|
Plagegeister aller Art und deren Bekämpfung: Österreichischer Polizei VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.10.2012, 16:01 | #16 |
| Österreichischer Polizei Virus Und die Extras.txt Code:
ATTFilter OTL Extras logfile created on: 15.10.2012 16:08:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 5,91 Gb Total Physical Memory | 4,06 Gb Available Physical Memory | 68,74% Memory free 11,82 Gb Paging File | 9,96 Gb Available in Paging File | 84,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 279,45 Gb Total Space | 181,93 Gb Free Space | 65,10% Space Free | Partition Type: NTFS Drive D: | 394,18 Gb Total Space | 318,00 Gb Free Space | 80,67% Space Free | Partition Type: NTFS Drive F: | 824,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MICHAEL_LAPTOP | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{044E1F4B-E8A5-43AC-845D-36F861A87117}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{12DE5854-B0A2-4EF2-86BB-49EB0CB82229}" = rport=445 | protocol=6 | dir=out | app=system | "{27E5747F-F97C-4297-BC77-25F215CEB041}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3F1313E5-EF72-4CFB-A6C4-43797C8040B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3FA5E3C1-B437-485B-BF0B-BC53C0CB5450}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{40DD7317-85E7-44B7-A54D-3039D1CE84EE}" = lport=445 | protocol=6 | dir=in | app=system | "{4A346BF2-2531-4CB9-971E-BE4CA5096A5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{562EABD3-33D2-44BC-BDF1-EDA1C9913594}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{57A02C8A-9239-44B0-B4DB-A7EE65483809}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{5C79F3C3-5852-4E60-AB1E-89079D958EED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{78FE3422-8F8F-4694-9C8E-BE590F1CE670}" = lport=137 | protocol=17 | dir=in | app=system | "{9954EAF6-C462-46D1-AF17-159E5814101C}" = rport=139 | protocol=6 | dir=out | app=system | "{99D6532B-F41D-4DB7-896E-FE813E403CD7}" = lport=139 | protocol=6 | dir=in | app=system | "{9F85D1CE-2D9B-4923-A456-53C988143ADF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{B23FC6EA-8D46-498B-8F50-58197DA92461}" = rport=137 | protocol=17 | dir=out | app=system | "{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B9B0D9DD-8105-4D13-A9FF-495764FE6B63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CB530934-AD2A-4B50-A3BC-4463EFAF3886}" = rport=138 | protocol=17 | dir=out | app=system | "{CB9C5DE2-03B3-4603-9E98-C0149603E18D}" = lport=138 | protocol=17 | dir=in | app=system | "{CC80817E-C43B-4EAC-86C1-2605FFF6F5FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FAE4EF23-3E6F-49B5-B432-5349873F32DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0523ED9E-0213-4331-B11E-E8D10FA838E0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{08E66910-5C12-4E8B-BAD5-F11B5FF7760A}" = protocol=6 | dir=in | app=d:\program files (x86)\setup_a1wlanassistent.exe | "{0963FB9C-9BB4-4597-A6B2-99616A57B011}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0AA438DC-D72C-4BCF-97F4-A16D677C73AB}" = protocol=17 | dir=in | app=d:\program files (x86)\combat arms eu\nmservice.exe | "{1290E93B-4C1B-47E3-8D14-C147909BD63A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1BB21591-5E98-47A2-AE10-395B97DEF1B8}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{1D70738D-667F-43F1-A7AA-DCB0D13D6176}" = protocol=6 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | "{1DC05F9A-BB48-4B89-9C37-92011DE86366}" = protocol=6 | dir=in | app=d:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{201B968E-17E0-48CA-85CC-899374711506}" = protocol=17 | dir=in | app=d:\program files (x86)\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | "{2055BCAD-8A8D-4DA4-8151-E2B2E572C510}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2765AB02-D6E4-4F3E-902B-18C6457CA8DF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{30B31025-DF1A-4952-B226-F8EE3B6CDE3B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{392A386E-36BA-42C3-AE4A-99F6D9C0C0B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{400A809F-69C9-44A4-AB30-BA8D28C3FED3}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{41F80F70-C049-425B-AF56-20D4A48BEEE4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{464F8459-3906-4F68-8B86-AABE7E857833}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{46914360-EA41-44F7-BAB1-1870DF75FAC4}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{48AAE38F-0D22-49C8-A494-328BC7A6AD03}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{497CAE52-D0A8-49B3-AC29-A7371BC6F00E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4DE2564F-B295-4EA0-BB1C-B8342DBF67CA}" = protocol=17 | dir=in | app=d:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{4E7938E8-5BF2-4D28-9ED2-7F0EF95B7432}" = protocol=17 | dir=in | app=d:\program files (x86)\vuze\azureus.exe | "{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{51B98E8A-3BD5-46A0-8344-D8E9D2E32EEA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{549CCD82-E655-4E00-8D39-EED18B85101A}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{57DBC786-7055-4189-BC95-297EDCD8D2AC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{5AB110E5-72BF-48D7-B110-53E693DF19AC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{5C1FA3EB-1428-4138-BE04-FD2F6611AC8A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{612AB4EE-345A-4C27-B2D2-75B8059E9389}" = protocol=17 | dir=in | app=d:\program files (x86)\landwirtschafts simulator 2011\game.exe | "{68E507A1-918E-4064-BC61-4E908A17296B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{6C6CBC86-983C-4BB6-B48D-5BFA37503B8F}" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe | "{6F4C6871-2A98-426F-B99F-7AF8F0151E29}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{80A23281-5625-4C06-8AF1-6418ED1AF419}" = protocol=17 | dir=in | app=d:\program files (x86)\setup_a1wlanassistent.exe | "{81F4818F-7311-40CE-932A-0376F8FB0ECE}" = protocol=6 | dir=in | app=d:\program files (x86)\vuze\azureus.exe | "{8CFFE780-7413-4E9A-8E56-DD22A04AF1FD}" = protocol=17 | dir=in | app=d:\program files (x86)\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | "{8E41FBFF-6FFD-44C5-8E10-14E66A58C30E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{8FD02ADF-CC21-48FE-B3B1-7E80DFDD64EB}" = protocol=17 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | "{99B282C5-BEA0-4BE2-A85B-844BAF5A3D72}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{9B5FBF50-91F4-49E6-A39A-48404FA9BB74}" = protocol=6 | dir=in | app=d:\program files (x86)\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | "{9C543699-E18A-4344-84A1-197B024E5CAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A07FE4C5-EE99-4F2F-8450-E5E524D1904C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{A887B61B-FF35-4293-B2F4-EB8C225C8723}" = protocol=6 | dir=in | app=d:\program files (x86)\setup_a1wlanassistent.exe | "{AA287448-2D08-49D9-B38A-F715D161910E}" = protocol=17 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | "{B86EA36D-5F7C-45EC-84AA-41153B5C4049}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{BC8D7977-C5A3-4955-8EB8-9E18C1C75E53}" = protocol=17 | dir=in | app=d:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | "{C03AB7F7-0E51-4264-B06E-E50AA868DCD2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{C31812F0-3C83-4F30-8972-DDDFA4D16696}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{C95CD6C7-69B6-4CD1-8378-8E2FA34F7C03}" = protocol=6 | dir=in | app=d:\program files (x86)\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | "{CDA59321-07D8-4555-9B44-3AF4425384DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D4385D45-7EC7-44F0-BB13-D536D2955A44}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{DAC437D9-E91D-4715-9430-88E583BEC054}" = protocol=6 | dir=in | app=d:\program files (x86)\landwirtschafts simulator 2011\game.exe | "{DC0D96AD-B667-40B9-8358-780AC6E31C30}" = protocol=6 | dir=in | app=d:\program files (x86)\combat arms eu\nmservice.exe | "{DEC86AD6-F914-4EE8-997B-72DA0BD1D4A7}" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe | "{E0FB538F-77B5-43AC-BF78-2B0C894AA3A4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{E4F7DDF1-5ACB-4CBA-A8EF-EF9681E7AD12}" = protocol=6 