Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Gesperrtes System_Trojaner Bundespolizei_Win7 32bit (https://www.trojaner-board.de/123166-gesperrtes-system_trojaner-bundespolizei_win7-32bit.html)

Elektritze 31.08.2012 13:51
Gesperrtes System_Trojaner Bundespolizei_Win7 32bit
 
Hallo und erstmal ein dickes Lob für dieses hervorragende Forum und die unermüdlichen Helfer!!! :daumenhoc

Ich habe hier einen Rechner, der sich diesen Verschlüsselungs-Trojaner eingefangen hat.
Es ist wohl die Version 1.14, wie ich auf einer anderen Website gesehen habe.

Die Symptome sind halt der gesperrte Bildschirm und die Umwandlung der Dateinamen in irgendwelche sinnlosen Buchstabenkombis ohne Dateiendung!

Ich habe schon mal die "Erstanweisungen" befolgt:

- Defogger ausgeführt
- Scan mit OTL
- Scan mit Gmer
- Scan mit Malwarebytes (verkehrte Reihenfolge...? :o)

Das Problem war, dass ich erst nur über den abgesicherten Modus ins System kam, daher habe ich die schädliche Datei schon mal lokalisiert und den Eintrag aus dem Systemstartmenue entfernt.

Sie war in einem Ordner "Uurlrr" in C:\Users\Anwender\AppData\Roaming.
Außerdem war im Systemstart eine Verknüpfung zu C:\Users\Anwender\AppData\Roaming \logons.exe, die habe ich auch erstmal deaktiviert, kam mir irgendwie suspekt vor...

Ich hoffe, das war kein Vorgriff entgegen euren Anweisungen, gelöscht habe ich ja nichts.
Jedenfalls war die Sperrung dann erstmal deaktiviert und ich kam wieder normal ins System!

Mit Malwarebytes habe ich dann einen vollständigen Scan durchgeführt, da ich nicht sicher war, ob sich vielleicht auf D: auch was eingenistet hat...
Das Programm hat dann auch die von mir aus dem Systemstart entfernte Datei identifiziert!
Habe ich daraufhin von Malwarebytes entfernen lassen (nach dem Erstellen des Logfiles!)

Wie ist das eigentlich mit zuvor angeschlossenen externen Laufwerken, sollte man die auch noch irgendwie "behandeln"?

Hier nun die Logfiles:

Code:
OTL logfile created on: 31.08.2012 07:36:08 - Run 2
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Anwender\Desktop\Virus
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 79,98% Memory free
5,95 Gb Paging File | 5,47 Gb Available in Paging File | 91,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,78 Gb Total Space | 198,71 Gb Free Space | 85,36% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 230,41 Gb Free Space | 98,94% Space Free | Partition Type: NTFS
Drive F: | 121,64 Mb Total Space | 121,07 Mb Free Space | 99,53% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: Anwender | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.31 01:09:04 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Desktop\Virus\OTL.exe
PRC - [2012.08.02 13:09:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.02 13:09:06 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.15 12:38:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.02 13:09:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.07 17:13:37 | 000,229,520 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files\Common Files\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2012.05.21 12:17:52 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.10 15:42:32 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.04.10 15:42:28 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.07 01:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.28 09:10:40 | 000,189,776 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Stopped] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010.02.23 11:01:28 | 000,329,168 | ---- | M] () [Auto | Stopped] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.14 16:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Programme\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\AsrCDDrv.sys -- (AsrCDDrv)
DRV - [2012.07.07 09:24:01 | 000,100,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewsercd.sys -- (ewsercd)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 15:06:36 | 000,091,760 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.02.21 18:46:20 | 000,315,368 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV - [2012.02.21 18:46:18 | 000,102,888 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV - [2012.01.06 10:44:30 | 000,043,104 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\asahci32.sys -- (asahci32)
DRV - [2011.12.06 04:22:02 | 000,280,576 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011.11.10 00:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010.11.22 10:25:22 | 000,046,184 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Programme\Free Ride Games\X6XSEx.sys -- (X6XSEx)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.08.07 11:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.11 14:37:04 | 000,013,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.01.06 17:20:00 | 000,583,680 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2006.11.02 08:57:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10018&barid={A5BC2C2D-CC06-11E1-AB8B-BC5FF400BD6C}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10018&barid={A5BC2C2D-CC06-11E1-AB8B-BC5FF400BD6C}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/mb135?a=6OyHcmxOed
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/mb134/?search={searchTerms}&loc=search_box&a=6OyHcmxOed
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10018&barid={A5BC2C2D-CC06-11E1-AB8B-BC5FF400BD6C}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredimail.com/mb135?a=6OyHcmxOed"
FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/mb134/?loc=ff_address_bar&a=6OyHcmxOed&search="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredimail.com/mb134?a=6OyHcmxOed"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Anwender\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.02 13:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.02 13:09:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.07 09:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions
[2012.07.12 11:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\sbo2ndgd.default\extensions
[2012.07.07 10:15:23 | 000,002,195 | ---- | M] () -- C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\searchplugins\MyStart Search.xml
[2012.07.12 11:48:00 | 000,003,998 | ---- | M] () -- C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\searchplugins\sweetim.xml
[2012.07.07 09:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.02 13:09:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Anwender\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - Extension: YouTube = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (PDF Genie 5.0) - {BDA33FF0-AD30-4335-9082-D5967EADB37D} - C:\Programme\DATA BECKER\PDF Genie 5.0\iexp32.dll (DATA BECKER)
O4 - HKLM..\Run: [Arcor Online]  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKCU..\Run: [4E5B272F] C:\Users\Anwender\AppData\Roaming\Uurlrr\eueplelblu.exe ()
O4 - HKCU..\Run: [Arcor Online]  File not found
O4 - HKCU..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [logons] C:\Users\Anwender\AppData\Roaming\logons.exe (saw Question)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AC05CDA-1B05-42BC-86D9-D8E216D494D5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94A9D0F3-44EA-4615-9336-C7BB35AE0CF3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bcb57192-c5ac-11e1-8ef7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bcb57192-c5ac-11e1-8ef7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ASRSetup.exe
O33 - MountPoints2\{dd5d448c-c5ae-11e1-8c72-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dd5d448c-c5ae-11e1-8c72-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{ff840267-c803-11e1-8b49-bc5ff400bd6c}\Shell - "" = AutoRun
O33 - MountPoints2\{ff840267-c803-11e1-8b49-bc5ff400bd6c}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 07:20:02 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\Virus
[2012.08.31 07:14:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.08.30 21:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012.08.30 21:40:24 | 000,000,000 | ---D | C] -- C:\Windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}
[2012.08.29 22:27:06 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Uurlrr
[2012.08.29 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Zrrlshn
[2012.08.23 09:00:58 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Documents\Corel User Files
[2012.08.11 12:27:07 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Documents\Neuer Ordner
[2012.08.05 13:03:26 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\OpenOffice.org
[2012.08.05 13:02:16 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.08.05 13:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.08.05 13:00:34 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\OpenOffice.org 3.4 (de) Installation Files
[2012.07.07 09:11:31 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\Anwender\AppData\Local\cmdial32.dll
[2009.07.14 01:11:09 | 000,147,456 | ---- | C] (saw Question) -- C:\Users\Anwender\AppData\Roaming\logons.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 07:27:21 | 000,000,000 | ---- | M] () -- C:\Users\Anwender\defogger_reenable
[2012.08.31 07:18:46 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.31 07:18:46 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.31 07:18:46 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.31 07:18:46 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.31 07:14:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 07:14:24 | 316,288,050 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.31 07:14:23 | 2398,355,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.31 06:43:02 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 06:43:02 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 06:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.30 08:17:49 | 000,442,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.29 22:56:19 | 000,002,679 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office Word 2007.lnk
[2012.08.29 22:56:19 | 000,002,649 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office Publisher 2007.lnk
[2012.08.29 16:19:54 | 000,006,656 | ---- | M] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.29 16:15:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000UA.job
[2012.08.29 13:15:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000Core.job
[2012.08.26 19:36:56 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\VfVtUoEnnoALfdnsAq
[2012.08.20 19:42:22 | 000,052,736 | ---- | M] () -- C:\Users\Anwender\Documents\NsNavsQgNaOJugrTDNTJs
[2012.08.20 17:30:42 | 000,031,445 | ---- | M] () -- C:\Users\Anwender\Documents\dqUGVdofndxLqjfEAs
[2012.08.17 20:54:41 | 000,002,667 | ---- | M] () -- C:\Users\Anwender\Desktop\Microsoft Office Publisher 2007.lnk
[2012.08.11 23:32:33 | 000,049,756 | ---- | M] () -- C:\Users\Anwender\Documents\gOgvNOgTQpNTXpQuNsOX
[2012.08.10 12:43:00 | 000,107,930 | ---- | M] () -- C:\Users\Anwender\Documents\NDNXOJQQNlXslrOapXll
[2012.08.05 13:02:16 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.08.02 16:13:26 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
 
========== Files Created - No Company Name ==========
 
[2012.08.31 07:27:21 | 000,000,000 | ---- | C] () -- C:\Users\Anwender\defogger_reenable
[2012.08.31 07:14:24 | 316,288,050 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.08.29 22:56:19 | 000,002,679 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office Word 2007.lnk
[2012.08.29 22:56:19 | 000,002,649 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office Publisher 2007.lnk
[2012.08.17 20:54:41 | 000,002,667 | ---- | C] () -- C:\Users\Anwender\Desktop\Microsoft Office Publisher 2007.lnk
[2012.08.17 16:09:53 | 000,006,656 | ---- | C] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.05 13:02:16 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.07.23 22:27:59 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.07.12 11:48:33 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012.07.08 17:47:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.07 12:23:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.07.07 12:23:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.07.07 12:23:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.07.07 12:23:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.07.07 12:23:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.07.07 12:23:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.07.07 12:23:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.07.07 12:23:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.07.07 12:23:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.07.07 12:23:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.07.07 12:23:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.07.07 12:23:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.07.07 12:23:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.07.07 12:23:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.07.07 12:23:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.07.07 12:23:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.07.07 12:23:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.07.07 12:23:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.07.07 12:23:16 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.07.04 10:02:50 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012.07.04 09:58:15 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012.07.04 09:58:14 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2012.05.21 11:57:52 | 000,058,880 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.05.21 10:47:36 | 013,214,720 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.05.21 10:39:58 | 000,009,216 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.05.21 10:38:44 | 000,000,255 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.03.19 23:26:06 | 000,963,912 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2012.03.19 23:26:06 | 000,261,208 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2012.03.07 01:40:26 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll
 
========== LOP Check ==========
 
[2012.07.12 11:47:45 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Canneverbe Limited
[2012.07.07 17:46:42 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Epson
[2012.08.05 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\OpenOffice.org
[2012.07.07 17:17:06 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\ProtectDisc
[2012.08.29 22:27:06 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Uurlrr
[2012.07.07 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Verbindungsassistent
[2012.08.14 22:44:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
OTL Extras logfile created on: 31.08.2012 07:28:30 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Anwender\Desktop\Virus
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,79% Memory free
5,95 Gb Paging File | 5,50 Gb Available in Paging File | 92,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,78 Gb Total Space | 198,72 Gb Free Space | 85,37% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 230,41 Gb Free Space | 98,94% Space Free | Partition Type: NTFS
Drive F: | 121,64 Mb Total Space | 121,07 Mb Free Space | 99,53% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: Anwender | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27430247-2E29-4C81-A428-7FEAE2A59193}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{301C56C5-C851-4607-972C-0EB0C630326B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4258266B-5F84-4608-8B0C-1148803732B4}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{4F3CBA09-C74A-4EF8-98B7-2BB20CBCD935}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9D459106-F40F-4414-BBD3-7E3DF79232AD}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A6DC482E-ACD2-4163-95A4-D3A54810ED3C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A90592C1-2CCC-4303-B1DA-957158122D5A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CA9F4287-A8EE-4A5A-ADDA-ACD1E6A7BD06}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{745DDE4E-8061-4E07-9201-2C21683F9287}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{DBFDC888-114D-44A8-8C9E-559C9E305DD6}C:\users\anwender\appdata\local\temp\usmt\migwiz.exe" = protocol=6 | dir=in | app=c:\users\anwender\appdata\local\temp\usmt\migwiz.exe |
"UDP Query User{C202D7EB-EB68-4485-9D60-3EF56BFB2140}C:\users\anwender\appdata\local\temp\usmt\migwiz.exe" = protocol=17 | dir=in | app=c:\users\anwender\appdata\local\temp\usmt\migwiz.exe |
"UDP Query User{EB452385-6BF4-4490-AB8D-BD6C6D7AC9D1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{523DF39E-DF7D-488F-8022-783946571031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{70B6AFF1-40D1-486E-B846-26F88AFC78C2}" = Intel® Trusted Connect Service Client
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6D309F9-38AB-4cc3-8DA7-0544F5011788}" = PDF Genie 5.0
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 Benutzerhandbuch" = Epson Stylus SX110_TX110 Handbuch
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"exent_642550" = Jewel Quest 3
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.20.03.00
"IncrediMail" = IncrediMail 2.0
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Genie 5.0_is1" = DATA BECKER PDF Genie 5.0
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Verbindungsassistent" = Verbindungsassistent
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.08.2012 10:03:25 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11305
Description =
 
Error - 02.08.2012 10:06:50 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11305
Description =
 
Error - 02.08.2012 10:14:28 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 10.0.2616.0,
 Zeitstempel: 0x3a8f0315  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000008  ID des fehlerhaften
 Prozesses: 0x3f8  Startzeit der fehlerhaften Anwendung: 0x01cd70b920264047  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 5e535576-dcac-11e1-9fb8-bc5ff400bd6c
 
Error - 02.08.2012 16:24:35 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 10.0.2616.0,
 Zeitstempel: 0x3a8f0315  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000008  ID des fehlerhaften
 Prozesses: 0xb30  Startzeit der fehlerhaften Anwendung: 0x01cd70ecd4aa57a6  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 131a135d-dce0-11e1-be25-bc5ff400bd6c
 
Error - 05.08.2012 13:13:47 | Computer Name = ***-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 10.08.2012 06:45:26 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Professional\Connection.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.08.2012 06:45:37 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Professional\Connection.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.08.2012 05:46:30 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "G:\Volume\Professional\Connection.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.08.2012 10:29:42 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IncMail.exe, Version: 6.3.2.5194,
 Zeitstempel: 0x4f82d06b  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c380b  ID des fehlerhaften
 Prozesses: 0xa5c  Startzeit der fehlerhaften Anwendung: 0x01cd85f068c3fd26  Pfad der
 fehlerhaften Anwendung: C:\Program Files\IncrediMail\Bin\IncMail.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: f8a17c06-f1e5-11e1-9b9c-bc5ff400bd6c
 
Error - 30.08.2012 15:31:38 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description =
 
[ Media Center Events ]
Error - 23.08.2012 12:33:22 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:33:22 - Fehler beim Herstellen der Internetverbindung.  18:33:22
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 23.08.2012 12:33:55 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:33:51 - Fehler beim Herstellen der Internetverbindung.  18:33:51
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 26.08.2012 11:51:16 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:51:16 - Fehler beim Herstellen der Internetverbindung.  17:51:16
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 26.08.2012 11:51:49 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:51:45 - Fehler beim Herstellen der Internetverbindung.  17:51:45
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 27.08.2012 10:48:00 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:48:00 - Fehler beim Herstellen der Internetverbindung.  16:48:00
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 27.08.2012 10:48:32 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:48:29 - Fehler beim Herstellen der Internetverbindung.  16:48:29
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 28.08.2012 09:52:57 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:52:57 - Fehler beim Herstellen der Internetverbindung.  15:52:57
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 28.08.2012 09:53:28 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:53:26 - Fehler beim Herstellen der Internetverbindung.  15:53:26
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 28.08.2012 11:17:14 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:17:13 - Fehler beim Herstellen der Internetverbindung.  17:17:13
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.08.2012 15:24:25 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:24:25 - Fehler beim Herstellen der Internetverbindung.  21:24:25
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 30.08.2012 22:50:09 | Computer Name = ***-PC | Source = Microsoft-Windows-DriverFrameworks-UserMode | ID = 10101
Description = Das Treiberpaket konnte nicht installiert werden. Der letzte Status
 war "1115".
 
