88 7 Bytes  JMP 10036120 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!GetSysColorBrush                                            7567E21C 5 Bytes  JMP 100604D0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!GetScrollInfo                                                7567F073 7 Bytes  JMP 1006DD40 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!ShowScrollBar                                                7567F8AE 5 Bytes  JMP 1006DEC0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!SetScrollInfo                                                756871D8 7 Bytes  JMP 1006DDF0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!GetSysColor                                                  75689BF6 5 Bytes  JMP 10060490 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!DrawFrameControl                                            7569676D 7 Bytes  JMP 1005E040 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!EnableScrollBar                                              7569AF53 7 Bytes  JMP 1006DD00 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!EndDialog                                                    756A326E 5 Bytes  JMP 10036100 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!GetScrollPos                                                756A337D 5 Bytes  JMP 1006DD80 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!GetScrollRange                                              756A34A5 5 Bytes  JMP 1006DDB0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-tray.exe[3672] USER32.dll!SetScrollPos                                                756A3602 5 Bytes  JMP 1006DE30 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Programme\Mozilla Firefox\plugin-container.exe[4268] USER32.dll!SetWindowLongA                                  7567E7CD 5 Bytes  JMP 62AFE349 D:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text    D:\Programme\Mozilla Firefox\plugin-container.exe[4268] USER32.dll!SetWindowLongW                                  756813B4 5 Bytes  JMP 62AFE2DB D:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text    D:\Programme\Mozilla Firefox\plugin-container.exe[4268] USER32.dll!GetWindowInfo                                    7568428E 5 Bytes  JMP 628B89A7 D:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text    D:\Programme\Mozilla Firefox\plugin-container.exe[4268] USER32.dll!TrackPopupMenu                                  756914F3 5 Bytes  JMP 628B8F65 D:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text    D:\Programme\Mozilla Firefox\firefox.exe[4276] ntdll.dll!LdrLoadDll                                                76EE93A8 5 Bytes  JMP 6273FAE0 D:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] kernel32.dll!SetUnhandledExceptionFilter                              7598A8C5 5 Bytes  JMP 100ACD60 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!SetScrollRange                                            7567D185 5 Bytes  JMP 1006DE70 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!DefWindowProcA                                            7567DB88 7 Bytes  JMP 10036120 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!GetSysColorBrush                                          7567E21C 5 Bytes  JMP 100604D0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!GetScrollInfo                                              7567F073 7 Bytes  JMP 1006DD40 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!ShowScrollBar                                              7567F8AE 5 Bytes  JMP 1006DEC0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!SetScrollInfo                                              756871D8 7 Bytes  JMP 1006DDF0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!GetSysColor                                                75689BF6 5 Bytes  JMP 10060490 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!DrawFrameControl                                          7569676D 7 Bytes  JMP 1005E040 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!EnableScrollBar                                            7569AF53 7 Bytes  JMP 1006DD00 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!EndDialog                                                  756A326E 5 Bytes  JMP 10036100 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!GetScrollPos                                              756A337D 5 Bytes  JMP 1006DD80 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!GetScrollRange                                            756A34A5 5 Bytes  JMP 1006DDB0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text    D:\Tobit Radio.fx\Client\rfx-client.exe[5484] USER32.dll!SetScrollPos                                              756A3602 5 Bytes  JMP 1006DE30 D:\Tobit Radio.fx\Client\TOBITCLT.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                          [806946D6] \SystemRoot\System32\Drivers\spdv.sys
IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [80694042] \SystemRoot\System32\Drivers\spdv.sys
IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [80694800] \SystemRoot\System32\Drivers\spdv.sys
IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                          [806940C0] \SystemRoot\System32\Drivers\spdv.sys
IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                    [8069413E] \SystemRoot\System32\Drivers\spdv.sys
IAT      \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [806A3B90] \SystemRoot\System32\Drivers\spdv.sys
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortNotification]                                          CC358B04
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortWritePortUchar]                                        838C3EBF
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortWritePortUlong]                                        458B38C6
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    A5A5A514
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                        [100D8BA5] \Programme\Daemon Tools\DAEMON Tools Lite\Engine.dll
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  5F8C3E90
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortReadPortUchar]                                        30810889
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortStallExecution]                                        54771129