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | "{F1D27B96-557E-44D1-A7E8-F6D52B7C2B6D}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{F4A49B80-DE21-401A-80EE-C67C85C3021C}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{F60D8A73-F275-4650-A65A-E32EE9136094}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{F72CE0F1-1EF3-471C-AC21-6EF12A6BBF34}" = protocol=17 | dir=in | app=d:\program files (x86)\setup_a1wlanassistent.exe | "{F888F964-F8BC-4788-8D9D-E1463AA0A41D}" = protocol=6 | dir=in | app=d:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | "{FA95C8DE-4F35-401B-9F83-EAE39E51C45B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{FE03BD60-76E1-4F3D-9115-F00B50189372}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{3005665F-D192-4359-96F8-A49204287B60}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{41882DFE-477D-4D47-AF99-1BEC330E88AF}D:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tmnationsforever\tmforever.exe | "TCP Query User{5EF8FB9F-D27E-402A-BB76-7F637B9EC0B9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{FCAC0533-2954-4B4A-8E13-C1CF85376FCF}D:\program files (x86)\steam\steamapps\mikeyboy313\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\mikeyboy313\team fortress 2\hl2.exe | "UDP Query User{07B34BEE-03E2-4062-8A53-47AE2FD1D411}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{3EE7B6EC-8C35-45E7-BD68-85D04956A6D4}D:\program files (x86)\steam\steamapps\mikeyboy313\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\mikeyboy313\team fortress 2\hl2.exe | "UDP Query User{B862D900-7132-4161-B030-3D12989A998A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{C417DD1B-C549-4C23-85B0-08E3B6D1FDBE}D:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tmnationsforever\tmforever.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D9A78F1-FDC7-45D8-8145-B6462CA82240}" = Mathcad Prime 2.0 "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety "{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety "{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit) "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software "{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{9cc89170-000b-457d-91f1-53691f85b224}" = Python 2.6.1 (64-bit) "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "{FD67869B-C97B-4F2C-AD80-ABF130238441}" = Oracle VM VirtualBox 4.1.16 "Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "ProInst" = Intel PROSet Wireless "sp6" = Logitech SetPoint 6.32 "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks "{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{434D0FA0-AB8C-497F-B30A-7A1000038201}" = DiRT 3 "{44653096-3E44-402E-B68E-37D77240BFA8}" = Accelrys Draw 4.1 "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8 "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89E0B0D4-DFC3-49B9-8E88-F1B801325C8A}" = Emergency 3 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AC76D478-1033-0000-3478-000000000004}" = Mathcad PDSi viewable support "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B92DC48F-98BC-41C9-8C64-014DFD058708}" = Der finstere Dschungel "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{Wegberg-Modifikation-5-0}_is1" = Feuer- und Notfallsimulation Wegberg Version 5.0 "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "aonUpdate" = aonUpdate "ArmA 2" = ArmA 2 Free Uninstall "ASIO4ALL" = ASIO4ALL "ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "Audacity_is1" = Audacity 1.2.6 "BattlEye A2 Free" = BattlEye (A2Free) Uninstall "Bookworm Deluxe" = Bookworm Deluxe "Bridge Building Game" = Bridge Building Game "Clonk Rage" = Clonk Rage "Cooking Dash" = Cooking Dash "DAEMON Tools Lite" = DAEMON Tools Lite "ESET Online Scanner" = ESET Online Scanner v3 "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "FL Studio 10" = FL Studio 10 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918 "FreeHideIP" = Free Hide IP "Governor of Poker" = Governor of Poker "Highspeed-Internet-Installation" = Highspeed-Internet-Installation "Hotel Dash Suite Success" = Hotel Dash Suite Success "IL Download Manager" = IL Download Manager "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "Jewel Quest 3" = Jewel Quest 3 "Luxor 3" = Luxor 3 "Mahjongg dimensions" = Mahjongg dimensions "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mathcad PDSi viewable support" = Mathcad PDSi viewable support "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "Notepad++" = Notepad++ "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "OpenAL" = OpenAL "Plants vs Zombies" = Plants vs Zombies "ProInst" = Intel PROSet Wireless "PunkBusterSvc" = PunkBuster Services "Rigs of Rods 0.38.67" = Rigs of Rods 0.38.67 "Steam App 3590" = Plants vs. Zombies: Game of the Year "Steam App 440" = Team Fortress 2 "Steam App 50130" = Mafia II "Steam App 520" = Team Fortress 2 Beta "Super Mario World Flash" = Super Mario World Flash "TmNationsForever_is1" = TmNationsForever "Update Engine" = Sony Ericsson Update Engine "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "World of Goo" = World of Goo ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1167183996-2461493483-177166186-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "GeoGebra 4" = GeoGebra 4 "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.06.2012 15:48:23 | Computer Name = Michaels_Laptop | Source = Application Hang | ID = 1002 Description = Programm mafia2.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16b0 Startzeit: 01cd480a212e6c34 Endzeit: 30 Anwendungspfad: d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe Berichts-ID: 68a6a8bc-b3fd-11e1-8da7-5404a637bdc5 Error - 12.06.2012 02:30:14 | Computer Name = Michaels_Laptop | Source = Application Hang | ID = 1002 Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1330 Startzeit: 01cd4864a9ef1d47 Endzeit: 0 Anwendungspfad: D:\Program Files (x86)\Steam\Steam.exe Berichts-ID: 0f543352-b458-11e1-8f77-5404a637bdc5 Error - 12.06.2012 05:46:33 | Computer Name = Michaels_Laptop | Source = Microsoft Office 14 | ID = 2000 Description = Microsoft Word: Accepted Safe Mode action : Word konnte zuletzt nicht korrekt gestartet werden. Das Starten von Word im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein. Möchten Sie Word im abgesicherten Modus starten?. Error - 12.06.2012 07:23:09 | Computer Name = Michaels_Laptop | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved Error - 12.06.2012 09:15:41 | Computer Name = Michaels_Laptop | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved Error - 12.06.2012 14:58:04 | Computer Name = Michaels_Laptop | Source = Application Hang | ID = 1002 Description = Programm shutdown.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2074 Startzeit: 01cd48cd31d340f4 Endzeit: 0 Anwendungspfad: C:\Windows\system32\shutdown.exe Berichts-ID: 8886e112-b4c0-11e1-a8b4-5404a637bdc5 Error - 13.06.2012 02:07:22 | Computer Name = Michael_Laptop | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved Error - 13.06.2012 03:16:38 | Computer Name = Michael_Laptop | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1224 Startzeit: 01cd49296b5ea0e7 Endzeit: 2808 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: a9ade6d9-b527-11e1-9842-bf4c91ede4a6 Error - 13.06.2012 04:12:02 | Computer Name = Michael_Laptop | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved Error - 13.06.2012 07:09:59 | Computer Name = Michael_Laptop | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved [ System Events ] Error - 13.10.2012 10:46:34 | Computer Name = Michael_Laptop | Source = DCOM | ID = 10005 Description = Error - 13.10.2012 10:46:34 | Computer Name = Michael_Laptop | Source = DCOM | ID = 10005 Description = Error - 13.10.2012 10:46:34 | Computer Name = Michael_Laptop | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.10.2012 11:44:23 | Computer Name = Michael_Laptop | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.10.2012 11:47:01 | Computer Name = Michael_Laptop | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.10.2012 12:13:23 | Computer Name = Michael_Laptop | Source = BROWSER | ID = 8032 Description = Error - 13.10.2012 14:28:16 | Computer Name = Michael_Laptop | Source = BROWSER | ID = 8032 Description = Error - 14.10.2012 14:26:23 | Computer Name = Michael_Laptop | Source = BROWSER | ID = 8032 Description = Error - 14.10.2012 16:21:22 | Computer Name = Michael_Laptop | Source = BROWSER | ID = 8032 Description = Error - 15.10.2012 07:27:12 | Computer Name = Michael_Laptop | Source = BROWSER | ID = 8032 Description = < End of report > |