Error - 31.08.2012 01:14:31 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?08.?2012 um 07:13:14 unerwartet heruntergefahren.
 
Error - 31.08.2012 01:14:31 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 31.08.2012 01:14:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  AsrAppCharger  avipbb  avkmgr  discache  spldr  ssmdrv  Wanarpv6
 
Error - 31.08.2012 01:14:46 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 31.08.2012 01:14:52 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 31.08.2012 01:14:56 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 31.08.2012 01:14:56 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 31.08.2012 01:14:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 31.08.2012 01:14:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-31 08:03:10
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45
Running: wtjrriwg.exe; Driver: C:\Users\Anwender\AppData\Local\Temp\pwlcruob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwRollbackEnlistment + 1409  82484989 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 5A2    824A44E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          autochk.exe                              007111D2 1 Byte  [6C]
.text          autochk.exe                              007111D2 3 Bytes  [6C, 00, 6C]
.text          autochk.exe                              007111D6 1 Byte  [2C]
.text          autochk.exe                              007111D6 3 Bytes  [2C, 00, 2D]
.text          autochk.exe                              007111DA 1 Byte  [35]
.text          ...                                     

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.31.06

Windows 7 Service Pack 1 x86 FAT32
Internet Explorer 9.0.8112.16421
Anwender :: ***-PC [Administrator]

Schutz: Aktiviert

31.08.2012 17:03:25
mbam-log-2012-08-31 (18-18-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291220
Laufzeit: 1 Stunde(n), 3 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Anwender\AppData\Roaming\Uurlrr\eueplelblu.exe (Trojan.Inject) -> Keine Aktion durchgeführt.

(Ende)
Nun warte ich auf weitere Instruktionen und sage schon mal im Voraus: "Herzlichen Dank"!

Gruß Susanne :)

cosinus 01.09.2012 13:15
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.


Und ja, möglichst auch alle externen Laufwerke sollen mit Malwarebytes usw. untresucht werden

Elektritze 01.09.2012 17:23
Das sind jetzt alle Logs, die im Reiter Logdateien vorhanden waren...
Der zweite ist wahrscheinlich entstanden, weil ich erst den Log gespeichert und dann erst die Datei von Malwarebytes habe entfernen lassen...?

Ich hatte das Programm erst kurz vorher installiert, ob in der Vergangenheit schon mal damit gearbeitet wurde, ist leider nicht mehr nachvollziehbar, weil das nicht mein Rechner ist!

Oder wie war Deine Frage gemeint...?

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.31.06

Windows 7 Service Pack 1 x86 FAT32
Internet Explorer 9.0.8112.16421
Anwender :: ***-PC [Administrator]

Schutz: Aktiviert

31.08.2012 17:03:25
mbam-log-2012-08-31 (18-18-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291220
Laufzeit: 1 Stunde(n), 3 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Anwender\AppData\Roaming\Uurlrr\eueplelblu.exe (Trojan.Inject) -> Keine Aktion durchgeführt.

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.31.06

Windows 7 Service Pack 1 x86 FAT32
Internet Explorer 9.0.8112.16421
Anwender :: ***-PC [Administrator]

Schutz: Aktiviert

31.08.2012 17:03:25
mbam-log-2012-08-31 (17-03-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291220
Laufzeit: 1 Stunde(n), 3 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Anwender\AppData\Roaming\Uurlrr\eueplelblu.exe (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
2012/08/31 17:01:52 +0200        ***-PC        Anwender        MESSAGE        Starting protection
2012/08/31 17:01:54 +0200        ***-PC        Anwender        MESSAGE        Protection started successfully
2012/08/31 17:01:57 +0200        ***-PC        Anwender        MESSAGE        Starting IP protection
2012/08/31 17:01:58 +0200        ***-PC        Anwender        MESSAGE        IP Protection started successfully
2012/08/31 17:02:02 +0200        ***-PC        Anwender        MESSAGE        Starting database refresh
2012/08/31 17:02:02 +0200        ***-PC        Anwender        MESSAGE        Stopping IP protection
2012/08/31 17:03:55 +0200        ***-PC        Anwender        MESSAGE        IP Protection stopped
2012/08/31 17:03:57 +0200        ***-PC        Anwender        MESSAGE        Database refreshed successfully
2012/08/31 17:03:57 +0200        ***-PC        Anwender        MESSAGE        Starting IP protection
2012/08/31 17:03:58 +0200        ***-PC        Anwender        MESSAGE        IP Protection started successfully
2012/08/31 18:21:43 +0200        ***-PC        Anwender        MESSAGE        Starting protection
2012/08/31 18:21:45 +0200        ***-PC        Anwender        MESSAGE        Protection started successfully
2012/08/31 18:21:48 +0200        ***-PC        Anwender        MESSAGE        Starting IP protection
2012/08/31 18:21:50 +0200        ***-PC        Anwender        MESSAGE        IP Protection started successfully
2012/08/31 18:28:00 +0200        ***-PC        Anwender        MESSAGE        Executing scheduled update:  Daily
2012/08/31 18:28:01 +0200        ***-PC        Anwender        MESSAGE        Database already up-to-date
Externes Laufwerk wird gerade gescannt...
Was bedeutet "usw." ? Auch OTL und GMER drüberlaufen lassen?

So, externes Laufwerk jetzt mit Malwarebytes gescannt:

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.01.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Anwender :: ***-PC [Administrator]

Schutz: Aktiviert

01.09.2012 22:04:12
mbam-log-2012-09-01 (22-04-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 326090
Laufzeit: 1 Stunde(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Scheinbar sauber...?:dummguck:

cosinus 03.09.2012 14:07
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Im als Administrator geöffneten Browser diesen Link aufrufen => ESET Online Scanner
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Elektritze 03.09.2012 17:40
So hier nun Eset-Log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=02150197ee153b45b5271ba8a8ca2207
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-03 03:14:26
# local_time=2012-09-03 05:14:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5029107 5029107 0 0
# compatibility_mode=5893 16776574 100 94 5284472 98310092 0 0
# compatibility_mode=8192 67108863 100 0 194 194 0 0
# scanned=253507
# found=18
# cleaned=0
# scan_time=6365
C:\Users\Anwender\AppData\Local\Temp\{485C-15F77C-15FB7C}        Win32/Spy.Bebloh.H trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Anwender\AppData\Roaming\logons.exe        a variant of Win32/Kryptik.ALEN trojan (unable to clean)        00000000000000000000000000000000        I
G:\Alle Dateien bis 10. Februar 2012\Eigene Dateien\Downloads\SoftonicDownloader_fuer_nero-burning-rom.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
G:\Alle Dateien bis 10. Februar 2012\Eigene Dateien 03.April 2012\Downloads\SoftonicDownloader_fuer_avira-antivir.exe        Win32/SoftonicDownloader application (unable to clean)        00000000000000000000000000000000        I
G:\Alle Dateien bis 10. Februar 2012\Eigene Dateien 2010 November\Downloads\registrybooster(2).exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
G:\Alle Dateien bis 10. Februar 2012\Eigene Dateien 2010 November\Downloads\registrybooster(3).exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
G:\Alle Dateien bis 10. Februar 2012\Eigene Dateien 2010 November\Downloads\registrybooster.exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
G:\Alle Dateien bis 10. Februar 2012\Eigene Dateien20. 2.2012 nicht löschen\Downloads\SoftonicDownloader_fuer_avira-antivir.exe        Win32/SoftonicDownloader application (unable to clean)        00000000000000000000000000000000        I
G:\Alle Dateien bis 10. Februar 2012\Eigene DateienOktr 10\Downloads\registrybooster(2).exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
G:\Alle Dateien bis 10. Februar 2012\Eigene DateienOktr 10\Downloads\registrybooster(3).exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
G:\Alle Dateien bis 10. Februar 2012\Eigene DateienOktr 10\Downloads\registrybooster.exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
G:\Eigene Dateien ab 20.06.2011\Downloads\registrybooster(2).exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
G:\Eigene Dateien ab 20.06.2011\Downloads\registrybooster(3).exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
G:\Eigene Dateien ab 20.06.2011\Downloads\registrybooster.exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
G:\Eigene Dateien ab 20.06.2011\Eigene Dateien17.3.2012\Downloads\SoftonicDownloader_fuer_avira-antivir.exe        Win32/SoftonicDownloader application (unable to clean)        00000000000000000000000000000000        I
G:\***-PC\Backup Set 2012-07-07 120752\Backup Files 2012-07-22 193018\Backup files 3.zip        a variant of Win32/SoftonicDownloader.D application (unable to clean)        00000000000000000000000000000000        I
G:\***-PC\Backup Set 2012-07-07 120752\Backup Files 2012-08-12 190000\Backup files 4.zip        a variant of Win32/SoftonicDownloader.D application (unable to clean)        00000000000000000000000000000000        I
G:\***-PC\Backup Set 2012-08-19 190001\Backup Files 2012-09-03 152555\Backup files 1.zip        a variant of Win32/Kryptik.ALEN trojan (unable to clean)        00000000000000000000000000000000        I
Schaut wohl nicht so gut aus...:(

cosinus 03.09.2012 20:33
Hm Softonic und Registrybooster! :pfui:

Vermüllte Software von Softonic scheint gerade stark in Mode zu sein! http://cosgan.de/images/midi/boese/a040.gif

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.


adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Elektritze 04.09.2012 07:52
Hier das Log von adwcleaner:

Code:
# AdwCleaner v2.000 - Datei am 09/04/2012 um 08:43:25 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Anwender - ***-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Anwender\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gefunden : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\searchplugins\MyStart Search.xml
Datei Gefunden : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\searchplugins\SweetIm.xml

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\ImInstaller
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\Software\SweetIm
Schlüssel Gefunden : HKU\S-1-5-21-857302832-1272101758-2402345916-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKU\S-1-5-21-857302832-1272101758-2402345916-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10018&barid={A5BC2C2D-CC06-11E1-AB8B-BC5FF400BD6C}

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gefunden : user_pref("browser.search.selectedEngine", "SweetIM Search");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Search");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Search");
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://mystart.incredimail.com/mb134[...]
Gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10018&barid={A5BC[...]

-\\ Google Chrome v21.0.1180.83

Datei : C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2962 octets] - [04/09/2012 08:43:25]

########## EOF - C:\AdwCleaner[R1].txt - [3022 octets] ##########

cosinus 04.09.2012 15:26
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Elektritze 04.09.2012 16:01
Büdde!!!

Code:
# AdwCleaner v2.000 - Datei am 09/04/2012 um 16:34:32 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Anwender - ***-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Anwender\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\searchplugins\SweetIm.xml

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\SweetIm

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10018&barid={A5BC2C2D-CC06-11E1-AB8B-BC5FF400BD6C} --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\prefs.js

Gelöscht : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gelöscht : user_pref("browser.search.selectedEngine", "SweetIM Search");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Search");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Search");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://mystart.incredimail.com/mb134[...]
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10018&barid={A5BC[...]

-\\ Google Chrome v21.0.1180.83

Datei : C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3091 octets] - [04/09/2012 08:43:25]
AdwCleaner[S1].txt - [3227 octets] - [04/09/2012 16:34:32]

########## EOF - C:\AdwCleaner[S1].txt - [3287 octets] ##########

cosinus 04.09.2012 18:47
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Elektritze 04.09.2012 19:53
1) Ja, soweit ich das überblicke...
2) keine leeren Ordner, scheint alles vorhanden zu sein.

Interessant ist, dass z.Bsp. im Startmenu Ordner von Adobe Reader die zuletzt geöffneten pdf´s noch mit ihren Originalnamen drinstehen, man kann sie aber trotzdem nicht öffnen (am Speicherort sind sie ja verschlüsselt...)

Ich habe auch noch mal `ne Frage:
Ich habe in anderen Threads gelesen, dass nach dem OTL-Scan oft ein Fix gemacht wird, war das hier nicht notwendig...?
Nur interessehalber! :dummguck:

cosinus 04.09.2012 20:01
Nun immer mit der Ruhe, rate mal was jetzt kommt, ich hab doch gesagt nach den zwei Fragen geht es weiter :pfeiff:

Und zu den verschlüsselten Dateien steht ja nun wirklich alle Hinweise oben verlinkt! Aber erst muss das System sauber sein!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Elektritze 04.09.2012 20:05
Uups!!! Korrigiere!!! :balla:

Ich hatte gerade noch die Idee, mal in die msconfig reinzuschauen und was sehe ich da: Ich hatte die ganze Zeit immer noch im abgesicherten Modus gestartet und was irgendwie kurios ist, die beiden exen, die doch eigentlich in Quarantäne sein müßten und die ich ganz am Anfang deaktiviert hatte, haben sich klammheimlich wieder selbst aktiviert...

Also die eueplelblu.exe und logons.exe!

Ist das normal?

Und wie verhalte ich mich jetzt am besten?