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortGetParentBusType]                                      10C25D5E
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortRequestCallback]                                      8B55CC00
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                084D8BEC
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  0CF0918B
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortCompleteRequest]                                      458B0000
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortMoveMemory]                                            8B108910
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                            000CF491
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                04508900
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  053C7980
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortReadPortUshort]                                        560C558B
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  C6127557
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortInitialize]                                            B18D0502
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortGetDeviceBase]                                        00000CF8
IAT      \SystemRoot\System32\Drivers\a4zkqmvz.SYS[ataport.SYS!AtaPortDeviceStateChange]                                    A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                [73A17817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [73A6A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [73A1BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [73A0F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [73A175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                              [73A0E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                  [73A48395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                    [73A1DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [73A0FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                              [73A0FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [73A071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                      [73A9CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                          [73A3C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [73A0D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [73A06853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                      [73A0687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [73A12AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              875251F8
Device    \Driver\volmgr \Device\VolMgrControl                                                                                86B911F8
Device    \Driver\PCI_PNP6065 \Device\00000050                                                                                spdv.sys
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                    88CD2500
Device    \Driver\usbehci \Device\USBPDO-3                                                                                    88CBD1F8
Device    \Driver\usbuhci \Device\USBPDO-4                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBPDO-5                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBPDO-6                                                                                    88CD2500
Device    \Driver\volmgr \Device\HarddiskVolume1                                                                              86B911F8
Device    \Driver\usbehci \Device\USBPDO-7                                                                                    88CBD1F8
Device    \Driver\cdrom \Device\CdRom0                                                                                        88E321F8
Device    \Driver\volmgr \Device\HarddiskVolume2                                                                              86B911F8
Device    \Driver\netbt \Device\NetBT_Tcpip_{AE49E988-18DE-464E-B24C-F2111873A485}                                            8A3101F8
Device    \Driver\iaStor \Device\Ide\iaStor0                                                                                  [8C2B3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                      [8C2B3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                      [8C2B3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\cdrom \Device\CdRom1                                                                                        88E321F8
Device    \Driver\sptd \Device\319586075                                                                                      spdv.sys
Device    \Driver\netbt \Device\NetBt_Wins_Export                                                                            8A3101F8
Device    \Driver\Smb \Device\NetbiosSmb                                                                                      8A2C91F8
Device    \Driver\iScsiPrt \Device\RaidPort0                                                                                  88F161F8
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                    88CD2500
Device    \Driver\usbehci \Device\USBFDO-3                                                                                    88CBD1F8
Device    \Driver\usbuhci \Device\USBFDO-4                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBFDO-5                                                                                    88CD2500
Device    \Driver\usbuhci \Device\USBFDO-6                                                                                    88CD2500
Device    \Driver\netbt \Device\NetBT_Tcpip_{42D05106-6CA9-499D-9DBC-0658FD350B0D}                                            8A3101F8
Device    \Driver\usbehci \Device\USBFDO-7                                                                                    88CBD1F8
Device    \Driver\a4zkqmvz \Device\Scsi\a4zkqmvz1Port2Path0Target0Lun0                                                        88E1C1F8
Device    \Driver\a4zkqmvz \Device\Scsi\a4zkqmvz1                                                                            88E1C1F8
Device    \FileSystem\cdfs \Cdfs                                                                                              8B1861F8