15.10.2012, 17:37 | #17 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Österreichischer Polizei VirusCode:
ATTFilter "ProxyServer" = 10.1.8.1:3128
__________________ |
15.10.2012, 18:02 | #18 |
| Österreichischer Polizei Virus Hallo,
__________________den Proxy brauche ich für das Schulnetzwerk. |
15.10.2012, 18:59 | #19 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Österreichischer Polizei Virus Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
15.10.2012, 19:51 | #20 |
| Österreichischer Polizei Virus Hallo, das Log vom TDSSKiller: Code:
ATTFilter 20:47:05.0469 7084 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 20:47:05.0766 7084 ============================================================ 20:47:05.0766 7084 Current date / time: 2012/10/15 20:47:05.0766 20:47:05.0766 7084 SystemInfo: 20:47:05.0766 7084 20:47:05.0766 7084 OS Version: 6.1.7601 ServicePack: 1.0 20:47:05.0766 7084 Product type: Workstation 20:47:05.0766 7084 ComputerName: MICHAEL_LAPTOP 20:47:05.0766 7084 UserName: Michael 20:47:05.0766 7084 Windows directory: C:\Windows 20:47:05.0766 7084 System windows directory: C:\Windows 20:47:05.0766 7084 Running under WOW64 20:47:05.0766 7084 Processor architecture: Intel x64 20:47:05.0766 7084 Number of processors: 4 20:47:05.0766 7084 Page size: 0x1000 20:47:05.0766 7084 Boot type: Normal boot 20:47:05.0766 7084 ============================================================ 20:47:06.0359 7084 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:47:06.0359 7084 ============================================================ 20:47:06.0359 7084 \Device\Harddisk0\DR0: 20:47:06.0359 7084 MBR partitions: 20:47:06.0359 7084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800 20:47:06.0359 7084 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x260E9000, BlocksNum 0x3145C800 20:47:06.0359 7084 ============================================================ 20:47:06.0390 7084 C: <-> \Device\Harddisk0\DR0\Partition1 20:47:06.0421 7084 D: <-> \Device\Harddisk0\DR0\Partition2 20:47:06.0421 7084 ============================================================ 20:47:06.0421 7084 Initialize success 20:47:06.0421 7084 ============================================================ 20:48:13.0844 5428 ============================================================ 20:48:13.0844 5428 Scan started 20:48:13.0844 5428 Mode: Manual; SigCheck; TDLFS; 20:48:13.0844 5428 ============================================================ 20:48:16.0294 5428 ================ Scan system memory ======================== 20:48:16.0294 5428 System memory - ok 20:48:16.0294 5428 ================ Scan services ============================= 20:48:16.0528 5428 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:48:16.0684 5428 1394ohci - ok 20:48:16.0746 5428 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:48:16.0777 5428 ACPI - ok 20:48:16.0808 5428 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:48:16.0918 5428 AcpiPmi - ok 20:48:17.0042 5428 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:48:17.0058 5428 AdobeARMservice - ok 20:48:17.0120 5428 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:48:17.0167 5428 adp94xx - ok 20:48:17.0183 5428 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:48:17.0198 5428 adpahci - ok 20:48:17.0230 5428 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:48:17.0245 5428 adpu320 - ok 20:48:17.0261 5428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:48:17.0479 5428 AeLookupSvc - ok 20:48:17.0557 5428 [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent C:\Windows\system32\FBAgent.exe 20:48:17.0588 5428 AFBAgent - ok 20:48:17.0682 5428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 20:48:17.0791 5428 AFD - ok 20:48:17.0854 5428 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:48:17.0869 5428 agp440 - ok 20:48:17.0916 5428 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:48:17.0963 5428 ALG - ok 20:48:17.0994 5428 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:48:18.0010 5428 aliide - ok 20:48:18.0025 5428 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:48:18.0056 5428 amdide - ok 20:48:18.0072 5428 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:48:18.0119 5428 AmdK8 - ok 20:48:18.0150 5428 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 20:48:18.0181 5428 AmdPPM - ok 20:48:18.0228 5428 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:48:18.0244 5428 amdsata - ok 20:48:18.0275 5428 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 20:48:18.0275 5428 amdsbs - ok 20:48:18.0306 5428 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:48:18.0322 5428 amdxata - ok 20:48:18.0353 5428 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:48:18.0602 5428 AppID - ok 20:48:18.0649 5428 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:48:18.0696 5428 AppIDSvc - ok 20:48:18.0743 5428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 20:48:18.0836 5428 Appinfo - ok 20:48:18.0883 5428 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 20:48:18.0914 5428 arc - ok 20:48:18.0946 5428 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:48:18.0961 5428 arcsas - ok 20:48:19.0055 5428 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 20:48:19.0086 5428 ASLDRService - ok 20:48:19.0102 5428 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 20:48:19.0117 5428 ASMMAP64 - ok 20:48:19.0164 5428 [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys 20:48:19.0242 5428 asmthub3 - ok 20:48:19.0289 5428 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys 20:48:19.0351 5428 asmtxhci - ok 20:48:19.0523 5428 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 20:48:19.0538 5428 aspnet_state - ok 20:48:19.0585 5428 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:48:19.0663 5428 AsyncMac - ok 20:48:19.0710 5428 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:48:19.0741 5428 atapi - ok 20:48:19.0788 5428 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys 20:48:19.0897 5428 athr - ok 20:48:19.0928 5428 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 20:48:19.0960 5428 ATKGFNEXSrv - ok 20:48:20.0038 5428 [ AC31727F9946E9009480708E4D1B9986 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 20:48:20.0053 5428 ATKWMIACPIIO - ok 20:48:20.0131 5428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:48:20.0240 5428 AudioEndpointBuilder - ok 20:48:20.0303 5428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:48:20.0350 5428 AudioSrv - ok 20:48:20.0381 5428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:48:20.0474 5428 AxInstSV - ok 20:48:20.0537 5428 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 20:48:20.0646 5428 b06bdrv - ok 20:48:20.0708 5428 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:48:20.0771 5428 b57nd60a - ok 20:48:20.0849 5428 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 20:48:20.0880 5428 BBSvc - ok 20:48:20.0927 5428 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:48:20.0989 5428 BDESVC - ok 20:48:21.0020 5428 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:48:21.0114 5428 Beep - ok 20:48:21.0145 5428 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 20:48:21.0208 5428 BFE - ok 20:48:21.0395 5428 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx64.sys 20:48:21.0488 5428 BHDrvx64 - ok 20:48:21.0535 5428 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 20:48:21.0644 5428 BITS - ok 20:48:21.0676 5428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:48:21.0722 5428 blbdrive - ok 20:48:21.0769 5428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:48:21.0832 5428 bowser - ok 20:48:21.0863 5428 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 20:48:21.0956 5428 BrFiltLo - ok 20:48:21.0972 5428 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 20:48:22.0003 5428 BrFiltUp - ok 20:48:22.0034 5428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 