Ich traue mich jetzt gar nicht den normalen Modus auszuprobieren...

Soll ich jetzt trotzdem Deinen Anweisungen in #12 folgen?

cosinus 04.09.2012 20:13
Ja! Nun mach das OTL-Log!

Elektritze 04.09.2012 20:19
o.k. kommt sofort!!!

:dankeschoen:für Deine Geduld mit mir!

Ich werd noch zum Tier!!!
Jetzt bin ich vorhin aus Versehen auf das Icon von diesem bescheuerten Incredimail gekommen, da kam dann diese Benachrichtigung, dass "My Start" nicht mehr die Startseite ist, blah blah...

Habs direkt weggeklickt und geschlossen, aber leider, beim Öffnen des Firefox war wieder My Start als Startseite eingestellt!!! :headbang:

Sorry, wenn ich hier mit irrelevanten Infos nerve, aber vielleicht ist das ja wichtig...?

Hier das Log:

Code:
OTL logfile created on: 04.09.2012 21:29:57 - Run 3
OTL by OldTimer - Version 3.2.60.0    Folder = C:\Users\Anwender\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 76,82% Memory free
5,95 Gb Paging File | 4,87 Gb Available in Paging File | 81,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,78 Gb Total Space | 198,02 Gb Free Space | 85,07% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 228,96 Gb Free Space | 98,32% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.04 21:25:00 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Desktop\OTL.exe
PRC - [2012.08.09 08:39:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.10 15:42:32 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.04.10 15:42:28 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.03.07 01:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\iCLS Client\HeciServer.exe
PRC - [2011.08.10 16:39:48 | 001,313,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe
PRC - [2011.08.01 15:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.28 09:10:40 | 000,189,776 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2010.02.23 11:01:28 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe
PRC - [2009.05.14 16:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.12.04 13:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.09.27 01:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBE.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.27 22:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.07.04 16:05:05 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012.07.04 16:05:05 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.07.04 11:58:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.07.04 11:58:23 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.07.04 11:58:16 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.07.04 11:58:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.07.04 11:57:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.07.04 11:57:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.07.04 11:57:53 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.07.04 11:57:46 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.01.27 02:11:46 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2008.12.03 14:05:26 | 000,135,168 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.26 10:56:02 | 000,057,344 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.15 12:38:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.02 13:09:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.07 17:13:37 | 000,229,520 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files\Common Files\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.21 12:17:52 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.10 15:42:32 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.04.10 15:42:28 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.07 01:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.28 09:10:40 | 000,189,776 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010.02.23 11:01:28 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.14 16:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\AsrCDDrv.sys -- (AsrCDDrv)
DRV - [2012.07.07 09:24:01 | 000,100,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewsercd.sys -- (ewsercd)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 15:06:36 | 000,091,760 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.02.21 18:46:20 | 000,315,368 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV - [2012.02.21 18:46:18 | 000,102,888 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV - [2012.01.06 10:44:30 | 000,043,104 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\asahci32.sys -- (asahci32)
DRV - [2011.12.06 04:22:02 | 000,280,576 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011.11.10 00:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010.11.22 10:25:22 | 000,046,184 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Programme\Free Ride Games\X6XSEx.sys -- (X6XSEx)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.08.07 11:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.11 14:37:04 | 000,013,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.01.06 17:20:00 | 000,583,680 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2006.11.02 08:57:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-857302832-1272101758-2402345916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKU\S-1-5-21-857302832-1272101758-2402345916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/mb135?a=6OyHcmxOed
IE - HKU\S-1-5-21-857302832-1272101758-2402345916-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-857302832-1272101758-2402345916-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredimail.com/mb135?a=6PQIEfbfVV"
FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/mb134/?loc=ff_address_bar&a=6OyHcmxOed&search="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Anwender\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.02 13:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.02 13:09:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.07 09:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions
[2012.09.04 16:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\sbo2ndgd.default\extensions
[2012.07.07 09:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.02 13:09:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Anwender\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - Extension: YouTube = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Google Mail = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (PDF Genie 5.0) - {BDA33FF0-AD30-4335-9082-D5967EADB37D} - C:\Programme\DATA BECKER\PDF Genie 5.0\iexp32.dll (DATA BECKER)
O4 - HKLM..\Run: [Arcor Online]  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-857302832-1272101758-2402345916-1000..\Run: [Arcor Online]  File not found
O4 - HKU\S-1-5-21-857302832-1272101758-2402345916-1000..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-857302832-1272101758-2402345916-1000..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AC05CDA-1B05-42BC-86D9-D8E216D494D5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94A9D0F3-44EA-4615-9336-C7BB35AE0CF3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bcb57192-c5ac-11e1-8ef7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bcb57192-c5ac-11e1-8ef7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ASRSetup.exe
O33 - MountPoints2\{dd5d448c-c5ae-11e1-8c72-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dd5d448c-c5ae-11e1-8c72-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{ff840267-c803-11e1-8b49-bc5ff400bd6c}\Shell - "" = AutoRun
O33 - MountPoints2\{ff840267-c803-11e1-8b49-bc5ff400bd6c}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: 4E5B272F - hkey= - key= -  File not found
MsConfig - StartUpReg: logons - hkey= - key= - C:\Users\Anwender\AppData\Roaming\logons.exe (saw Question)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.04 21:24:59 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Anwender\Desktop\OTL.exe
[2012.09.03 15:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.03 15:23:53 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Anwender\Desktop\esetsmartinstaller_enu.exe
[2012.08.31 17:01:47 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Malwarebytes
[2012.08.31 17:01:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.31 17:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.31 17:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.31 08:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.08.31 08:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.08.31 07:20:02 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\Virus
[2012.08.31 07:14:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.08.30 21:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012.08.30 21:40:24 | 000,000,000 | ---D | C] -- C:\Windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}
[2012.08.29 22:27:06 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Uurlrr
[2012.08.29 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Zrrlshn
[2012.08.23 09:00:58 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Documents\Corel User Files
[2012.08.11 12:27:07 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Documents\Neuer Ordner
[2012.07.07 09:11:31 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\Anwender\AppData\Local\cmdial32.dll
[2009.07.14 01:11:09 | 000,147,456 | ---- | C] (saw Question) -- C:\Users\Anwender\AppData\Roaming\logons.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.04 21:25:00 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Desktop\OTL.exe
[2012.09.04 21:15:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000UA.job
[2012.09.04 20:39:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.04 20:39:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.04 16:44:15 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 16:44:15 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 16:41:12 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.04 16:41:12 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.04 16:41:12 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.04 16:41:12 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.04 16:36:50 | 2398,355,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.04 08:30:28 | 000,511,265 | ---- | M] () -- C:\Users\Anwender\Desktop\adwcleaner.exe
[2012.09.03 15:23:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Anwender\Desktop\esetsmartinstaller_enu.exe
[2012.08.31 17:01:24 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.31 08:35:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.08.31 08:35:49 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012.08.31 07:27:21 | 000,000,000 | ---- | M] () -- C:\Users\Anwender\defogger_reenable
[2012.08.31 07:14:24 | 316,288,050 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.30 08:17:49 | 000,442,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.29 22:56:19 | 000,002,679 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office Word 2007.lnk
[2012.08.29 22:56:19 | 000,002,649 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office Publisher 2007.lnk
[2012.08.29 16:19:54 | 000,006,656 | ---- | M] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.29 13:15:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000Core.job
[2012.08.26 19:36:56 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\VfVtUoEnnoALfdnsAq
[2012.08.20 19:42:22 | 000,052,736 | ---- | M] () -- C:\Users\Anwender\Documents\NsNavsQgNaOJugrTDNTJs
[2012.08.20 17:30:42 | 000,031,445 | ---- | M] () -- C:\Users\Anwender\Documents\dqUGVdofndxLqjfEAs
[2012.08.17 20:54:41 | 000,002,667 | ---- | M] () -- C:\Users\Anwender\Desktop\Microsoft Office Publisher 2007.lnk
[2012.08.11 23:32:33 | 000,049,756 | ---- | M] () -- C:\Users\Anwender\Documents\gOgvNOgTQpNTXpQuNsOX
[2012.08.10 12:43:00 | 000,107,930 | ---- | M] () -- C:\Users\Anwender\Documents\NDNXOJQQNlXslrOapXll
 
========== Files Created - No Company Name ==========
 
[2012.09.04 08:30:28 | 000,511,265 | ---- | C] () -- C:\Users\Anwender\Desktop\adwcleaner.exe
[2012.08.31 17:01:24 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.31 08:35:49 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012.08.31 07:27:21 | 000,000,000 | ---- | C] () -- C:\Users\Anwender\defogger_reenable
[2012.08.31 07:14:24 | 316,288,050 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.08.29 22:56:19 | 000,002,679 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office Word 2007.lnk
[2012.08.29 22:56:19 | 000,002,649 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office Publisher 2007.lnk
[2012.08.17 20:54:41 | 000,002,667 | ---- | C] () -- C:\Users\Anwender\Desktop\Microsoft Office Publisher 2007.lnk
[2012.08.17 16:09:53 | 000,006,656 | ---- | C] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.23 22:27:59 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.07.12 11:48:33 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012.07.08 17:47:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.07 12:23:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.07.07 12:23:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.07.07 12:23:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.07.07 12:23:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.07.07 12:23:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.07.07 12:23:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.07.07 12:23:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.07.07 12:23:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.07.07 12:23:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.07.07 12:23:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.07.07 12:23:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.07.07 12:23:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.07.07 12:23:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.07.07 12:23:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.07.07 12:23:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.07.07 12:23:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.07.07 12:23:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.07.07 12:23:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.07.07 12:23:16 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.07.04 10:02:50 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012.07.04 09:58:15 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012.07.04 09:58:14 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2012.05.21 11:57:52 | 000,058,880 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.05.21 10:47:36 | 013,214,720 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.05.21 10:39:58 | 000,009,216 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.05.21 10:38:44 | 000,000,255 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.03.19 23:26:06 | 000,963,912 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2012.03.19 23:26:06 | 000,261,208 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2012.03.07 01:40:26 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll
 
========== LOP Check ==========
 
[2012.07.12 11:47:45 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Canneverbe Limited
[2012.07.07 17:46:42 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Epson
[2012.08.05 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\OpenOffice.org
[2012.07.07 17:17:06 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\ProtectDisc
[2012.08.31 18:18:59 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Uurlrr
[2012.07.07 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Verbindungsassistent
[2012.08.31 08:35:49 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\avast! Emergency Update.job
[2012.08.14 22:44:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.07 19:16:54 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\ABBYY
[2012.07.07 17:42:24 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Adobe
[2012.07.07 10:35:19 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Avira
[2012.07.12 11:47:45 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Canneverbe Limited
[2012.07.04 16:29:50 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Corel
[2012.07.07 17:46:42 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Epson
[2012.07.04 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Identities
[2012.07.04 10:01:55 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\InstallShield
[2012.07.04 10:05:03 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Intel Corporation
[2012.07.07 17:27:15 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Macromedia
[2012.08.31 17:01:47 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Media Center Programs
[2012.08.30 21:33:07 | 000,000,000 | --SD | M] -- C:\Users\Anwender\AppData\Roaming\Microsoft
[2012.07.07 09:47:19 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Mozilla
[2012.07.11 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Nero
[2012.08.05 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\OpenOffice.org
[2012.07.07 17:17:06 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\ProtectDisc
[2012.08.31 18:18:59 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Uurlrr
[2012.07.07 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Verbindungsassistent
 
< %APPDATA%\*.exe /s >
[2009.07.14 03:14:16 | 000,147,456 | ---- | M] (saw Question) -- C:\Users\Anwender\AppData\Roaming\logons.exe
[2012.07.04 16:29:01 | 000,010,134 | R--- | M] () -- C:\Users\Anwender\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
[2012.07.04 16:29:01 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Anwender\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
[2009.07.22 17:28:36 | 000,477,976 | ---- | M] (Protect GmbH) -- C:\Users\Anwender\AppData\Roaming\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe
[2012.07.07 17:13:36 | 000,059,043 | ---- | M] () -- C:\Users\Anwender\AppData\Roaming\ProtectDisc\License Helper v2\uninst.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 23:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys
[2010.11.05 23:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1d4bb208009ee37\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

cosinus 05.09.2012 08:59
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Elektritze 05.09.2012 22:19
Hier das Log zu TDSS:

Code:
23:06:42.0220 0240  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:06:42.0283 0240  ============================================================
23:06:42.0283 0240  Current date / time: 2012/09/05 23:06:42.0283
23:06:42.0283 0240  SystemInfo:
23:06:42.0283 0240 
23:06:42.0283 0240  OS Version: 6.1.7601 ServicePack: 1.0
23:06:42.0283 0240  Product type: Workstation
23:06:42.0283 0240  ComputerName: ***-PC
23:06:42.0283 0240  UserName: Anwender
23:06:42.0283 0240  Windows directory: C:\Windows
23:06:42.0283 0240  System windows directory: C:\Windows
23:06:42.0283 0240  Processor architecture: Intel x86
23:06:42.0283 0240  Number of processors: 2
23:06:42.0283 0240  Page size: 0x1000
23:06:42.0283 0240  Boot type: Normal boot
23:06:42.0283 0240  ============================================================
23:06:43.0718 0240  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:06:43.0718 0240  ============================================================
23:06:43.0718 0240  \Device\Harddisk0\DR0:
23:06:43.0733 0240  MBR partitions:
23:06:43.0733 0240  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:06:43.0733 0240  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D190800
23:06:43.0733 0240  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1D1C3000, BlocksNum 0x1D1C2000
23:06:43.0733 0240  ============================================================
23:06:43.0765 0240  C: <-> \Device\Harddisk0\DR0\Partition2
23:06:43.0796 0240  D: <-> \Device\Harddisk0\DR0\Partition3
23:06:43.0796 0240  ============================================================
23:06:43.0796 0240  Initialize success
23:06:43.0796 0240  ============================================================
23:07:29.0785 2544  ============================================================
23:07:29.0785 2544  Scan started
23:07:29.0785 2544  Mode: Manual; SigCheck; TDLFS;
23:07:29.0785 2544  ============================================================
23:07:30.0253 2544  ================ Scan system memory ========================
23:07:30.0253 2544  System memory - ok
23:07:30.0253 2544  ================ Scan services =============================
23:07:30.0939 2544  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:07:31.0048 2544  1394ohci - ok
23:07:31.0126 2544  [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Professional.9.0 C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
23:07:31.0157 2544  ABBYY.Licensing.FineReader.Professional.9.0 - ok
23:07:31.0189 2544  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
23:07:31.0438 2544  acedrv11 - ok
23:07:31.0454 2544  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:07:31.0469 2544  ACPI - ok
23:07:31.0485 2544  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
23:07:31.0547 2544  AcpiPmi - ok
23:07:31.0594 2544  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:07:31.0610 2544  AdobeARMservice - ok
23:07:31.0657 2544  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:07:31.0672 2544  AdobeFlashPlayerUpdateSvc - ok
23:07:31.0719 2544  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
23:07:31.0735 2544  adp94xx - ok
23:07:31.0750 2544  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
23:07:31.0766 2544  adpahci - ok
23:07:31.0766 2544  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
23:07:31.0781 2544  adpu320 - ok
23:07:31.0797 2544  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
23:07:31.0828 2544  AeLookupSvc - ok
23:07:31.0906 2544  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
23:07:31.0953 2544  AFD - ok
23:07:31.0984 2544  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
23:07:32.0000 2544  agp440 - ok
23:07:32.0031 2544  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
23:07:32.0047 2544  aic78xx - ok
23:07:32.0109 2544  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
23:07:32.0140 2544  ALG - ok
23:07:32.0156 2544  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:07:32.0171 2544  aliide - ok
23:07:32.0187 2544  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:07:32.0203 2544  amdagp - ok
23:07:32.0203 2544  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:07:32.0218 2544  amdide - ok
23:07:32.0249 2544  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
23:07:32.0281 2544  AmdK8 - ok
23:07:32.0296 2544  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:07:32.0327 2544  AmdPPM - ok
23:07:32.0359 2544  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\Windows\system32\drivers\amdsata.sys
23:07:32.0374 2544  amdsata - ok
23:07:32.0374 2544  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:07:32.0405 2544  amdsbs - ok
23:07:32.0421 2544  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
23:07:32.0421 2544  amdxata - ok
23:07:32.0468 2544  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:07:32.0468 2544  AntiVirSchedulerService - ok
23:07:32.0499 2544  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:07:32.0515 2544  AntiVirService - ok
23:07:32.0515 2544  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
23:07:32.0608 2544  AppID - ok
23:07:32.0639 2544  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:07:32.0686 2544  AppIDSvc - ok
23:07:32.0717 2544  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
23:07:32.0733 2544  Appinfo - ok
23:07:32.0764 2544  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
23:07:32.0780 2544  arc - ok
23:07:32.0780 2544  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:07:32.0780 2544  arcsas - ok
23:07:32.0811 2544  [ 6C0B68F7CF64A3D4BC2D81F82BFBBB96 ] asahci32        C:\Windows\system32\DRIVERS\asahci32.sys
23:07:32.0827 2544  asahci32 - ok
23:07:32.0842 2544  [ 42DC01802E752E4A29702E4F9F095045 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
23:07:32.0873 2544  asmthub3 - ok
23:07:32.0905 2544  [ ED5A68031DABDF981A418A34B35A9CE6 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
23:07:32.0951 2544  asmtxhci - ok
23:07:32.0967 2544  [ 46658EE12F6924E832697581FDD0E659 ] AsrAppCharger  C:\Windows\system32\DRIVERS\AsrAppCharger.sys
23:07:32.0983 2544  AsrAppCharger - ok
23:07:33.0014 2544  AsrCDDrv - ok
23:07:33.0061 2544  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:07:33.0139 2544  AsyncMac - ok
23:07:33.0154 2544  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
23:07:33.0154 2544  atapi - ok
23:07:33.0185 2544  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:07:33.0232 2544  AudioEndpointBuilder - ok
23:07:33.0232 2544  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:07:33.0263 2544  Audiosrv - ok
23:07:33.0279 2544  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:07:33.0295 2544  avgntflt - ok
23:07:33.0310 2544  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:07:33.0310 2544  avipbb - ok
23:07:33.0326 2544  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:07:33.0326 2544  avkmgr - ok
23:07:33.0357 2544  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:07:33.0419 2544  AxInstSV - ok
23:07:33.0451 2544  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
23:07:33.0482 2544  b06bdrv - ok
23:07:33.0497 2544  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:07:33.0513 2544  b57nd60x - ok
23:07:33.0544 2544  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:07:33.0560 2544  BDESVC - ok
23:07:33.0591 2544  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:07:33.0607 2544  Beep - ok
23:07:33.0638 2544  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
23:07:33.0669 2544  BFE - ok
23:07:33.0700 2544  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
23:07:33.0731 2544  BITS - ok
23:07:33.0778 2544  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:07:33.0794 2544  blbdrive - ok
23:07:33.0809 2544  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:07:33.0856 2544  bowser - ok
23:07:33.0856 2544  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:07:33.0919 2544  BrFiltLo - ok
23:07:33.0934 2544  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:07:33.0950 2544  BrFiltUp - ok
23:07:33.0981 2544  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
23:07:34.0012 2544  Browser - ok
23:07:34.0028 2544  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
23:07:34.0059 2544  Brserid - ok
23:07:34.0075 2544  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:07:34.0090 2544  BrSerWdm - ok
23:07:34.0106 2544  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:07:34.0121 2544  BrUsbMdm - ok
23:07:34.0137 2544  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:07:34.0153 2544  BrUsbSer - ok
23:07:34.0168 2544  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:07:34.0199 2544  BTHMODEM - ok
23:07:34.0231 2544  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
23:07:34.0277 2544  bthserv - ok
23:07:34.0309 2544  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:07:34.0340 2544  cdfs - ok
23:07:34.0355 2544  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
23:07:34.0371 2544  cdrom - ok
23:07:34.0418 2544  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
23:07:34.0449 2544  CertPropSvc - ok
23:07:34.0465 2544  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:07:34.0480 2544  circlass - ok
23:07:34.0511 2544  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
23:07:34.0527 2544  CLFS - ok
23:07:34.0589 2544  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:07:34.0605 2544  clr_optimization_v2.0.50727_32 - ok
23:07:34.0730 2544  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:07:34.0792 2544  clr_optimization_v4.0.30319_32 - ok
23:07:34.0808 2544  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:07:34.0839 2544  CmBatt - ok
23:07:34.0855 2544  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:07:34.0855 2544  cmdide - ok
23:07:34.0901 2544  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\Windows\system32\Drivers\cng.sys
23:07:34.0917 2544  CNG - ok
23:07:34.0964 2544  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:07:34.0964 2544  Compbatt - ok
23:07:34.0995 2544  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:07:35.0026 2544  CompositeBus - ok
23:07:35.0042 2544  COMSysApp - ok
23:07:35.0104 2544  [ 7730B883EBB41A576E62E42692395ABA ] cphs            C:\Windows\system32\IntelCpHeciSvc.exe
23:07:35.0120 2544  cphs - ok
23:07:35.0135 2544  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
23:07:35.0135 2544  crcdisk - ok
23:07:35.0182 2544  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:07:35.0213 2544  CryptSvc - ok
23:07:35.0260 2544  [ 5A639B2B630B572FFE9B72448A8A514D ] DBService      C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
23:07:35.0276 2544  DBService - ok
23:07:35.0307 2544  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:07:35.0354 2544  DcomLaunch - ok
23:07:35.0385 2544  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
23:07:35.0416 2544  defragsvc - ok
23:07:35.0463 2544  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:07:35.0494 2544  DfsC - ok
23:07:35.0525 2544  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:07:35.0572 2544  Dhcp - ok
23:07:35.0603 2544  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
23:07:35.0650 2544  discache - ok
23:07:35.0666 2544  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:07:35.0666 2544  Disk - ok
23:07:35.0681 2544  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:07:35.0713 2544  Dnscache - ok
23:07:35.0744 2544  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
23:07:35.0775 2544  dot3svc - ok
23:07:35.0806 2544  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
23:07:35.0853 2544  DPS - ok
23:07:35.0884 2544  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
23:07:35.0915 2544  drmkaud - ok
23:07:35.0947 2544  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
23:07:35.0962 2544  DXGKrnl - ok
23:07:35.0978 2544  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
23:07:36.0025 2544  EapHost - ok
23:07:36.0103 2544  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
23:07:36.0196 2544  ebdrv - ok
23:07:36.0212 2544  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
23:07:36.0227 2544  EFS - ok
23:07:36.0259 2544  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
23:07:36.0305 2544  ehRecvr - ok
23:07:36.0321 2544  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
23:07:36.0352 2544  ehSched - ok
23:07:36.0399 2544  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
23:07:36.0415 2544  elxstor - ok
23:07:36.0430 2544  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:07:36.0446 2544  ErrDev - ok
23:07:36.0477 2544  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
23:07:36.0508 2544  EventSystem - ok
23:07:36.0539 2544  [ E66710639A292F6341D63B01EE8E8037 ] ewsercd        C:\Windows\system32\DRIVERS\ewsercd.sys
23:07:36.0555 2544  ewsercd - ok
23:07:36.0586 2544  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
23:07:36.0617 2544  exfat - ok
23:07:36.0649 2544  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
23:07:36.0680 2544  fastfat - ok
23:07:36.0711 2544  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
23:07:36.0742 2544  Fax - ok
23:07:36.0758 2544  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
23:07:36.0773 2544  fdc - ok
23:07:36.0789 2544  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
23:07:36.0836 2544  fdPHost - ok
23:07:36.0836 2544  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
23:07:36.0867 2544  FDResPub - ok
23:07:36.0883 2544  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:07:36.0883 2544  FileInfo - ok
23:07:36.0883 2544  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
23:07:36.0914 2544  Filetrace - ok
23:07:36.0945 2544  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:07:36.0945 2544  flpydisk - ok
23:07:36.0976 2544  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:07:36.0976 2544  FltMgr - ok
23:07:37.0007 2544  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache      C:\Windows\system32\FntCache.dll
23:07:37.0039 2544  FontCache - ok
23:07:37.0085 2544  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:07:37.0101 2544  FontCache3.0.0.0 - ok
23:07:37.0117 2544  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
23:07:37.0132 2544  FsDepends - ok
23:07:37.0148 2544  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:07:37.0148 2544  Fs_Rec - ok
23:07:37.0179 2544  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:07:37.0195 2544  fvevol - ok
23:07:37.0210 2544  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:07:37.0226 2544  gagp30kx - ok
23:07:37.0241 2544  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
23:07:37.0273 2544  gpsvc - ok
23:07:37.0304 2544  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:07:37.0335 2544  hcw85cir - ok
23:07:37.0366 2544  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:07:37.0382 2544  HdAudAddService - ok
23:07:37.0413 2544  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:07:37.0429 2544  HDAudBus - ok
23:07:37.0460 2544  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
23:07:37.0475 2544  HidBatt - ok
23:07:37.0491 2544  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:07:37.0507 2544  HidBth - ok
23:07:37.0522 2544  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
23:07:37.0569 2544  HidIr - ok
23:07:37.0585 2544  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
23:07:37.0616 2544  hidserv - ok
23:07:37.0663 2544  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:07:37.0678 2544  HidUsb - ok
23:07:37.0694 2544  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:07:37.0741 2544  hkmsvc - ok
23:07:37.0772 2544  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:07:37.0803 2544  HomeGroupListener - ok
23:07:37.0834 2544  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:07:37.0865 2544  HomeGroupProvider - ok
23:07:37.0897 2544  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:07:37.0897 2544  HpSAMD - ok
23:07:37.0943 2544  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:07:37.0975 2544  HTTP - ok
23:07:38.0006 2544  [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:07:38.0021 2544  hwdatacard - ok
23:07:38.0037 2544  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:07:38.0053 2544  hwpolicy - ok
23:07:38.0068 2544  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:07:38.0084 2544  i8042prt - ok
23:07:38.0115 2544  [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:07:38.0131 2544  iaStor - ok
23:07:38.0193 2544  [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:07:38.0193 2544  IAStorDataMgrSvc - ok
23:07:38.0224 2544  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
23:07:38.0240 2544  iaStorV - ok
23:07:38.0287 2544  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:07:38.0318 2544  idsvc - ok
23:07:38.0521 2544  [ 1A8CBB05037285B76389FB9441AB42F6 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
23:07:38.0817 2544  igfx - ok
23:07:38.0848 2544  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
23:07:38.0864 2544  iirsp - ok
23:07:38.0911 2544  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:07:38.0957 2544  IKEEXT - ok
23:07:39.0051 2544  [ F2C17D2C3D70C389193D9954E375E5E3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:07:39.0098 2544  IntcAzAudAddService - ok
23:07:39.0145 2544  [ 7081EFE4EBF9CBBFF4EB5A3AC478DDC5 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:07:39.0160 2544  IntcDAud - ok
23:07:39.0191 2544  [ CD0943496A57B1DCDBDDA588FA432A2F ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
23:07:39.0223 2544  Intel(R) Capability Licensing Service Interface - ok
23:07:39.0238 2544  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:07:39.0238 2544  intelide - ok
23:07:39.0269 2544  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:07:39.0285 2544  intelppm - ok
23:07:39.0301 2544  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
23:07:39.0332 2544  IPBusEnum - ok
23:07:39.0347 2544  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:07:39.0363 2544  IpFilterDriver - ok
23:07:39.0394 2544  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:07:39.0441 2544  iphlpsvc - ok
23:07:39.0457 2544  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
23:07:39.0472 2544  IPMIDRV - ok
23:07:39.0488 2544  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
23:07:39.0519 2544  IPNAT - ok
23:07:39.0550 2544  [ 9F7E491FB0BA0F9E370163834FC1FE31 ] irda            C:\Windows\system32\DRIVERS\irda.sys
23:07:39.0581 2544  irda - ok
23:07:39.0597 2544  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:07:39.0628 2544  IRENUM - ok
23:07:39.0644 2544  [ 4220D2F03D5C4226D0A1AA4B84025E45 ] Irmon          C:\Windows\System32\irmon.dll
23:07:39.0659 2544  Irmon - ok
23:07:39.0691 2544  [ D04DA73127FFED720DFC4EB673A23E04 ] irsir          C:\Windows\system32\DRIVERS\irsir.sys
23:07:39.0706 2544  irsir - ok
23:07:39.0722 2544  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:07:39.0737 2544  isapnp - ok
23:07:39.0737 2544  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:07:39.0753 2544  iScsiPrt - ok
23:07:39.0784 2544  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:07:39.0784 2544  kbdclass - ok
23:07:39.0800 2544  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:07:39.0831 2544  kbdhid - ok
23:07:39.0862 2544  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
23:07:39.0878 2544  KeyIso - ok
23:07:39.0893 2544  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:07:39.0909 2544  KSecDD - ok
23:07:39.0909 2544  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
23:07:39.0925 2544  KSecPkg - ok
23:07:39.0956 2544  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
23:07:39.0987 2544  KtmRm - ok
23:07:40.0018 2544  [ AF87B68B1C23FE8C69808C4FFBD13ED7 ] L1C            C:\Windows\system32\DRIVERS\L1C62x86.sys
23:07:40.0018 2544  L1C - ok
23:07:40.0049 2544  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:07:40.0081 2544  LanmanServer - ok
23:07:40.0127 2544  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:07:40.0174 2544  LanmanWorkstation - ok
23:07:40.0205 2544  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:07:40.0221 2544  lltdio - ok
23:07:40.0252 2544  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
23:07:40.0268 2544  lltdsvc - ok
23:07:40.0283 2544  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
23:07:40.0315 2544  lmhosts - ok
23:07:40.0330 2544  [ 1536D1C328E1B32E962DDBCEA70C74A6 ] LMS            C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:07:40.0346 2544  LMS - ok
23:07:40.0377 2544  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:07:40.0377 2544  LSI_FC - ok
23:07:40.0377 2544  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
23:07:40.0393 2544  LSI_SAS - ok
23:07:40.0408 2544  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:07:40.0408 2544  LSI_SAS2 - ok
23:07:40.0424 2544  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:07:40.0424 2544  LSI_SCSI - ok
23:07:40.0439 2544  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
23:07:40.0471 2544  luafv - ok
23:07:40.0486 2544  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
23:07:40.0502 2544  MBAMProtector - ok
23:07:40.0533 2544  [ 43683E970F008C93C9429EF428147A54 ] MBAMService    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:07:40.0549 2544  MBAMService - ok
23:07:40.0595 2544  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
23:07:40.0611 2544  McComponentHostService - ok
23:07:40.0642 2544  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
23:07:40.0673 2544  Mcx2Svc - ok
23:07:40.0689 2544  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
23:07:40.0705 2544  megasas - ok
23:07:40.0720 2544  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:07:40.0736 2544  MegaSR - ok
23:07:40.0767 2544  [ 240D715CFE4FB8F4CDA76F6863E62334 ] MEI            C:\Windows\system32\DRIVERS\HECI.sys
23:07:40.0814 2544  MEI - ok
23:07:40.0861 2544  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:07:40.0876 2544  Microsoft Office Groove Audit Service - ok
23:07:40.0892 2544  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
23:07:40.0923 2544  MMCSS - ok
23:07:40.0939 2544  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
23:07:40.0970 2544  Modem - ok
23:07:41.0001 2544  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
23:07:41.0017 2544  monitor - ok
23:07:41.0032 2544  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:07:41.0032 2544  mouclass - ok
23:07:41.0048 2544  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:07:41.0079 2544  mouhid - ok
23:07:41.0095 2544  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:07:41.0110 2544  mountmgr - ok
23:07:41.0141 2544  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:07:41.0157 2544  MozillaMaintenance - ok
23:07:41.0173 2544  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:07:41.0188 2544  mpio - ok
23:07:41.0204 2544  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:07:41.0235 2544  mpsdrv - ok
23:07:41.0266 2544  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:07:41.0297 2544  MpsSvc - ok
23:07:41.0313 2544  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:07:41.0329 2544  MRxDAV - ok
23:07:41.0344 2544  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:07:41.0375 2544  mrxsmb - ok
23:07:41.0407 2544  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:07:41.0422 2544  mrxsmb10 - ok
23:07:41.0438 2544  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:07:41.0453 2544  mrxsmb20 - ok
23:07:41.0469 2544  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
23:07:41.0469 2544  msahci - ok
23:07:41.0500 2544  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
23:07:41.0500 2544  msdsm - ok
23:07:41.0531 2544  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
23:07:41.0547 2544  MSDTC - ok
23:07:41.0578 2544  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:07:41.0609 2544  Msfs - ok
23:07:41.0641 2544  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
23:07:41.0672 2544  mshidkmdf - ok
23:07:41.0687 2544  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:07:41.0703 2544  msisadrv - ok
23:07:41.0734 2544  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
23:07:41.0765 2544  MSiSCSI - ok
23:07:41.0765 2544  msiserver - ok
23:07:41.0781 2544  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
23:07:41.0812 2544  MSKSSRV - ok
23:07:41.0828 2544  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:07:41.0859 2544  MSPCLOCK - ok
23:07:41.0859 2544  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
23:07:41.0890 2544  MSPQM - ok
23:07:41.0906 2544  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
23:07:41.0906 2544  MsRPC - ok