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                D:\Programme\Daemon Tools\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x0D 0x5D 0x81 0xA6 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0xF8 0x8A 0xB1 0x4B ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xEA 0xA2 0x33 0xDA ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    D:\Programme\Daemon Tools\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x0D 0x5D 0x81 0xA6 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0xF8 0x8A 0xB1 0x4B ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xEA 0xA2 0x33 0xDA ...
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart B110 series@ChangeID                17480598

---- EOF - GMER 1.0.15 ----
--- --- ---

Sarah1109199 20.11.2011 19:57
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 16:08:31 on 20.11.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 7.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000Core.job" - "Facebook Inc." - C:\Users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000UA.job" - "Facebook Inc." - C:\Users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a4zkqmvz" (a4zkqmvz) - "Microsoft Corporation" - C:\Windows\system32\drivers\a4zkqmvz.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\MSIMOB~1\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)
"MFP Server Detector" (WUSBVBus) - ? - C:\Windows\System32\DRIVERS\mfpvbus.sys  (File not found)
"MFP Server Enhanced Controller" (ALIWEHCD) - ? - C:\Windows\System32\Drivers\mfpec.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Steganos Live Encryption Engine 16 [Driver]" (SLEE_16_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt " - C:\Windows\system32\drivers\Sleen16.sys
"uwliiuob" (uwliiuob) - ? - C:\Users\MSIMOB~1\AppData\Local\Temp\uwliiuob.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{F2DDE6B2-9684-4A55-86D4-E255E237B77C} "avgsecuritytoolbar" - ? - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll  (File not found)
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Programme\i tunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\Programme\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun
"Facebook Update" - "Facebook Inc." - "C:\Users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"rfxsrvtray" - "Tobit.Software" - "D:\Tobit Radio.fx\Client\rfx-tray.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iTunesHelper" - "Apple Inc." - "D:\Programme\i tunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MGSysCtrl" - "Mirco-Star International  CO., LTD." - C:\Program Files\System Control Manager\MGSysCtrl.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Ulead AutoDetector v2" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON Stylus SX400 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBEGE.DLL
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Micro Star SCM" (Micro Star SCM) - ? - C:\Program Files\System Control Manager\MSIService.exe  (File found, but it contains no detailed information)
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Radio.fx Server" (Radio.fx) - ? - D:\Tobit Radio.fx\Server\rfx-server.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"WTGService" (WTGService) - ? - D:\Programme\Verbindungsassi Aldi\wtgservice.exe  (File found, but it contains no detailed information)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

Sarah1109199 20.11.2011 19:57
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-20 16:30:44
-----------------------------
16:30:44.883 OS Version: Windows 6.0.6002 Service Pack 2
16:30:44.884 Number of processors: 2 586 0xF0D
16:30:44.886 ComputerName: MSIMOBILE-PC UserName: MSI Mobile
16:30:45.634 Initialize success
16:47:27.777 AVAST engine defs: 11112000
16:52:09.705 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:52:09.713 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
16:52:11.940 Disk 0 MBR read successfully
16:52:11.953 Disk 0 MBR scan
16:52:12.037 Disk 0 Windows VISTA default MBR code
16:52:12.075 Disk 0 scanning sectors +625139712
16:52:12.418 Disk 0 scanning C:\Windows\system32\drivers
16:53:29.109 Service scanning
16:53:30.358 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:53:30.998 Modules scanning
16:55:28.527 Disk 0 trace - called modules:
16:55:28.607 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spdv.sys hal.dll >>UNKNOWN [0x874db938]<<
16:55:28.619 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x880f30d8]
16:55:29.002 3 CLASSPNP.SYS[8c9ac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8756e028]
16:55:29.478 AVAST engine scan C:\Windows
16:56:19.383 AVAST engine scan C:\Windows\system32
17:05:10.203 AVAST engine scan C:\Windows\system32\drivers
17:05:26.550 AVAST engine scan C:\Users\MSI Mobile
17:23:15.636 AVAST engine scan C:\ProgramData
17:27:26.282 Scan finished successfully
17:27:56.752 Disk 0 MBR has been saved successfully to "C:\Users\MSI Mobile\Desktop\MBR.dat"
17:27:56.769 The log file has been saved successfully to "C:\Users\MSI Mobile\Desktop\aswMBR.txt"

cosinus 21.11.2011 10:13
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Sarah1109199 23.11.2011 21:10
Also hier schonmal die Logdatein von Malwarebytes, schaut gut aus, es wurden keine infizierten Dateien gefunden. Vielen Dank schonmal!
Den Rest kann ich erst am Freitag versuchen, Internetverbindung ist hier schlecht wo ich bin.