20:48:22.0097 5428 Browser - ok 20:48:22.0112 5428 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:48:22.0159 5428 Brserid - ok 20:48:22.0175 5428 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:48:22.0206 5428 BrSerWdm - ok 20:48:22.0222 5428 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:48:22.0268 5428 BrUsbMdm - ok 20:48:22.0284 5428 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:48:22.0300 5428 BrUsbSer - ok 20:48:22.0346 5428 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 20:48:22.0456 5428 BthEnum - ok 20:48:22.0502 5428 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:48:22.0549 5428 BTHMODEM - ok 20:48:22.0565 5428 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 20:48:22.0612 5428 BthPan - ok 20:48:22.0674 5428 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 20:48:22.0799 5428 BTHPORT - ok 20:48:22.0846 5428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:48:22.0924 5428 bthserv - ok 20:48:22.0939 5428 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 20:48:22.0955 5428 BTHUSB - ok 20:48:23.0033 5428 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys 20:48:23.0064 5428 ccSet_NIS - ok 20:48:23.0111 5428 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:48:23.0189 5428 cdfs - ok 20:48:23.0220 5428 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:48:23.0267 5428 cdrom - ok 20:48:23.0298 5428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:48:23.0345 5428 CertPropSvc - ok 20:48:23.0392 5428 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 20:48:23.0407 5428 circlass - ok 20:48:23.0438 5428 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:48:23.0454 5428 CLFS - ok 20:48:23.0532 5428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:48:23.0563 5428 clr_optimization_v2.0.50727_32 - ok 20:48:23.0610 5428 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:48:23.0641 5428 clr_optimization_v2.0.50727_64 - ok 20:48:23.0719 5428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:48:23.0782 5428 clr_optimization_v4.0.30319_32 - ok 20:48:23.0797 5428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:48:23.0813 5428 clr_optimization_v4.0.30319_64 - ok 20:48:23.0844 5428 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:48:23.0875 5428 CmBatt - ok 20:48:23.0891 5428 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:48:23.0906 5428 cmdide - ok 20:48:23.0953 5428 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 20:48:24.0016 5428 CNG - ok 20:48:24.0031 5428 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 20:48:24.0062 5428 Compbatt - ok 20:48:24.0078 5428 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 20:48:24.0125 5428 CompositeBus - ok 20:48:24.0140 5428 COMSysApp - ok 20:48:24.0156 5428 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:48:24.0172 5428 crcdisk - ok 20:48:24.0218 5428 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:48:24.0296 5428 CryptSvc - ok 20:48:24.0421 5428 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 20:48:24.0484 5428 cvhsvc - ok 20:48:24.0515 5428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:48:24.0562 5428 DcomLaunch - ok 20:48:24.0593 5428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:48:24.0702 5428 defragsvc - ok 20:48:24.0718 5428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:48:24.0764 5428 DfsC - ok 20:48:24.0811 5428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:48:24.0889 5428 Dhcp - ok 20:48:24.0905 5428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:48:24.0983 5428 discache - ok 20:48:25.0030 5428 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 20:48:25.0061 5428 Disk - ok 20:48:25.0092 5428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:48:25.0139 5428 Dnscache - ok 20:48:25.0170 5428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:48:25.0264 5428 dot3svc - ok 20:48:25.0279 5428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:48:25.0326 5428 DPS - ok 20:48:25.0357 5428 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:48:25.0420 5428 drmkaud - ok 20:48:25.0466 5428 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 20:48:25.0498 5428 dtsoftbus01 - ok 20:48:25.0529 5428 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:48:25.0560 5428 DXGKrnl - ok 20:48:25.0560 5428 EagleX64 - ok 20:48:25.0591 5428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:48:25.0638 5428 EapHost - ok 20:48:25.0732 5428 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 20:48:25.0825 5428 ebdrv - ok 20:48:25.0888 5428 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 20:48:25.0934 5428 eeCtrl - ok 20:48:25.0981 5428 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 20:48:26.0044 5428 EFS - ok 20:48:26.0122 5428 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:48:26.0231 5428 ehRecvr - ok 20:48:26.0246 5428 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:48:26.0293 5428 ehSched - ok 20:48:26.0356 5428 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:48:26.0371 5428 elxstor - ok 20:48:26.0402 5428 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 20:48:26.0402 5428 EraserUtilRebootDrv - ok 20:48:26.0418 5428 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:48:26.0434 5428 ErrDev - ok 20:48:26.0496 5428 [ 871AB1BFA00ECA5DFDE99D6EECE1BFD4 ] ETD C:\Windows\system32\DRIVERS\ETD.sys 20:48:26.0496 5428 ETD - ok 20:48:26.0527 5428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:48:26.0574 5428 EventSystem - ok 20:48:26.0699 5428 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 20:48:26.0777 5428 EvtEng - ok 20:48:26.0808 5428 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:48:26.0839 5428 exfat - ok 20:48:26.0870 5428 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:48:26.0948 5428 fastfat - ok 20:48:26.0995 5428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:48:27.0058 5428 Fax - ok 20:48:27.0073 5428 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 20:48:27.0120 5428 fdc - ok 20:48:27.0136 5428 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:48:27.0167 5428 fdPHost - ok 20:48:27.0198 5428 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:48:27.0245 5428 FDResPub - ok 20:48:27.0276 5428 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:48:27.0276 5428 FileInfo - ok 20:48:27.0292 5428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:48:27.0354 5428 Filetrace - ok 20:48:27.0370 5428 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 20:48:27.0401 5428 flpydisk - ok 20:48:27.0416 5428 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:48:27.0432 5428 FltMgr - ok 20:48:27.0463 5428 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 20:48:27.0557 5428 FontCache - ok 20:48:27.0604 5428 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:48:27.0635 5428 FontCache3.0.0.0 - ok 20:48:27.0650 5428 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:48:27.0666 5428 FsDepends - ok 20:48:27.0713 5428 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 20:48:27.0728 5428 fssfltr - ok 20:48:27.0806 5428 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 20:48:27.0900 5428 fsssvc - ok 20:48:27.0931 5428 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:48:27.0947 5428 Fs_Rec - ok 20:48:27.0978 5428 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:48:27.0994 5428 fvevol - ok 20:48:28.0009 5428 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:48:28.0025 5428 gagp30kx - ok 20:48:28.0056 5428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:48:28.0103 5428 gpsvc - ok 20:48:28.0212 5428 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:48:28.0243 5428 gupdate - ok 20:48:28.0259 5428 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:48:28.0259 5428 gupdatem - ok 20:48:28.0337 5428 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 20:48:28.0352 5428 gusvc - ok 20:48:28.0399 5428 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:48:28.0446 5428 hcw85cir - ok 20:48:28.0477 5428 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:48:28.0508 5428 HdAudAddService - ok 20:48:28.0555 5428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:48:28.0586 5428 HDAudBus - ok 20:48:28.0586 5428 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 