23:07:41.0921 2544  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:07:41.0921 2544  mssmbios - ok
23:07:41.0937 2544  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
23:07:41.0953 2544  MSTEE - ok
23:07:41.0968 2544  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:07:41.0968 2544  MTConfig - ok
23:07:41.0968 2544  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
23:07:41.0984 2544  Mup - ok
23:07:41.0999 2544  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
23:07:42.0046 2544  napagent - ok
23:07:42.0077 2544  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
23:07:42.0093 2544  NativeWifiP - ok
23:07:42.0124 2544  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:07:42.0140 2544  NDIS - ok
23:07:42.0155 2544  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
23:07:42.0171 2544  NdisCap - ok
23:07:42.0187 2544  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:07:42.0233 2544  NdisTapi - ok
23:07:42.0265 2544  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
23:07:42.0280 2544  Ndisuio - ok
23:07:42.0296 2544  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
23:07:42.0327 2544  NdisWan - ok
23:07:42.0343 2544  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
23:07:42.0358 2544  NDProxy - ok
23:07:42.0421 2544  [ 6D4028D458EAAA1782099750790DC8C9 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
23:07:42.0452 2544  Nero BackItUp Scheduler 3 - ok
23:07:42.0467 2544  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
23:07:42.0499 2544  NetBIOS - ok
23:07:42.0530 2544  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
23:07:42.0561 2544  NetBT - ok
23:07:42.0577 2544  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
23:07:42.0592 2544  Netlogon - ok
23:07:42.0608 2544  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
23:07:42.0670 2544  Netman - ok
23:07:42.0670 2544  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
23:07:42.0717 2544  netprofm - ok
23:07:42.0733 2544  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:07:42.0733 2544  NetTcpPortSharing - ok
23:07:42.0764 2544  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
23:07:42.0764 2544  nfrd960 - ok
23:07:42.0795 2544  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:07:42.0811 2544  NlaSvc - ok
23:07:42.0857 2544  [ D36107465E716CF2335A25C54B6D11C2 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
23:07:42.0873 2544  NMIndexingService - ok
23:07:42.0889 2544  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:07:42.0920 2544  Npfs - ok
23:07:42.0935 2544  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
23:07:42.0967 2544  nsi - ok
23:07:42.0967 2544  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:07:42.0998 2544  nsiproxy - ok
23:07:43.0045 2544  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:07:43.0091 2544  Ntfs - ok
23:07:43.0107 2544  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
23:07:43.0138 2544  Null - ok
23:07:43.0154 2544  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:07:43.0154 2544  nvraid - ok
23:07:43.0185 2544  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:07:43.0185 2544  nvstor - ok
23:07:43.0216 2544  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:07:43.0216 2544  nv_agp - ok
23:07:43.0294 2544  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:07:43.0325 2544  odserv - ok
23:07:43.0341 2544  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:07:43.0357 2544  ohci1394 - ok
23:07:43.0403 2544  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:07:43.0419 2544  ose - ok
23:07:43.0435 2544  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:07:43.0481 2544  p2pimsvc - ok
23:07:43.0513 2544  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:07:43.0544 2544  p2psvc - ok
23:07:43.0559 2544  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
23:07:43.0591 2544  Parport - ok
23:07:43.0606 2544  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
23:07:43.0622 2544  partmgr - ok
23:07:43.0622 2544  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
23:07:43.0653 2544  Parvdm - ok
23:07:43.0669 2544  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:07:43.0700 2544  PcaSvc - ok
23:07:43.0700 2544  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
23:07:43.0715 2544  pci - ok
23:07:43.0747 2544  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
23:07:43.0762 2544  pciide - ok
23:07:43.0778 2544  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:07:43.0793 2544  pcmcia - ok
23:07:43.0809 2544  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
23:07:43.0825 2544  pcw - ok
23:07:43.0856 2544  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:07:43.0871 2544  PEAUTH - ok
23:07:43.0918 2544  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
23:07:43.0981 2544  pla - ok
23:07:44.0027 2544  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:07:44.0059 2544  PlugPlay - ok
23:07:44.0074 2544  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
23:07:44.0105 2544  PNRPAutoReg - ok
23:07:44.0137 2544  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
23:07:44.0168 2544  PNRPsvc - ok
23:07:44.0183 2544  [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32        C:\Windows\system32\DRIVERS\point32.sys
23:07:44.0183 2544  Point32 - ok
23:07:44.0215 2544  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
23:07:44.0261 2544  PolicyAgent - ok
23:07:44.0277 2544  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
23:07:44.0308 2544  Power - ok
23:07:44.0339 2544  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:07:44.0371 2544  PptpMiniport - ok
23:07:44.0371 2544  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
23:07:44.0386 2544  Processor - ok
23:07:44.0417 2544  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\Windows\system32\profsvc.dll
23:07:44.0433 2544  ProfSvc - ok
23:07:44.0449 2544  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:07:44.0464 2544  ProtectedStorage - ok
23:07:44.0480 2544  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:07:44.0495 2544  Psched - ok
23:07:44.0542 2544  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:07:44.0589 2544  ql2300 - ok
23:07:44.0620 2544  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:07:44.0636 2544  ql40xx - ok
23:07:44.0651 2544  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
23:07:44.0667 2544  QWAVE - ok
23:07:44.0683 2544  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:07:44.0698 2544  QWAVEdrv - ok
23:07:44.0714 2544  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:07:44.0745 2544  RasAcd - ok
23:07:44.0761 2544  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
23:07:44.0792 2544  RasAgileVpn - ok
23:07:44.0792 2544  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
23:07:44.0823 2544  RasAuto - ok
23:07:44.0839 2544  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
23:07:44.0854 2544  Rasl2tp - ok
23:07:44.0885 2544  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
23:07:44.0901 2544  RasMan - ok
23:07:44.0901 2544  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:07:44.0932 2544  RasPppoe - ok
23:07:44.0948 2544  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
23:07:44.0963 2544  RasSstp - ok
23:07:44.0995 2544  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
23:07:45.0010 2544  rdbss - ok
23:07:45.0010 2544  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:07:45.0041 2544  rdpbus - ok
23:07:45.0041 2544  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:07:45.0073 2544  RDPCDD - ok
23:07:45.0104 2544  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:07:45.0135 2544  RDPENCDD - ok
23:07:45.0151 2544  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:07:45.0182 2544  RDPREFMP - ok
23:07:45.0213 2544  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
23:07:45.0244 2544  RDPWD - ok
23:07:45.0275 2544  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:07:45.0291 2544  rdyboost - ok
23:07:45.0322 2544  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:07:45.0338 2544  RemoteAccess - ok
23:07:45.0353 2544  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:07:45.0385 2544  RemoteRegistry - ok
23:07:45.0400 2544  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:07:45.0431 2544  RpcEptMapper - ok
23:07:45.0447 2544  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
23:07:45.0463 2544  RpcLocator - ok
23:07:45.0463 2544  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
23:07:45.0494 2544  RpcSs - ok
23:07:45.0509 2544  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:07:45.0525 2544  rspndr - ok
23:07:45.0556 2544  [ 83E64D86A4D888D973DE824780567518 ] RTL8192su      C:\Windows\system32\DRIVERS\RTL8192su.sys
23:07:45.0572 2544  RTL8192su - ok
23:07:45.0587 2544  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
23:07:45.0587 2544  SamSs - ok
23:07:45.0619 2544  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:07:45.0619 2544  sbp2port - ok
23:07:45.0650 2544  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:07:45.0665 2544  SCardSvr - ok
23:07:45.0681 2544  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:07:45.0712 2544  scfilter - ok
23:07:45.0743 2544  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
23:07:45.0775 2544  Schedule - ok
23:07:45.0790 2544  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
23:07:45.0821 2544  SCPolicySvc - ok
23:07:45.0837 2544  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:07:45.0853 2544  SDRSVC - ok
23:07:45.0884 2544  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:07:45.0899 2544  secdrv - ok
23:07:45.0915 2544  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
23:07:45.0946 2544  seclogon - ok
23:07:45.0962 2544  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
23:07:45.0993 2544  SENS - ok
23:07:46.0009 2544  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:07:46.0040 2544  SensrSvc - ok
23:07:46.0055 2544  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
23:07:46.0087 2544  Serenum - ok
23:07:46.0102 2544  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:07:46.0118 2544  Serial - ok
23:07:46.0133 2544  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:07:46.0165 2544  sermouse - ok
23:07:46.0196 2544  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:07:46.0243 2544  SessionEnv - ok
23:07:46.0258 2544  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
23:07:46.0289 2544  sffdisk - ok
23:07:46.0289 2544  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:07:46.0305 2544  sffp_mmc - ok
23:07:46.0321 2544  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
23:07:46.0336 2544  sffp_sd - ok
23:07:46.0352 2544  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
23:07:46.0383 2544  sfloppy - ok
23:07:46.0399 2544  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:07:46.0430 2544  SharedAccess - ok
23:07:46.0445 2544  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:07:46.0477 2544  ShellHWDetection - ok
23:07:46.0492 2544  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:07:46.0508 2544  sisagp - ok
23:07:46.0523 2544  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:07:46.0523 2544  SiSRaid2 - ok
23:07:46.0555 2544  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:07:46.0570 2544  SiSRaid4 - ok
23:07:46.0586 2544  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
23:07:46.0617 2544  Smb - ok
23:07:46.0648 2544  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:07:46.0664 2544  SNMPTRAP - ok
23:07:46.0679 2544  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
23:07:46.0679 2544  spldr - ok
23:07:46.0695 2544  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\Windows\System32\spoolsv.exe
23:07:46.0726 2544  Spooler - ok
23:07:46.0789 2544  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:07:46.0867 2544  sppsvc - ok
23:07:46.0882 2544  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
23:07:46.0929 2544  sppuinotify - ok
23:07:46.0960 2544  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
23:07:46.0991 2544  srv - ok
23:07:47.0007 2544  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:07:47.0023 2544  srv2 - ok
23:07:47.0023 2544  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:07:47.0038 2544  srvnet - ok
23:07:47.0054 2544  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
23:07:47.0085 2544  SSDPSRV - ok
23:07:47.0101 2544  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
23:07:47.0101 2544  ssmdrv - ok
23:07:47.0116 2544  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
23:07:47.0147 2544  SstpSvc - ok
23:07:47.0147 2544  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:07:47.0163 2544  stexstor - ok
23:07:47.0194 2544  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:07:47.0225 2544  StiSvc - ok
23:07:47.0241 2544  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:07:47.0241 2544  swenum - ok
23:07:47.0272 2544  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
23:07:47.0303 2544  swprv - ok
23:07:47.0335 2544  [ CD77FD9B0071D2F36B14CC23DDE1AAD0 ] SXDS10          C:\Program Files\Common Files\soft Xpansion\sxds10.exe
23:07:47.0335 2544  SXDS10 ( UnsignedFile.Multi.Generic ) - warning
23:07:47.0335 2544  SXDS10 - detected UnsignedFile.Multi.Generic (1)
23:07:47.0366 2544  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
23:07:47.0413 2544  SysMain - ok
23:07:47.0413 2544  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:07:47.0444 2544  TabletInputService - ok
23:07:47.0459 2544  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
23:07:47.0491 2544  TapiSrv - ok
23:07:47.0506 2544  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
23:07:47.0522 2544  TBS - ok
23:07:47.0553 2544  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
23:07:47.0600 2544  Tcpip - ok
23:07:47.0631 2544  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:07:47.0647 2544  TCPIP6 - ok
23:07:47.0678 2544  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:07:47.0725 2544  tcpipreg - ok
23:07:47.0740 2544  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:07:47.0771 2544  TDPIPE - ok
23:07:47.0787 2544  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
23:07:47.0818 2544  TDTCP - ok
23:07:47.0834 2544  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
23:07:47.0865 2544  tdx - ok
23:07:47.0896 2544  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:07:47.0896 2544  TermDD - ok
23:07:47.0927 2544  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
23:07:47.0959 2544  TermService - ok
23:07:47.0974 2544  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
23:07:48.0005 2544  Themes - ok
23:07:48.0005 2544  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
23:07:48.0021 2544  THREADORDER - ok
23:07:48.0052 2544  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
23:07:48.0083 2544  TrkWks - ok
23:07:48.0115 2544  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:07:48.0161 2544  TrustedInstaller - ok
23:07:48.0193 2544  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:07:48.0208 2544  tssecsrv - ok
23:07:48.0224 2544  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:07:48.0255 2544  TsUsbFlt - ok
23:07:48.0271 2544  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:07:48.0302 2544  tunnel - ok
23:07:48.0317 2544  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:07:48.0317 2544  uagp35 - ok
23:07:48.0349 2544  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:07:48.0380 2544  udfs - ok
23:07:48.0395 2544  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
23:07:48.0411 2544  UI0Detect - ok
23:07:48.0442 2544  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:07:48.0458 2544  uliagpkx - ok
23:07:48.0473 2544  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
23:07:48.0473 2544  umbus - ok
23:07:48.0489 2544  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:07:48.0505 2544  UmPass - ok
23:07:48.0551 2544  [ 3D9D81B434031EB92744AFB329D6E4F1 ] UNS            C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:07:48.0567 2544  UNS - ok
23:07:48.0583 2544  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
23:07:48.0645 2544  upnphost - ok
23:07:48.0661 2544  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
23:07:48.0692 2544  usbccgp - ok
23:07:48.0723 2544  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:07:48.0739 2544  usbcir - ok
23:07:48.0754 2544  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
23:07:48.0770 2544  usbehci - ok
23:07:48.0801 2544  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:07:48.0817 2544  usbhub - ok
23:07:48.0832 2544  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
23:07:48.0832 2544  usbohci - ok
23:07:48.0848 2544  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:07:48.0879 2544  usbprint - ok
23:07:48.0895 2544  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
23:07:48.0910 2544  usbscan - ok
23:07:48.0926 2544  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:07:48.0941 2544  USBSTOR - ok
23:07:48.0957 2544  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
23:07:48.0957 2544  usbuhci - ok
23:07:48.0973 2544  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
23:07:49.0004 2544  UxSms - ok
23:07:49.0004 2544  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
23:07:49.0019 2544  VaultSvc - ok
23:07:49.0035 2544  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:07:49.0051 2544  vdrvroot - ok
23:07:49.0066 2544  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
23:07:49.0113 2544  vds - ok
23:07:49.0113 2544  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
23:07:49.0144 2544  vga - ok
23:07:49.0160 2544  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
23:07:49.0191 2544  VgaSave - ok
23:07:49.0222 2544  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
23:07:49.0238 2544  vhdmp - ok
23:07:49.0253 2544  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:07:49.0269 2544  viaagp - ok
23:07:49.0269 2544  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
23:07:49.0300 2544  ViaC7 - ok
23:07:49.0316 2544  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
23:07:49.0316 2544  viaide - ok
23:07:49.0331 2544  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:07:49.0331 2544  volmgr - ok
23:07:49.0347 2544  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
23:07:49.0363 2544  volmgrx - ok
23:07:49.0378 2544  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
23:07:49.0378 2544  volsnap - ok
23:07:49.0409 2544  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
23:07:49.0425 2544  vsmraid - ok
23:07:49.0456 2544  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
23:07:49.0487 2544  VSS - ok
23:07:49.0487 2544  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:07:49.0519 2544  vwifibus - ok
23:07:49.0519 2544  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:07:49.0534 2544  vwififlt - ok
23:07:49.0565 2544  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
23:07:49.0597 2544  W32Time - ok
23:07:49.0628 2544  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:07:49.0659 2544  WacomPen - ok
23:07:49.0690 2544  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:07:49.0737 2544  WANARP - ok
23:07:49.0737 2544  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:07:49.0753 2544  Wanarpv6 - ok
23:07:49.0784 2544  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
23:07:49.0831 2544  wbengine - ok
23:07:49.0862 2544  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:07:49.0877 2544  WbioSrvc - ok
23:07:49.0909 2544  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
23:07:49.0924 2544  wcncsvc - ok
23:07:49.0940 2544  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:07:49.0955 2544  WcsPlugInService - ok
23:07:49.0971 2544  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:07:49.0987 2544  Wd - ok
23:07:50.0002 2544  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:07:50.0018 2544  Wdf01000 - ok
23:07:50.0033 2544  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:07:50.0049 2544  WdiServiceHost - ok
23:07:50.0065 2544  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
23:07:50.0065 2544  WdiSystemHost - ok
23:07:50.0096 2544  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
23:07:50.0127 2544  WebClient - ok
23:07:50.0143 2544  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:07:50.0174 2544  Wecsvc - ok
23:07:50.0205 2544  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
23:07:50.0221 2544  wercplsupport - ok
23:07:50.0252 2544  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:07:50.0283 2544  WerSvc - ok
23:07:50.0314 2544  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:07:50.0345 2544  WfpLwf - ok
23:07:50.0345 2544  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:07:50.0361 2544  WIMMount - ok
23:07:50.0392 2544  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
23:07:50.0423 2544  WinDefend - ok
23:07:50.0423 2544  WinHttpAutoProxySvc - ok
23:07:50.0455 2544  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
23:07:50.0486 2544  Winmgmt - ok
23:07:50.0517 2544  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
23:07:50.0595 2544  WinRM - ok
23:07:50.0642 2544  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
23:07:50.0673 2544  Wlansvc - ok
23:07:50.0689 2544  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
23:07:50.0704 2544  WmiAcpi - ok
23:07:50.0720 2544  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:07:50.0751 2544  wmiApSrv - ok
23:07:50.0798 2544  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
23:07:50.0829 2544  WMPNetworkSvc - ok
23:07:50.0845 2544  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:07:50.0891 2544  WPCSvc - ok
23:07:50.0891 2544  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:07:50.0907 2544  WPDBusEnum - ok
23:07:50.0923 2544  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
23:07:50.0969 2544  ws2ifsl - ok
23:07:51.0001 2544  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:07:51.0032 2544  wscsvc - ok
23:07:51.0032 2544  WSearch - ok
23:07:51.0063 2544  [ 534C2D3D81B066FA24A075C224045654 ] WTGService      C:\Program Files\Verbindungsassistent\WTGService.exe
23:07:51.0079 2544  WTGService - ok
23:07:51.0141 2544  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:07:51.0235 2544  wuauserv - ok
23:07:51.0250 2544  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:07:51.0297 2544  WudfPf - ok
23:07:51.0313 2544  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:07:51.0328 2544  WUDFRd - ok
23:07:51.0359 2544  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
23:07:51.0375 2544  wudfsvc - ok
23:07:51.0391 2544  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
23:07:51.0422 2544  WwanSvc - ok
23:07:51.0453 2544  [ AD9DEE1257C7659083268F298890CE16 ] X6XSEx          C:\Program Files\Free Ride Games\X6XSEx.Sys
23:07:51.0469 2544  X6XSEx - ok
23:07:51.0469 2544  ================ Scan global ===============================
23:07:51.0500 2544  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:07:51.0531 2544  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
23:07:51.0531 2544  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
23:07:51.0562 2544  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:07:51.0578 2544  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:07:51.0593 2544  [Global] - ok
23:07:51.0593 2544  ================ Scan MBR ==================================
23:07:51.0593 2544  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:07:51.0859 2544  \Device\Harddisk0\DR0 - ok
23:07:51.0859 2544  ================ Scan VBR ==================================
23:07:51.0859 2544  [ 96C33EFEFCFAFC19C1F96A2450C30AB0 ] \Device\Harddisk0\DR0\Partition1
23:07:51.0859 2544  \Device\Harddisk0\DR0\Partition1 - ok
23:07:51.0890 2544  [ AF5AB8BFCEB76DFE588778FB09E5B3FE ] \Device\Harddisk0\DR0\Partition2
23:07:51.0890 2544  \Device\Harddisk0\DR0\Partition2 - ok
23:07:51.0921 2544  [ 65B67FC9219CEA115AEC11438613FDA3 ] \Device\Harddisk0\DR0\Partition3
23:07:51.0921 2544  \Device\Harddisk0\DR0\Partition3 - ok
23:07:51.0921 2544  ============================================================
23:07:51.0921 2544  Scan finished
23:07:51.0921 2544  ============================================================
23:07:51.0937 0248  Detected object count: 1
23:07:51.0937 0248  Actual detected object count: 1
23:11:09.0792 0248  SXDS10 ( UnsignedFile.Multi.Generic ) - skipped by user
23:11:09.0792 0248  SXDS10 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 06.09.2012 14:33
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Elektritze 06.09.2012 17:03
Hier das Combofix Log:

Code:
ComboFix 12-09-06.01 - Anwender 06.09.2012  17:48:30.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3050.2045 [GMT 2:00]
ausgeführt von:: c:\users\Anwender\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-06 bis 2012-09-06  ))))))))))))))))))))))))))))))
.
.
2012-09-06 15:52 . 2012-09-06 15:52        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-03 13:25 . 2012-09-03 13:25        --------        d-----w-        c:\program files\ESET
2012-08-31 15:01 . 2012-08-31 15:01        --------        d-----w-        c:\users\Anwender\AppData\Roaming\Malwarebytes
2012-08-31 15:01 . 2012-08-31 15:01        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-08-31 15:01 . 2012-08-31 15:01        --------        d-----w-        c:\programdata\Malwarebytes
2012-08-31 15:01 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-31 06:35 . 2012-08-31 14:52        --------        d-----w-        c:\programdata\AVAST Software
2012-08-31 06:35 . 2012-08-31 06:35        --------        d-----w-        c:\program files\AVAST Software
2012-08-31 06:30 . 2010-11-20 02:17        302592        ----a-w-        c:\windows\system32\utilman.exe
2012-08-30 19:40 . 2012-08-30 19:40        --------        d-----w-        c:\program files\Belkin
2012-08-30 19:40 . 2012-08-30 19:40        --------        d-----w-        c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}
2012-08-29 20:27 . 2012-08-31 16:18        --------        d-----w-        c:\users\Anwender\AppData\Roaming\Uurlrr
2012-08-29 08:46 . 2012-08-30 06:56        --------        d-----w-        c:\users\Anwender\Zrrlshn
2012-08-15 15:01 . 2012-07-18 17:47        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-08-15 15:01 . 2012-05-05 07:46        400896        ----a-w-        c:\windows\system32\srcore.dll
2012-08-15 15:01 . 2012-02-11 05:43        492032        ----a-w-        c:\windows\system32\win32spl.dll
2012-08-15 15:01 . 2012-02-11 05:37        317440        ----a-w-        c:\windows\system32\spoolsv.exe
2012-08-15 15:00 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\system32\browcli.dll
2012-08-15 15:00 . 2012-07-04 21:14        102912        ----a-w-        c:\windows\system32\browser.dll
2012-08-15 15:00 . 2012-05-14 04:33        769024        ----a-w-        c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 10:38 . 2012-07-07 15:26        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 10:38 . 2012-07-07 15:26        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-07 15:13 . 2012-07-07 15:13        257376        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\sxppdf6_p.dll
2012-07-07 07:24 . 2012-07-07 07:24        100224        ----a-w-        c:\windows\system32\drivers\ewsercd.sys
2012-07-04 14:29 . 2012-07-04 14:29        65536        ----a-r-        c:\users\Anwender\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2012-07-04 09:30 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-07-04 08:24 . 2012-07-04 08:24        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2012-07-04 08:24 . 2012-07-04 08:24        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-07-04 08:24 . 2012-07-04 08:24        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-07-04 08:24 . 2012-07-04 08:24        74752        ----a-w-        c:\windows\system32\iesetup.dll
2012-07-04 08:24 . 2012-07-04 08:24        63488        ----a-w-        c:\windows\system32\tdc.ocx
2012-07-04 08:24 . 2012-07-04 08:24        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-07-04 08:24 . 2012-07-04 08:24        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-07-04 08:24 . 2012-07-04 08:24        367104        ----a-w-        c:\windows\system32\html.iec
2012-07-04 08:24 . 2012-07-04 08:24        35840        ----a-w-        c:\windows\system32\imgutil.dll
2012-07-04 08:24 . 2012-07-04 08:24        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2012-07-04 08:24 . 2012-07-04 08:24        161792        ----a-w-        c:\windows\system32\msls31.dll
2012-07-04 08:24 . 2012-07-04 08:24        152064        ----a-w-        c:\windows\system32\wextract.exe
2012-07-04 08:24 . 2012-07-04 08:24        150528        ----a-w-        c:\windows\system32\iexpress.exe
2012-07-04 08:24 . 2012-07-04 08:24        11776        ----a-w-        c:\windows\system32\mshta.exe
2012-07-04 08:24 . 2012-07-04 08:24        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-07-04 08:24 . 2012-07-04 08:24        101888        ----a-w-        c:\windows\system32\admparse.dll
2012-06-19 14:54 . 2012-07-23 20:28        3240400        ----a-w-        c:\windows\system32\drivers\RTKVHDA.sys
2012-06-18 01:14 . 2012-07-04 08:22        6762896        ------w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{60FF4548-1A1F-4F18-A56F-FBC726E7A54B}\mpengine.dll
2012-08-02 11:09 . 2012-07-07 07:47        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BDA33FF0-AD30-4335-9082-D5967EADB37D}"= "c:\program files\DATA BECKER\PDF Genie 5.0\iexp32.dll" [2012-07-07 510608]
.
[HKEY_CLASSES_ROOT\clsid\{bda33ff0-ad30-4335-9082-d5967eadb37d}]
[HKEY_CLASSES_ROOT\PDF6IE.IEBarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EB97E8E-33AC-4872-B9EC-B9F0B91DE35B}]
[HKEY_CLASSES_ROOT\PDF6IE.IEBarBand]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-03-21 4862384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 144704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 180544]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 188224]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-03-21 4862384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logons]
2009-07-14 01:14        147456        ----a-w-        c:\users\Anwender\AppData\Roaming\logons.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AsrCDDrv;AsrCDDrv;c:\windows\system32\Drivers\AsrCDDrv.sys [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\system32\IntelCpHeciSvc.exe [x]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 asahci32;asahci32;c:\windows\system32\DRIVERS\asahci32.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WTGService;WTGService;c:\program files\Verbindungsassistent\WTGService.exe [x]
S2 X6XSEx;X6XSEx;c:\program files\Free Ride Games\X6XSEx.Sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 10:38]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000Core.job
- c:\users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 11:05]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000UA.job
- c:\users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 11:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredimail.com/mb135?a=6OyHcmxOed
mStart Page = hxxp://www.google.com
mWindow Title = Arcor AG & Co. KG
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb135?a=6PQIEfbfVV
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb134/?loc=ff_address_bar&a=6OyHcmxOed&search=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Arcor Online - (no file)
HKLM-Run-TaskTray - (no file)
HKLM-Run-Arcor Online - (no file)
MSConfigStartUp-4E5B272F - c:\users\Anwender\AppData\Roaming\Uurlrr\eueplelblu.exe
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-06  17:54:19
ComboFix-quarantined-files.txt  2012-09-06 15:54
.
Vor Suchlauf: 8 Verzeichnis(se), 212.368.490.496 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 213.100.015.616 Bytes frei
.
- - End Of File - - 47EA3A3A385DA7F4F4C00D9EA4549EF1
Kurze Zwischenfrage:
Kann ich zwischenzeitlich schon mal die verschlüsselten Dateien wiederherstellen (mittels Schattenkopien) oder ist das nicht so günstig...?