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8226

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

23.11.2011 20:40:52
mbam-log-2011-11-23 (20-40-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 328068
Laufzeit: 1 Stunde(n), 5 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Lg Sarah

Sarah1109199 25.11.2011 22:18
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 11/25/2011 at 10:13 PM

Application Version : 5.0.1136

Core Rules Database Version : 7987
Trace Rules Database Version: 5799

Scan type : Quick Scan
Total Scan Time : 00:06:25

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 740
Memory threats detected : 0
Registry items scanned : 30279
Registry threats detected : 0
File items scanned : 7275
File threats detected : 382

Adware.Tracking Cookie
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\msi_mobile@adx.chip[2].txt [ /adx.chip ]
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\msi_mobile@atwola[1].txt [ /atwola ]
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\msi_mobile@avgtechnologies.112.2o7[1].txt [ /avgtechnologies.112.2o7 ]
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\msi_mobile@serving-sys[2].txt [ /serving-sys ]
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\msi_mobile@smartadserver[1].txt [ /smartadserver ]
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\msi_mobile@tracking.quisma[1].txt [ /tracking.quisma ]
C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Cookies\AFVJYE12.txt [ /atdmt.com ]
.lfstmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MSI MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\P39FH2S4.txt [ Cookie:msi mobile@yadro.ru/ ]
C:\USERS\MSI MOBILE\Cookies\AFVJYE12.txt [ Cookie:msi mobile@atdmt.com/ ]
.adxpose.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.vodafonegroup.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MSI MOBILE\Cookies\msi_mobile@tracking.quisma[1].txt [ Cookie:msi mobile@tracking.quisma.com/ ]
.msnportal.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MSI MOBILE\Cookies\msi_mobile@smartadserver[1].txt [ Cookie:msi mobile@smartadserver.com/ ]
.weborama.fr [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MSI MOBILE\Cookies\msi_mobile@avgtechnologies.112.2o7[1].txt [ Cookie:msi mobile@avgtechnologies.112.2o7.net/ ]
.liveperson.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.komtrack.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.komtrack.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adserver1.mokono.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adsrv1.admediate.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sevenoneintermedia.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adcentriconline.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adserver.gs [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
upvalue1.easymedia-adserver.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.wissende.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
zbox.zanox.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.porn.drei.to [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.porn.drei.to [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aeliciczwfp.stats.esomniture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aelyomc5skp.stats.esomniture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.profilbanner.me [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.profilbanner.me [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.findix.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.findix.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.stepstone.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.cheaptickets.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmliuid5cco.stats.esomniture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.nail-discount-24.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.nail-discount-24.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.advert-layer.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.advert-layer.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
data.coremetrics.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.cyonix.to [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.cyonix.to [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
tracking.sandstein.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adserver.kino-zeit.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjl4apd5ifp.stats.esomniture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ads2.bartime.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ibanner.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
new.portal-banner.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.wlw.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
pornrush.org [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
pornrush.org [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.matratzendiscount.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.matratzendiscount.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.countomat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adservercentral.info [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexgeschichten.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexgeschichten.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adserver.gb5.motorpresse.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.pumaonlinestorede.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
s4.trafficmaxx.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.snapfish.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
counter.search.bg [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.aok.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.track.webgains.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.gostats.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexshop-dildo-king.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexshop-dildo-king.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmloumdpoep.stats.esomniture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.druckdiscount24.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.druckdiscount24.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.deutschepostag.112.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexgeschichten.tv [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexgeschichten.tv [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexvideos01.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.sexvideos01.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
vidasco.rotator.hadj7.adjuggler.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
vidasco.rotator.hadj7.adjuggler.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adserv.chirurgie-portal.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
NETTO Reifen-Räder-Discount - billig, schnell, kompetent [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.reifendiscount.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
NETTO Reifen-Räder-Discount - billig, schnell, kompetent [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.frontlinegmbh.122.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.BurstMedia [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.en.profilbanner.me [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.en.profilbanner.me [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
TLDAdserv.com - Ihr Partner für seriöse Auszahlungen [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adserver2.clipkit.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.kursfinder.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.kursfinder.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Finden Sie auf kursfinder.de die passende Weiterbildung! [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
studivz.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
studivz.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
s1.trafficmaxx.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.elitepartner.ch [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.elitepartner.ch [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.elitepartner.ch [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]

cosinus 26.11.2011 13:49
Zitat:
Scan type : Quick Scan
Ich hab extzra geschrieben VOLLSCANS auch mit SASW!