20:48:28.0618 5428 HidBatt - ok 20:48:28.0618 5428 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:48:28.0633 5428 HidBth - ok 20:48:28.0649 5428 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 20:48:28.0664 5428 HidIr - ok 20:48:28.0696 5428 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 20:48:28.0758 5428 hidserv - ok 20:48:28.0805 5428 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:48:28.0836 5428 HidUsb - ok 20:48:28.0867 5428 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:48:28.0961 5428 hkmsvc - ok 20:48:28.0976 5428 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:48:29.0008 5428 HomeGroupListener - ok 20:48:29.0039 5428 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:48:29.0070 5428 HomeGroupProvider - ok 20:48:29.0086 5428 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:48:29.0101 5428 HpSAMD - ok 20:48:29.0132 5428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:48:29.0179 5428 HTTP - ok 20:48:29.0226 5428 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:48:29.0242 5428 hwpolicy - ok 20:48:29.0273 5428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:48:29.0304 5428 i8042prt - ok 20:48:29.0351 5428 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 20:48:29.0366 5428 iaStor - ok 20:48:29.0413 5428 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:48:29.0460 5428 iaStorV - ok 20:48:29.0554 5428 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:48:29.0585 5428 IDriverT ( UnsignedFile.Multi.Generic ) - warning 20:48:29.0585 5428 IDriverT - detected UnsignedFile.Multi.Generic (1) 20:48:29.0663 5428 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:48:29.0741 5428 idsvc - ok 20:48:29.0819 5428 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121012.001\IDSvia64.sys 20:48:29.0834 5428 IDSVia64 - ok 20:48:30.0068 5428 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 20:48:30.0412 5428 igfx - ok 20:48:30.0443 5428 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:48:30.0458 5428 iirsp - ok 20:48:30.0505 5428 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:48:30.0583 5428 IKEEXT - ok 20:48:30.0708 5428 [ 9F573C952961F444F400489E81ECA381 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 20:48:30.0817 5428 IntcAzAudAddService - ok 20:48:30.0864 5428 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 20:48:30.0926 5428 IntcDAud - ok 20:48:30.0958 5428 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:48:30.0989 5428 intelide - ok 20:48:31.0020 5428 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:48:31.0051 5428 intelppm - ok 20:48:31.0082 5428 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:48:31.0145 5428 IPBusEnum - ok 20:48:31.0145 5428 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:48:31.0207 5428 IpFilterDriver - ok 20:48:31.0270 5428 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:48:31.0348 5428 iphlpsvc - ok 20:48:31.0348 5428 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:48:31.0379 5428 IPMIDRV - ok 20:48:31.0379 5428 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:48:31.0426 5428 IPNAT - ok 20:48:31.0457 5428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:48:31.0535 5428 IRENUM - ok 20:48:31.0550 5428 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:48:31.0550 5428 isapnp - ok 20:48:31.0582 5428 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:48:31.0597 5428 iScsiPrt - ok 20:48:31.0613 5428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:48:31.0628 5428 kbdclass - ok 20:48:31.0644 5428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 20:48:31.0675 5428 kbdhid - ok 20:48:31.0706 5428 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 20:48:31.0722 5428 kbfiltr - ok 20:48:31.0753 5428 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 20:48:31.0769 5428 KeyIso - ok 20:48:31.0800 5428 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:48:31.0831 5428 KSecDD - ok 20:48:31.0862 5428 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:48:31.0878 5428 KSecPkg - ok 20:48:31.0894 5428 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:48:31.0925 5428 ksthunk - ok 20:48:31.0972 5428 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:48:32.0018 5428 KtmRm - ok 20:48:32.0034 5428 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 20:48:32.0065 5428 L1C - ok 20:48:32.0112 5428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:48:32.0206 5428 LanmanServer - ok 20:48:32.0237 5428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:48:32.0268 5428 LanmanWorkstation - ok 20:48:32.0393 5428 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 20:48:32.0424 5428 LBTServ - ok 20:48:32.0440 5428 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 20:48:32.0455 5428 LHidFilt - ok 20:48:32.0486 5428 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:48:32.0580 5428 lltdio - ok 20:48:32.0611 5428 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:48:32.0689 5428 lltdsvc - ok 20:48:32.0720 5428 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:48:32.0767 5428 lmhosts - ok 20:48:32.0798 5428 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 20:48:32.0798 5428 LMouFilt - ok 20:48:32.0830 5428 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:48:32.0845 5428 LSI_FC - ok 20:48:32.0845 5428 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:48:32.0861 5428 LSI_SAS - ok 20:48:32.0861 5428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 20:48:32.0876 5428 LSI_SAS2 - ok 20:48:32.0876 5428 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:48:32.0876 5428 LSI_SCSI - ok 20:48:32.0892 5428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:48:32.0939 5428 luafv - ok 20:48:32.0986 5428 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:48:33.0017 5428 Mcx2Svc - ok 20:48:33.0017 5428 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 20:48:33.0032 5428 megasas - ok 20:48:33.0048 5428 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 20:48:33.0064 5428 MegaSR - ok 20:48:33.0095 5428 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 20:48:33.0110 5428 MEIx64 - ok 20:48:33.0110 5428 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:48:33.0157 5428 MMCSS - ok 20:48:33.0173 5428 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:48:33.0204 5428 Modem - ok 20:48:33.0235 5428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:48:33.0266 5428 monitor - ok 20:48:33.0298 5428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:48:33.0329 5428 mouclass - ok 20:48:33.0344 5428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:48:33.0376 5428 mouhid - ok 20:48:33.0391 5428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:48:33.0407 5428 mountmgr - ok 20:48:33.0485 5428 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:48:33.0516 5428 MozillaMaintenance - ok 20:48:33.0547 5428 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:48:33.0563 5428 mpio - ok 20:48:33.0563 5428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:48:33.0610 5428 mpsdrv - ok 20:48:33.0890 5428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:48:33.0968 5428 MpsSvc - ok 20:48:33.0968 5428 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:48:34.0015 5428 MRxDAV - ok 20:48:34.0031 5428 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:48:34.0140 5428 mrxsmb - ok 20:48:34.0187 5428 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:48:34.0234 5428 mrxsmb10 - ok 20:48:34.0249 5428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:48:34.0280 5428 mrxsmb20 - ok 20:48:34.0312 5428 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:48:34.0312 5428 msahci - ok 20:48:34.0327 5428 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:48:34.0343 5428 msdsm - ok 20:48:34.0358 5428 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:48:34.0390 5428 MSDTC - ok 20:48:34.0405 5428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:48:34.0452 5428 Msfs - ok 20:48:34.0468 5428 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:48:34.0514 5428 mshidkmdf - ok 20:48:34.0530 5428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:48:34.0546 5428 msisadrv - ok 20:48:34.0577 5428 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:48:34.0624 