cosinus 06.09.2012 20:17
Mach dich an die Entschlüsselung ran wenn wir durch sind! Und bevor du irgendwas versuchst zu reparieren Backup der verschlüsselten Dateien machen bevor du noch mehr kaputtmachst!

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Folder::
c:\users\Anwender\AppData\Roaming\Uurlrr
c:\users\Anwender\Zrrlshn

Firefox::
FF - ProfilePath - c:\users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - http://mystart.incredimail.com/mb135?a=6PQIEfbfVV
FF - prefs.js: keyword.URL - http://mystart.incredimail.com/mb134/?loc=ff_address_bar&a=6OyHcmxOed&search=
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Elektritze 06.09.2012 22:28
Zitat:
Und bevor du irgendwas versuchst zu reparieren Backup der verschlüsselten Dateien machen bevor du noch mehr kaputtmachst!
Das ist aber jetzt ungerecht!!! Das ist doch gar nicht mein Rechner! Ich mache mir hier seit Tagen die Mühe, um einem Bekannten zu helfen... :schmoll:

Aber das konntest Du ja nicht wissen! ;-)

Hier also das Log:

Code:
ComboFix 12-09-06.02 - Anwender 06.09.2012  22:58:00.2.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3050.2084 [GMT 2:00]
ausgeführt von:: c:\users\Anwender\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Anwender\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Anwender\AppData\Roaming\Uurlrr
c:\users\Anwender\Zrrlshn
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-06 bis 2012-09-06  ))))))))))))))))))))))))))))))
.
.
2012-09-06 21:01 . 2012-09-06 21:01        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-03 13:25 . 2012-09-03 13:25        --------        d-----w-        c:\program files\ESET
2012-08-31 15:01 . 2012-08-31 15:01        --------        d-----w-        c:\users\Anwender\AppData\Roaming\Malwarebytes
2012-08-31 15:01 . 2012-08-31 15:01        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-08-31 15:01 . 2012-08-31 15:01        --------        d-----w-        c:\programdata\Malwarebytes
2012-08-31 15:01 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-31 06:35 . 2012-08-31 14:52        --------        d-----w-        c:\programdata\AVAST Software
2012-08-31 06:35 . 2012-08-31 06:35        --------        d-----w-        c:\program files\AVAST Software
2012-08-31 06:30 . 2010-11-20 02:17        302592        ----a-w-        c:\windows\system32\utilman.exe
2012-08-30 19:40 . 2012-08-30 19:40        --------        d-----w-        c:\program files\Belkin
2012-08-30 19:40 . 2012-08-30 19:40        --------        d-----w-        c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}
2012-08-15 15:01 . 2012-07-18 17:47        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-08-15 15:01 . 2012-05-05 07:46        400896        ----a-w-        c:\windows\system32\srcore.dll
2012-08-15 15:01 . 2012-02-11 05:43        492032        ----a-w-        c:\windows\system32\win32spl.dll
2012-08-15 15:01 . 2012-02-11 05:37        317440        ----a-w-        c:\windows\system32\spoolsv.exe
2012-08-15 15:00 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\system32\browcli.dll
2012-08-15 15:00 . 2012-07-04 21:14        102912        ----a-w-        c:\windows\system32\browser.dll
2012-08-15 15:00 . 2012-05-14 04:33        769024        ----a-w-        c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 10:38 . 2012-07-07 15:26        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 10:38 . 2012-07-07 15:26        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-07 15:13 . 2012-07-07 15:13        257376        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\sxppdf6_p.dll
2012-07-07 07:24 . 2012-07-07 07:24        100224        ----a-w-        c:\windows\system32\drivers\ewsercd.sys
2012-07-04 14:29 . 2012-07-04 14:29        65536        ----a-r-        c:\users\Anwender\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2012-07-04 09:30 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-07-04 08:24 . 2012-07-04 08:24        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2012-07-04 08:24 . 2012-07-04 08:24        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-07-04 08:24 . 2012-07-04 08:24        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-07-04 08:24 . 2012-07-04 08:24        74752        ----a-w-        c:\windows\system32\iesetup.dll
2012-07-04 08:24 . 2012-07-04 08:24        63488        ----a-w-        c:\windows\system32\tdc.ocx
2012-07-04 08:24 . 2012-07-04 08:24        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-07-04 08:24 . 2012-07-04 08:24        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-07-04 08:24 . 2012-07-04 08:24        367104        ----a-w-        c:\windows\system32\html.iec
2012-07-04 08:24 . 2012-07-04 08:24        35840        ----a-w-        c:\windows\system32\imgutil.dll
2012-07-04 08:24 . 2012-07-04 08:24        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2012-07-04 08:24 . 2012-07-04 08:24        161792        ----a-w-        c:\windows\system32\msls31.dll
2012-07-04 08:24 . 2012-07-04 08:24        152064        ----a-w-        c:\windows\system32\wextract.exe
2012-07-04 08:24 . 2012-07-04 08:24        150528        ----a-w-        c:\windows\system32\iexpress.exe
2012-07-04 08:24 . 2012-07-04 08:24        11776        ----a-w-        c:\windows\system32\mshta.exe
2012-07-04 08:24 . 2012-07-04 08:24        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-07-04 08:24 . 2012-07-04 08:24        101888        ----a-w-        c:\windows\system32\admparse.dll
2012-06-19 14:54 . 2012-07-23 20:28        3240400        ----a-w-        c:\windows\system32\drivers\RTKVHDA.sys
2012-06-18 01:14 . 2012-07-04 08:22        6762896        ------w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{60FF4548-1A1F-4F18-A56F-FBC726E7A54B}\mpengine.dll
2012-08-02 11:09 . 2012-07-07 07:47        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BDA33FF0-AD30-4335-9082-D5967EADB37D}"= "c:\program files\DATA BECKER\PDF Genie 5.0\iexp32.dll" [2012-07-07 510608]
.
[HKEY_CLASSES_ROOT\clsid\{bda33ff0-ad30-4335-9082-d5967eadb37d}]
[HKEY_CLASSES_ROOT\PDF6IE.IEBarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EB97E8E-33AC-4872-B9EC-B9F0B91DE35B}]
[HKEY_CLASSES_ROOT\PDF6IE.IEBarBand]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-03-21 4862384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 144704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 180544]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 188224]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-03-21 4862384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logons]
2009-07-14 01:14        147456        ----a-w-        c:\users\Anwender\AppData\Roaming\logons.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AsrCDDrv;AsrCDDrv;c:\windows\system32\Drivers\AsrCDDrv.sys [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\system32\IntelCpHeciSvc.exe [x]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 asahci32;asahci32;c:\windows\system32\DRIVERS\asahci32.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WTGService;WTGService;c:\program files\Verbindungsassistent\WTGService.exe [x]
S2 X6XSEx;X6XSEx;c:\program files\Free Ride Games\X6XSEx.Sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 10:38]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000Core.job
- c:\users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 11:05]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000UA.job
- c:\users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 11:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredimail.com/mb135?a=6OyHcmxOed
mStart Page = hxxp://www.google.com
mWindow Title = Arcor AG & Co. KG
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-06  23:03:02
ComboFix-quarantined-files.txt  2012-09-06 21:03
ComboFix2.txt  2012-09-06 15:54
.
Vor Suchlauf: 11 Verzeichnis(se), 213.193.719.808 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 212.906.954.752 Bytes frei
.
- - End Of File - - AA3C53E862C818ABA566555EC247D879

cosinus 07.09.2012 10:51
Zitat:
Das ist aber jetzt ungerecht!!! Das ist doch gar nicht mein Rechner! Ich mache mir hier seit Tagen die Mühe, um einem Bekannten zu helfen...
Was ist daran ungerecht und was sollte das daran ändern, dass es nicht dein Rechner ist? Ist doch piepegal wessen Rechner, bevor man versucht was zu entschlüsseln macht man nunmal Sicherheitskopien Punkt aus fertig!

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Elektritze 07.09.2012 12:55
Lieber cosinus,

Das "ungerecht" bezog sich auf diesen Teil Deiner Antwort:
Zitat:
bevor du noch mehr kaputtmachst!
- ich bin mir nicht bewußt, irgendwas kaputt gemacht zu haben (im Gegenteil!)
- ich habe ja nur vorsichtig nachgefragt, ob ich mit dem Entschlüsseln schon anfangen kann
- ich habe das in keinster Weise böse gemeint, nur spassig (hast Du den ";-)" nicht gesehen?
- ich weiss Deine Hilfe durchaus zu würdigen und bin Dir auch sehr dankbar dafür!!!

Also, "Nix für Ungut"! :)

Hier nun die Logs:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-07 13:02:08
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45
Running: pdy6m005.exe; Driver: C:\Users\Anwender\AppData\Local\Temp\pwlcruob.sys


---- System - GMER 1.0.15 ----

SSDT            913C7EC6                                                                                                                                  ZwCreateSection
SSDT            913C7ED0                                                                                                                                  ZwRequestWaitReplyPort
SSDT            913C7ECB                                                                                                                                  ZwSetContextThread
SSDT            913C7ED5                                                                                                                                  ZwSetSecurityObject
SSDT            913C7EDA                                                                                                                                  ZwSystemDebugControl
SSDT            913C7E67                                                                                                                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                                  8307A989 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                    8309A4E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                                                                        830A187C 4 Bytes  [C6, 7E, 3C, 91]
.text          ntoskrnl.exe!KeRemoveQueueEx + 181B                                                                                                        830A1BD8 4 Bytes  [D0, 7E, 3C, 91] {SAR BYTE [ESI+0x3c], 0x1; XCHG ECX, EAX}
.text          ntoskrnl.exe!KeRemoveQueueEx + 185F                                                                                                        830A1C1C 4 Bytes  [CB, 7E, 3C, 91] {RETF ; JLE 0x3f; XCHG ECX, EAX}
.text          ntoskrnl.exe!KeRemoveQueueEx + 18DB                                                                                                        830A1C98 4 Bytes  [D5, 7E, 3C, 91] {AAD 0x7e; CMP AL, 0x91}
.text          ntoskrnl.exe!KeRemoveQueueEx + 192F                                                                                                        830A1CEC 4 Bytes  [DA, 7E, 3C, 91] {FIDIVR DWORD [ESI+0x3c]; XCHG ECX, EAX}
.text          ...                                                                                                                                       
.vmp2          C:\Windows\system32\drivers\acedrv11.sys                                                                                                  entry point in ".vmp2" section [0x98D8B69D]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[364] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7545FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[364] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [7545FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[364] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7545FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[364] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [7545FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                                                    Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                                                                            X6XSEx.Sys