Sarah1109199 29.11.2011 21:43
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 11/29/2011 at 06:28 PM

Application Version : 5.0.1136

Core Rules Database Version : 7996
Trace Rules Database Version: 5808

Scan type : Complete Scan
Total Scan Time : 00:43:32

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 723
Memory threats detected : 0
Registry items scanned : 38194
Registry threats detected : 0
File items scanned : 40926
File threats detected : 12

Adware.Tracking Cookie
delivery.ibanner.de [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CYNNBZH5 ]
Google [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MSI MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTJOTPBD.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-SoftonicDownloader
C:\USERS\MSI MOBILE\DOWNLOADS\SOFTONICDOWNLOADER_FUER_AVIRA-ANTIVIR.EXE

cosinus 30.11.2011 12:00
Ok. Softonic-Müll und Cookies. Alles entfernen.
Kommt ESET noch?

Sarah1109199 03.12.2011 14:10
Sorry es hat leider etwas gedauert...also hier Eset:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=722c9f04af97134ab210e502484a64b3
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-14 11:30:46
# local_time=2011-11-15 12:30:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 15651540 15651540 0 0
# compatibility_mode=1797 16775165 100 94 1491796 57847177 1506964 0
# compatibility_mode=5892 16776574 100 100 23279031 158843084 0 0
# compatibility_mode=8192 67108863 100 0 3909 3909 0 0
# scanned=24453
# found=0
# cleaned=0
# scan_time=3090
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=722c9f04af97134ab210e502484a64b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-15 10:16:07
# local_time=2011-11-15 11:16:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 15725181 15725181 0 0
# compatibility_mode=1797 16775165 100 94 3910 57920818 0 0
# compatibility_mode=5892 16776574 100 100 23352672 158916725 0 0
# compatibility_mode=8192 67108863 100 0 77550 77550 0 0
# scanned=169535
# found=3
# cleaned=0
# scan_time=11372
C:\Users\MSI Mobile\AppData\Local\Temp\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\MSI Mobile\Downloads\SoftonicDownloader_fuer_avira-antivir.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\MSI Mobile\Downloads\SoftonicDownloader_fuer_nero-lite.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=722c9f04af97134ab210e502484a64b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-03 12:47:09
# local_time=2011-12-03 01:47:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 17246480 17246480 0 0
# compatibility_mode=1797 16775165 100 94 1284505 59442117 1109286 0
# compatibility_mode=5892 16776574 100 100 24873971 160438024 0 0
# compatibility_mode=8192 67108863 100 0 1598849 1598849 0 0
# scanned=174782
# found=3
# cleaned=0
# scan_time=11133
C:\$RECYCLE.BIN\S-1-5-21-3700083461-3758754058-1150892198-1000\$RKBLFWF.exe Win32/InstallCore application (unable to clean) 00000000000000000000000000000000 I
C:\Users\MSI Mobile\AppData\Local\temp\ICReinstall_PDFCreatorSetup.exe Win32/InstallCore application (unable to clean) 00000000000000000000000000000000 I
C:\Users\MSI Mobile\Downloads\SoftonicDownloader_fuer_nero-lite.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

cosinus 03.12.2011 14:51
Die Funde kannst du vernachlässigen. Evtl. mal den Papierkorb leeren.
Rechner soweit wieder im Lot?

Sarah1109199 10.12.2011 14:10
Ja also ich merke nichts mehr, dürfte alles wieder ok sein! Vielen Dank!
Lg Sarah

cosinus 12.12.2011 09:45
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.


Flashplayer
Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers => Adobe - Andere Version des Adobe Flash Player installieren
(Alternativ bei Chip => http://filepony.de/?q=Flash+Player)

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131