5428 MSiSCSI - ok 20:48:34.0624 5428 msiserver - ok 20:48:34.0655 5428 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:48:34.0686 5428 MSKSSRV - ok 20:48:34.0717 5428 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:48:34.0748 5428 MSPCLOCK - ok 20:48:34.0764 5428 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:48:34.0811 5428 MSPQM - ok 20:48:34.0826 5428 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:48:34.0842 5428 MsRPC - ok 20:48:34.0858 5428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:48:34.0858 5428 mssmbios - ok 20:48:34.0858 5428 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:48:34.0936 5428 MSTEE - ok 20:48:34.0936 5428 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 20:48:34.0998 5428 MTConfig - ok 20:48:35.0029 5428 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:48:35.0060 5428 Mup - ok 20:48:35.0107 5428 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 20:48:35.0138 5428 MyWiFiDHCPDNS - ok 20:48:35.0170 5428 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:48:35.0248 5428 napagent - ok 20:48:35.0294 5428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:48:35.0372 5428 NativeWifiP - ok 20:48:35.0466 5428 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121015.002\ENG64.SYS 20:48:35.0482 5428 NAVENG - ok 20:48:35.0560 5428 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121015.002\EX64.SYS 20:48:35.0606 5428 NAVEX15 - ok 20:48:35.0653 5428 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:48:35.0700 5428 NDIS - ok 20:48:35.0731 5428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:48:35.0778 5428 NdisCap - ok 20:48:35.0778 5428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:48:35.0809 5428 NdisTapi - ok 20:48:35.0825 5428 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:48:35.0887 5428 Ndisuio - ok 20:48:35.0918 5428 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:48:35.0950 5428 NdisWan - ok 20:48:35.0981 5428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:48:36.0012 5428 NDProxy - ok 20:48:36.0043 5428 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:48:36.0074 5428 NetBIOS - ok 20:48:36.0090 5428 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:48:36.0121 5428 NetBT - ok 20:48:36.0137 5428 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 20:48:36.0152 5428 Netlogon - ok 20:48:36.0199 5428 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:48:36.0246 5428 Netman - ok 20:48:36.0293 5428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:48:36.0340 5428 NetMsmqActivator - ok 20:48:36.0340 5428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:48:36.0371 5428 NetPipeActivator - ok 20:48:36.0386 5428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:48:36.0449 5428 netprofm - ok 20:48:36.0449 5428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:48:36.0449 5428 NetTcpActivator - ok 20:48:36.0464 5428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:48:36.0464 5428 NetTcpPortSharing - ok 20:48:36.0667 5428 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys 20:48:36.0886 5428 NETwNs64 - ok 20:48:36.0917 5428 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:48:36.0948 5428 nfrd960 - ok 20:48:37.0120 5428 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe 20:48:37.0151 5428 NIS - ok 20:48:37.0182 5428 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:48:37.0244 5428 NlaSvc - ok 20:48:37.0260 5428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:48:37.0291 5428 Npfs - ok 20:48:37.0307 5428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:48:37.0354 5428 nsi - ok 20:48:37.0369 5428 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:48:37.0416 5428 nsiproxy - ok 20:48:37.0463 5428 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:48:37.0525 5428 Ntfs - ok 20:48:37.0525 5428 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:48:37.0572 5428 Null - ok 20:48:37.0837 5428 [ 07CA1D99512EE5EF99E954A13F3BFFA8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:48:38.0165 5428 nvlddmkm - ok 20:48:38.0180 5428 [ A8DB9EBD9887A9820DBC1878F0301EE7 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys 20:48:38.0180 5428 nvpciflt - ok 20:48:38.0227 5428 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:48:38.0258 5428 nvraid - ok 20:48:38.0290 5428 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:48:38.0305 5428 nvstor - ok 20:48:38.0352 5428 [ 9007A22A1938A9EF81CA5122121ECCD8 ] NVSvc C:\Windows\system32\nvvsvc.exe 20:48:38.0368 5428 NVSvc - ok 20:48:38.0430 5428 [ 00572C26C6DCF99362068FB7283B7126 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 20:48:38.0508 5428 nvUpdatusService - ok 20:48:38.0539 5428 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:48:38.0539 5428 nv_agp - ok 20:48:38.0555 5428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:48:38.0570 5428 ohci1394 - ok 20:48:38.0602 5428 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:48:38.0633 5428 ose - ok 20:48:38.0773 5428 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:48:38.0945 5428 osppsvc - ok 20:48:38.0976 5428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:48:39.0038 5428 p2pimsvc - ok 20:48:39.0070 5428 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:48:39.0116 5428 p2psvc - ok 20:48:39.0148 5428 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 20:48:39.0163 5428 Parport - ok 20:48:39.0194 5428 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:48:39.0226 5428 partmgr - ok 20:48:39.0241 5428 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:48:39.0272 5428 PcaSvc - ok 20:48:39.0304 5428 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:48:39.0319 5428 pci - ok 20:48:39.0335 5428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:48:39.0350 5428 pciide - ok 20:48:39.0382 5428 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:48:39.0397 5428 pcmcia - ok 20:48:39.0397 5428 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:48:39.0413 5428 pcw - ok 20:48:39.0428 5428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:48:39.0475 5428 PEAUTH - ok 20:48:39.0584 5428 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:48:39.0616 5428 PerfHost - ok 20:48:39.0678 5428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:48:39.0772 5428 pla - ok 20:48:39.0803 5428 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:48:39.0834 5428 PlugPlay - ok 20:48:39.0865 5428 PnkBstrA - ok 20:48:39.0881 5428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:48:39.0896 5428 PNRPAutoReg - ok 20:48:39.0928 5428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:48:39.0943 5428 PNRPsvc - ok 20:48:39.0959 5428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:48:40.0006 5428 PolicyAgent - ok 20:48:40.0037 5428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:48:40.0130 5428 Power - ok 20:48:40.0162 5428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:48:40.0193 5428 PptpMiniport - ok 20:48:40.0208 5428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 20:48:40.0224 5428 Processor - ok 20:48:40.0255 5428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 20:48:40.0286 5428 ProfSvc - ok 20:48:40.0302 5428 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:48:40.0318 5428 ProtectedStorage - ok 20:48:40.0349 5428 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:48:40.0396 5428 Psched - ok 20:48:40.0474 5428 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:48:40.0567 5428 ql2300 - ok 20:48:40.0567 5428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:48:40.0583 5428 ql40xx - ok 20:48:40.0614 5428 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:48:40.0630 5428 QWAVE - ok 20:48:40.0630 5428 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:48:40.0661 5428 QWAVEdrv - ok 20:48:40.0676 5428 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:48:40.0708 5428 RasAcd - ok 20:48:40.0739 5428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:48:40.0817 5428 RasAgileVpn - ok 20:48:40.0832 5428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:48:40.0879 5428 RasAuto - ok 20:48:40.0910 5428 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:48:40.0973 5428 Rasl2tp - ok 20:48:41.0020 5428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:48:41.0082 