Device                                                                                                                                                    fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                                                          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice                                                                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:27:47 on 07.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000Core.job" - "Google Inc." - C:\Users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000UA.job" - "Google Inc." - C:\Users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"AsrAppCharger" (AsrAppCharger) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\AsrAppCharger.sys
"AsrCDDrv" (AsrCDDrv) - ? - C:\Windows\system32\Drivers\AsrCDDrv.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Anwender\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"X6XSEx" (X6XSEx) - "Exent Technologies Ltd." - C:\Program Files\Free Ride Games\X6XSEx.Sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{10E72E6C-F89F-44AA-91AE-9FB5C88C6760} "ControlsExt Class" - "DATA BECKER" - C:\Program Files\DATA BECKER\PDF Genie 5.0\iexp32.dll
{59A3380E-5305-4cea-BD99-4F2FF510C91F} "FineReader9.FRContextMenu.1" - "ABBYY" - C:\Program Files\ABBYY FineReader 9.0\FRIntegration.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll
{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll
{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{8F652E6E-8313-419E-8D5A-E932C64A6767} "SX_PDF6_CONV WEThumbnail Class" - "DATA BECKER" - C:\Program Files\DATA BECKER\PDF Genie 5.0\weprvw32.dll
{18357DE3-1BFC-45E4-A215-73709054847A} "SX_PDF6_CONV.ShellExt" - "DATA BECKER" - C:\Program Files\DATA BECKER\PDF Genie 5.0\sx_shell32.dll
{C533AB49-9805-4972-8326-A084696B00F0} "Touch Mouse Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcpltouchmouse.dll
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll
{7834E880-F0CC-4FA7-B4F3-FDB0F4E816A5} "Touch Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcpltouchstrip.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6A060448-60F9-11D5-A6CD-0002B31F7455} "ExentInf Class" - "Exent Technologies Ltd." - C:\Windows\Downloaded Program Files\ExentCtl.ocx /
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_3_300_271.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
{BDA33FF0-AD30-4335-9082-D5967EADB37D} "PDF Genie 5.0" - "DATA BECKER" - C:\Program Files\DATA BECKER\PDF Genie 5.0\iexp32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Exetender" - "Exent Technologies Ltd." - "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"EEventManager" - "SEIKO EPSON CORPORATION" - C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"IntelliPoint" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"itype" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ABBYY FineReader 9.0 PE Licensing Service" (ABBYY.Licensing.FineReader.Professional.9.0) - "ABBYY" - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"DATA BECKER Update Service" (DBService) - "DATA BECKER GmbH & Co KG" - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
"Intel(R) Capability Licensing Service Interface" (Intel(R) Capability Licensing Service Interface) - "Intel(R) Corporation" - C:\Program Files\Intel\iCLS Client\HeciServer.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"soft Xpansion Dispatch Service" (SXDS10) - "soft Xpansion" - C:\Program Files\Common Files\soft Xpansion\sxds10.exe
"WTGService" (WTGService) - ? - C:\Program Files\Verbindungsassistent\WTGService.exe  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-07 13:30:37
-----------------------------
13:30:37.264    OS Version: Windows 6.1.7601 Service Pack 1
13:30:37.264    Number of processors: 2 586 0x2A07
13:30:37.264    ComputerName: ***-PC  UserName: Anwender
13:30:38.699    Initialize success
13:31:27.745    AVAST engine defs: 12090700
13:32:00.084    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:32:00.084    Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
13:32:00.100    Disk 0 MBR read successfully
13:32:00.100    Disk 0 MBR scan
13:32:00.115    Disk 0 Windows 7 default MBR code
13:32:00.115    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:32:00.131    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      238369 MB offset 206848
13:32:00.162    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      238468 MB offset 488386560
13:32:00.162    Disk 0 scanning sectors +976769024
13:32:00.240    Disk 0 scanning C:\Windows\system32\drivers
13:32:07.868    Service scanning
13:32:24.311    Modules scanning
13:32:30.286    Disk 0 trace - called modules:
13:32:30.816    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS asahci32.sys
13:32:30.832    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87a9c7c8]
13:32:30.832    3 CLASSPNP.SYS[8c65659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86018030]
13:32:32.298    AVAST engine scan C:\Windows
13:32:34.654    AVAST engine scan C:\Windows\system32
13:34:29.548    AVAST engine scan C:\Windows\system32\drivers
13:34:39.423    AVAST engine scan C:\Users\Anwender
13:35:52.493    File: C:\Users\Anwender\AppData\Roaming\logons.exe  **INFECTED** Win32:Trojan-gen
13:36:35.128    AVAST engine scan C:\ProgramData
13:37:02.069    Scan finished successfully
13:38:42.752    Disk 0 MBR has been saved successfully to "C:\Users\Anwender\Desktop\MBR.dat"
13:38:42.752    The log file has been saved successfully to "C:\Users\Anwender\Desktop\aswMBR.txt"

cosinus 09.09.2012 20:44
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Elektritze 11.09.2012 10:52
So hier die beiden Logs:

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.10.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Anwender :: ***-PC [Administrator]

Schutz: Aktiviert

10.09.2012 16:12:45
mbam-log-2012-09-10 (16-12-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 434810
Laufzeit: 1 Stunde(n), 42 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
SUPERAntiSpyware Scan Log
SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 09/11/2012 at 10:40 AM

Application Version : 5.5.1016

Core Rules Database Version : 9203
Trace Rules Database Version: 7015

Scan type      : Complete Scan
Total Scan Time : 01:55:17

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 675
Memory threats detected  : 0
Registry items scanned    : 35770
Registry threats detected : 0
File items scanned        : 222880
File threats detected    : 468

Adware.Tracking Cookie
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\CCLUNL4D.txt [ /track.adform.net ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\RSHM73EQ.txt [ /ad.zanox.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\GOG54BNY.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\RBKJV6VN.txt [ /apmebf.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\JDFK3EU5.txt [ /tribalfusion.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\YEYQP9Q3.txt [ /media.gan-online.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\MGP1NCJE.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\Q1QRP7O2.txt [ /adform.net ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\061XVB23.txt [ /adxpose.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\CZQ8ELUA.txt [ /zedo.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\YG2GDX4T.txt [ /vodafonegroup.122.2o7.net ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\YTA87HDN.txt [ /imrworldwide.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\E5HC2FNH.txt [ /ad.360yield.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\9N30HB1L.txt [ /mediaplex.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\5ZWOOAAK.txt [ /ad.yieldmanager.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\LRNAM9CY.txt [ /invitemedia.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\KFGTQIQZ.txt [ /casalemedia.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\CDBO95MQ.txt [ /zanox.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\JHIRNF8S.txt [ /ru4.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\IEA4B0HV.txt [ /atdmt.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\5PH22SPB.txt [ /lucidmedia.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\H6G04FPJ.txt [ /serving-sys.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\A9XODKUW.txt [ /bs.serving-sys.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\MDETS7WM.txt [ /ad3.adfarm1.adition.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\UWCI2OY3.txt [ /adbrite.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\V5C3QO0Q.txt [ /questionmarket.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\CANLJ91X.txt [ /ad.adition.net ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\T6UM2ZMA.txt [ /yieldmanager.net ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\ZI3CKGYV.txt [ /tradedoubler.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\WU43BBZA.txt [ /revsci.net ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\S510F0JG.txt [ /doubleclick.net ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\1Y6BU0V2.txt [ /fastclick.net ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\SVI43ZQM.txt [ /www.rambler.ru ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\9S6SO8W9.txt [ /adfarm1.adition.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\CQWGFPMP.txt [ /media6degrees.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\C0QS42T5.txt [ /smartadserver.com ]
        C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Cookies\P65RU2AE.txt [ /rambler.ru ]
        C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\1SB26DE0.txt [ Cookie:anwender@clkads.com/adServe/banners ]
        C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\NO4RARXE.txt [ Cookie:anwender@clkads.com/adServe ]
        C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\Low\C15IP93K.txt [ Cookie:anwender@adform.net/ ]
        C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\Low\4V0ZPIQY.txt [ Cookie:anwender@statse.webtrendslive.com/ ]
        C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\Low\J6UKC720.txt [ Cookie:anwender@server.adform.net/ ]
        C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\Low\0LVZVZLD.txt [ Cookie:anwender@revsci.net/ ]
        C:\USERS\ANWENDER\AppData\Roaming\Microsoft\Windows\Cookies\Low\TZ8INPA3.txt [ Cookie:anwender@doubleclick.net/ ]
        C:\USERS\ANWENDER\Cookies\RSHM73EQ.txt [ Cookie:anwender@ad.zanox.com/ ]
        C:\USERS\ANWENDER\Cookies\1SB26DE0.txt [ Cookie:anwender@clkads.com/adServe/banners ]
        C:\USERS\ANWENDER\Cookies\RBKJV6VN.txt [ Cookie:anwender@apmebf.com/ ]
        C:\USERS\ANWENDER\Cookies\JDFK3EU5.txt [ Cookie:anwender@tribalfusion.com/ ]
        C:\USERS\ANWENDER\Cookies\MGP1NCJE.txt [ Cookie:anwender@ad2.adfarm1.adition.com/ ]
        C:\USERS\ANWENDER\Cookies\Q1QRP7O2.txt [ Cookie:anwender@adform.net/ ]
        C:\USERS\ANWENDER\Cookies\CZQ8ELUA.txt [ Cookie:anwender@zedo.com/ ]
        C:\USERS\ANWENDER\Cookies\YG2GDX4T.txt [ Cookie:anwender@vodafonegroup.122.2o7.net/ ]
        C:\USERS\ANWENDER\Cookies\YTA87HDN.txt [ Cookie:anwender@imrworldwide.com/cgi-bin ]
        C:\USERS\ANWENDER\Cookies\NO4RARXE.txt [ Cookie:anwender@clkads.com/adServe ]
        C:\USERS\ANWENDER\Cookies\5ZWOOAAK.txt [ Cookie:anwender@ad.yieldmanager.com/ ]
        C:\USERS\ANWENDER\Cookies\LRNAM9CY.txt [ Cookie:anwender@invitemedia.com/ ]
        C:\USERS\ANWENDER\Cookies\JHIRNF8S.txt [ Cookie:anwender@ru4.com/ ]
        C:\USERS\ANWENDER\Cookies\IEA4B0HV.txt [ Cookie:anwender@atdmt.com/ ]
        C:\USERS\ANWENDER\Cookies\5PH22SPB.txt [ Cookie:anwender@lucidmedia.com/ ]
        C:\USERS\ANWENDER\Cookies\A9XODKUW.txt [ Cookie:anwender@bs.serving-sys.com/ ]
        C:\USERS\ANWENDER\Cookies\V5C3QO0Q.txt [ Cookie:anwender@questionmarket.com/ ]
        C:\USERS\ANWENDER\Cookies\CANLJ91X.txt [ Cookie:anwender@ad.adition.net/ ]
        C:\USERS\ANWENDER\Cookies\T6UM2ZMA.txt [ Cookie:anwender@yieldmanager.net/ ]
        C:\USERS\ANWENDER\Cookies\ZI3CKGYV.txt [ Cookie:anwender@tradedoubler.com/ ]
        C:\USERS\ANWENDER\Cookies\WU43BBZA.txt [ Cookie:anwender@revsci.net/ ]
        C:\USERS\ANWENDER\Cookies\S510F0JG.txt [ Cookie:anwender@doubleclick.net/ ]
        C:\USERS\ANWENDER\Cookies\1Y6BU0V2.txt [ Cookie:anwender@fastclick.net/ ]
        C:\USERS\ANWENDER\Cookies\SVI43ZQM.txt [ Cookie:anwender@www.rambler.ru/ ]
        C:\USERS\ANWENDER\Cookies\CQWGFPMP.txt [ Cookie:anwender@media6degrees.com/ ]
        C:\USERS\ANWENDER\Cookies\C0QS42T5.txt [ Cookie:anwender@smartadserver.com/ ]
        .doubleclick.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.adform.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        stats.crsend.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        stats.crsend.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        stats.crsend.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas4.emediate.eu [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad4.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .amazon-adsystem.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .libri.112.2o7.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.zanox.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        media.gan-online.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        in.getclicky.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad1.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.adform.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adform.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracker.vinsight.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ww251.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unitymedia.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unitymedia.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        accounts.google.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .accounts.google.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .accounts.google.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .guj.122.2o7.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .clickfuse.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bs.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .a.revenuemax.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad2.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .traffictrack.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .dealtime.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        statsadv.dadapro.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .lego.112.2o7.net [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        stat.dealtime.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        Ad-Track.de - Günstige Online Werbung direkt beim Erzeuger buchen [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .c.atdmt.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .c.atdmt.com [ C:\USERS\ANWENDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .avanquest.upclick.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .avanquest.upclick.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .upclick.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        leads.383media.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        leads.383media.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .c1.atdmt.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .countomat.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        Angebote, Service, Beratung und mehr im Onlineshop und in Ihrem Markt vor Ort - Media Markt [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        UseNeXT | In vollem DSL-Speed aus dem Usenet downloaden! [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        tracking.sim-technik.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .Online Counter gratis - Kostenloser Besucherzhler mit Statistik [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        clickundflieg.com - Last Minute Reisen, Pauschalreisen, Lastminute Urlaub & Flge gnstig buchen [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .clickundflieg.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .clickundflieg.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .clickundflieg.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .mm.chitika.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        server.adformdsp.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adformdsp.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        targeting.revenuemax.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        stats.crsend.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        stats.crsend.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        stats.crsend.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        Kostenloser Counter Besucherstatistik Besucherzhler Webstatistik [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .mmstat.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SBO2NDGD.DEFAULT\COOKIES.SQLITE ]

PotentiallyUnwanted.SoftonicDownloader
        G:\ALLE DATEIEN BIS 10. FEBRUAR 2012\EIGENE DATEIEN 03.APRIL 2012\DOWNLOADS\SOFTONICDOWNLOADER_FUER_AVIRA-ANTIVIR.EXE
        G:\ALLE DATEIEN BIS 10. FEBRUAR 2012\EIGENE DATEIEN20. 2.2012 NICHT LöSCHEN\DOWNLOADS\SOFTONICDOWNLOADER_FUER_AVIRA-ANTIVIR.EXE
        G:\EIGENE DATEIEN AB 20.06.2011\EIGENE DATEIEN17.3.2012\DOWNLOADS\SOFTONICDOWNLOADER_FUER_AVIRA-ANTIVIR.EXE

Trojan.Agent/Gen-Multi
        C:\WINDOWS\SYSTEM32\AMCBUTTON.OCX

cosinus 11.09.2012 16:21
Sieht ok aus, da wurden nur Cookies gefunden. Außerdem Softonic-Müll und das mit AMCBUTTON sieht mir nach einem Fehlalarm aus. Alles löschen bis auf AMCBUTTON

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Elektritze 11.09.2012 22:58
Liste der Anhänge anzeigen (Anzahl: 1)
Scheint alles normal, außer das Avira immer noch diese logons.exe anmeckert:

Siehe Bild im Anhang!

Ich habe sie dann entfernen lassen, komischerweise steht aber immer noch die Verknüpfung im Systemstart...

cosinus 12.09.2012 00:17
Hö :eek: hab ich die völlig übesehen :confused: :headbang:

Einfachster Weg zuerst: Mit Avira in die Q verschieben. Neustart. Beobachten ob sie wieder auftaucht. Wenn ja, sind wir hier leider nicht so schnell fertig :o

Elektritze 12.09.2012 13:21
Taucht nicht mehr als Virenwarnung auf, nur die Verknüpfung im Systemstart bleibt!
Ist ja deaktiviert und das Ziel ist ja nicht mehr vorhanden...

Kann man die auch noch irgendwie weg kriegen?

cosinus 12.09.2012 14:48
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" in der ersten Zeile muss mitkopiert werden!!!)

Code:
:Files
C:\Users\Anwender\AppData\Roaming\*.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19