5428 RasMan - ok 20:48:41.0098 5428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:48:41.0144 5428 RasPppoe - ok 20:48:41.0160 5428 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:48:41.0207 5428 RasSstp - ok 20:48:41.0222 5428 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:48:41.0254 5428 rdbss - ok 20:48:41.0300 5428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 20:48:41.0332 5428 rdpbus - ok 20:48:41.0378 5428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:48:41.0425 5428 RDPCDD - ok 20:48:41.0441 5428 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:48:41.0472 5428 RDPENCDD - ok 20:48:41.0488 5428 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:48:41.0519 5428 RDPREFMP - ok 20:48:41.0566 5428 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:48:41.0628 5428 RDPWD - ok 20:48:41.0675 5428 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:48:41.0706 5428 rdyboost - ok 20:48:41.0784 5428 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 20:48:41.0862 5428 RegSrvc - ok 20:48:41.0893 5428 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:48:41.0940 5428 RemoteAccess - ok 20:48:41.0956 5428 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:48:42.0002 5428 RemoteRegistry - ok 20:48:42.0049 5428 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 20:48:42.0096 5428 RFCOMM - ok 20:48:42.0112 5428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:48:42.0205 5428 RpcEptMapper - ok 20:48:42.0236 5428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:48:42.0268 5428 RpcLocator - ok 20:48:42.0299 5428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 20:48:42.0330 5428 RpcSs - ok 20:48:42.0346 5428 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:48:42.0377 5428 rspndr - ok 20:48:42.0424 5428 [ E57FAC2CDB73F06586ED2ED310B80932 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys 20:48:42.0455 5428 RSUSBVSTOR - ok 20:48:42.0486 5428 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 20:48:42.0502 5428 RTL8167 - ok 20:48:42.0533 5428 [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys 20:48:42.0548 5428 s0017bus - ok 20:48:42.0564 5428 [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys 20:48:42.0564 5428 s0017mdfl - ok 20:48:42.0580 5428 [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys 20:48:42.0595 5428 s0017mdm - ok 20:48:42.0611 5428 [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys 20:48:42.0626 5428 s0017mgmt - ok 20:48:42.0642 5428 [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys 20:48:42.0658 5428 s0017nd5 - ok 20:48:42.0673 5428 [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys 20:48:42.0673 5428 s0017obex - ok 20:48:42.0704 5428 [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys 20:48:42.0720 5428 s0017unic - ok 20:48:42.0736 5428 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 20:48:42.0751 5428 SamSs - ok 20:48:42.0782 5428 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:48:42.0782 5428 sbp2port - ok 20:48:42.0814 5428 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:48:42.0845 5428 SCardSvr - ok 20:48:42.0860 5428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:48:42.0892 5428 scfilter - ok 20:48:42.0923 5428 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:48:42.0970 5428 Schedule - ok 20:48:42.0985 5428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:48:43.0016 5428 SCPolicySvc - ok 20:48:43.0016 5428 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:48:43.0063 5428 SDRSVC - ok 20:48:43.0126 5428 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 20:48:43.0157 5428 SeaPort - ok 20:48:43.0188 5428 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:48:43.0250 5428 secdrv - ok 20:48:43.0266 5428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:48:43.0328 5428 seclogon - ok 20:48:43.0344 5428 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 20:48:43.0391 5428 SENS - ok 20:48:43.0406 5428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:48:43.0438 5428 SensrSvc - ok 20:48:43.0484 5428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 20:48:43.0531 5428 Serenum - ok 20:48:43.0531 5428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 20:48:43.0578 5428 Serial - ok 20:48:43.0594 5428 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:48:43.0625 5428 sermouse - ok 20:48:43.0640 5428 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:48:43.0687 5428 SessionEnv - ok 20:48:43.0703 5428 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:48:43.0734 5428 sffdisk - ok 20:48:43.0734 5428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:48:43.0765 5428 sffp_mmc - ok 20:48:43.0765 5428 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:48:43.0796 5428 sffp_sd - ok 20:48:43.0812 5428 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 20:48:43.0859 5428 sfloppy - ok 20:48:43.0937 5428 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 20:48:43.0984 5428 Sftfs - ok 20:48:44.0062 5428 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 20:48:44.0093 5428 sftlist - ok 20:48:44.0108 5428 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 20:48:44.0124 5428 Sftplay - ok 20:48:44.0140 5428 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 20:48:44.0140 5428 Sftredir - ok 20:48:44.0155 5428 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 20:48:44.0171 5428 Sftvol - ok 20:48:44.0171 5428 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 20:48:44.0186 5428 sftvsa - ok 20:48:44.0218 5428 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:48:44.0264 5428 SharedAccess - ok 20:48:44.0311 5428 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:48:44.0389 5428 ShellHWDetection - ok 20:48:44.0436 5428 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys 20:48:44.0483 5428 SiSGbeLH - ok 20:48:44.0514 5428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 20:48:44.0530 5428 SiSRaid2 - ok 20:48:44.0530 5428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:48:44.0545 5428 SiSRaid4 - ok 20:48:44.0670 5428 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 20:48:44.0701 5428 SkypeUpdate - ok 20:48:44.0717 5428 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:48:44.0764 5428 Smb - ok 20:48:44.0795 5428 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:48:44.0826 5428 SNMPTRAP - ok 20:48:44.0842 5428 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:48:44.0857 5428 spldr - ok 20:48:44.0888 5428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 20:48:44.0935 5428 Spooler - ok 20:48:45.0013 5428 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:48:45.0169 5428 sppsvc - ok 20:48:45.0185 5428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:48:45.0232 5428 sppuinotify - ok 20:48:45.0325 5428 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS 20:48:45.0388 5428 SRTSP - ok 20:48:45.0466 5428 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS 20:48:45.0481 5428 SRTSPX - ok 20:48:45.0512 5428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 20:48:45.0590 5428 srv - ok 20:48:45.0606 5428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:48:45.0637 5428 srv2 - ok 20:48:45.0653 5428 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:48:45.0684 5428 srvnet - ok 20:48:45.0731 5428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:48:45.0778 5428 SSDPSRV - ok 20:48:45.0793 5428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:48:45.0856 5428 SstpSvc - ok 20:48:45.0871 5428 Steam Client Service - ok 20:48:45.0902 5428 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 20:48:45.0902 5428 stexstor - ok 20:48:45.0949 5428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:48:45.0996 5428 stisvc - ok 20:48:46.0012 5428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:48:46.0012 5428 swenum - ok 20:48:46.0043 5428 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:48:46.0090 5428 swprv - ok 20:48:46.0121 5428 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS 20:48:46.0136 5428 SymDS - ok 20:48:46.0199 5428 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS 20:48:46.0277 5428 SymEFA - ok 20:48:46.0308 5428 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 20:48:46.0308 5428 SymEvent - ok 20:48:46.0339 5428 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS 20:48:46.0355 5428 SymIRON - ok 20:48:46.0402 5428 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS 20:48:46.0417 5428 SymNetS - ok 20:48:46.0480 5428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:48:46.0542 5428 SysMain - ok 20:48:46.0558 5428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:48:46.0589 5428 TabletInputService - ok 20:48:46.0589 5428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:48:46.0651 5428 TapiSrv - ok 20:48:46.0682 5428 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:48:46.0714 5428 TBS - ok 20:48:46.0760 5428 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:48:46.0823 5428 Tcpip - ok 20:48:46.0838 5428 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:48:46.0870 5428 TCPIP6 - ok 20:48:46.0885 5428 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:48:46.0932 5428 tcpipreg - ok 20:48:46.0948 5428 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:48:46.0963 5428 TDPIPE - ok 20:48:46.0994 5428 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:48:47.0026 5428 TDTCP - ok 20:48:47.0041 5428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:48:47.0072 5428 tdx - ok 20:48:47.0088 5428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:48:47.0104 5428 TermDD - ok 20:48:47.0135 5428 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:48:47.0182 5428 TermService - ok 20:48:47.0182 5428 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:48:47.0213 5428 Themes - ok 20:48:47.0244 5428 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:48:47.0275 5428 THREADORDER - ok 20:48:47.0291 5428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:48:47.0353 5428 TrkWks - ok 20:48:47.0400 5428 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:48:47.0525 5428 TrustedInstaller - ok 20:48:47.0556 5428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:48:47.0618 5428 tssecsrv - ok 20:48:47.0634 5428 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:48:47.0696 5428 TsUsbFlt - ok 20:48:47.0696 5428 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 20:48:47.0728 5428 TsUsbGD - ok 20:48:47.0759 5428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:48:47.0821 5428 tunnel - ok 20:48:47.0852 5428 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 20:48:47.0852 5428 TurboB - ok 20:48:47.0930 5428 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 20:48:47.0962 5428 TurboBoost - ok 20:48:47.0962 5428 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:48:47.0977 5428 uagp35 - ok 20:48:48.0008 5428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:48:48.0071 5428 udfs - ok 20:48:48.0102 5428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:48:48.0133 5428 UI0Detect - ok 20:48:48.0180 5428 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:48:48.0211 5428 uliagpkx - ok 20:48:48.0242 5428 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:48:48.0258 5428 umbus - ok 20:48:48.0289 5428 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 20:48:48.0320 5428 UmPass - ok 20:48:48.0352 5428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:48:48.0414 5428 upnphost - ok 20:48:48.0461 5428 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:48:48.0523 5428 usbccgp - ok 20:48:48.0554 5428 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:48:48.0617 5428 usbcir - ok 20:48:48.0648 5428 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 20:48:48.0664 5428 usbehci - ok 20:48:48.0695 5428 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:48:48.0726 5428 usbhub - ok 20:48:48.0742 5428 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:48:48.0757 5428 usbohci - ok 20:48:48.0757 5428 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 20:48:48.0804 5428 usbprint - ok 20:48:48.0820 5428 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:48:48.0882 5428 USBSTOR - ok 20:48:48.0913 5428 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 20:48:48.0960 5428 usbuhci - ok 20:48:49.0007 5428 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 20:48:49.0022 5428 usbvideo - ok 20:48:49.0054 5428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:48:49.0100 5428 UxSms - ok 20:48:49.0116 5428 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 20:48:49.0132 5428 VaultSvc - ok 20:48:49.0194 5428 [ BA20A718E25228B9D69D72E4F19EDEB5 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys 20:48:49.0225 5428 VBoxDrv - ok 20:48:49.0288 5428 [ 48630B4530C80AAF3DDE9633E4291D8C ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 20:48:49.0303 5428 VBoxNetAdp - ok 20:48:49.0350 5428 [ 8B86A00D13E2DCBFE320061F3435FAFF ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 20:48:49.0381 5428 VBoxNetFlt - ok 20:48:49.0428 5428 [ CEC73CEA22B7258C0A8F2354DC49D25C ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 20:48:49.0444 5428 VBoxUSBMon - ok 20:48:49.0459 5428 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:48:49.0475 5428 vdrvroot - ok 20:48:49.0506 5428 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:48:49.0553 5428 vds - ok 20:48:49.0568 5428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:48:49.0584 5428 vga - ok 20:48:49.0600 5428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:48:49.0631 5428 VgaSave - ok 20:48:49.0631 5428 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:48:49.0646 5428 vhdmp - ok 20:48:49.0646 5428 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:48:49.0646 5428 viaide - ok 20:48:49.0678 5428 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:48:49.0678 5428 volmgr - ok 20:48:49.0693 5428 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:48:49.0693 5428 volmgrx - ok 20:48:49.0724 5428 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:48:49.0740 5428 volsnap - ok 20:48:49.0771 5428 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:48:49.0787 5428 vsmraid - ok 20:48:49.0849 5428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:48:49.0974 5428 VSS - ok 20:48:49.0990 5428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 20:48:50.0021 5428 vwifibus - ok 20:48:50.0036 5428 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 20:48:50.0068 5428 vwififlt - ok 20:48:50.0099 5428 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 20:48:50.0146 5428 vwifimp - ok 20:48:50.0192 5428 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:48:50.0270 5428 W32Time - ok 20:48:50.0286 5428 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:48:50.0333 5428 WacomPen - ok 20:48:50.0364 5428 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:48:50.0426 5428 WANARP - ok 20:48:50.0442 5428 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:48:50.0458 5428 Wanarpv6 - ok 20:48:50.0536 5428 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 20:48:50.0598 5428 WatAdminSvc - ok 20:48:50.0660 5428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:48:50.0754 5428 wbengine - ok 20:48:50.0754 5428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:48:50.0785 5428 WbioSrvc - ok 20:48:50.0785 5428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:48:50.0832 5428 wcncsvc - ok 20:48:50.0848 5428 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:48:50.0894 5428 WcsPlugInService - ok 20:48:50.0926 5428 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 20:48:50.0941 5428 Wd - ok 20:48:50.0957 5428 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:48:50.0988 5428 Wdf01000 - ok 20:48:51.0019 5428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:48:51.0175 5428 WdiServiceHost - ok 20:48:51.0175 5428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:48:51.0206 5428 WdiSystemHost - ok 20:48:51.0222 5428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:48:51.0253 5428 WebClient - ok 20:48:51.0253 5428 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:48:51.0300 5428 Wecsvc - ok 20:48:51.0316 5428 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:48:51.0347 5428 wercplsupport - ok 20:48:51.0378 5428 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:48:51.0425 5428 WerSvc - ok 20:48:51.0440 5428 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:48:51.0472 5428 WfpLwf - ok 20:48:51.0534 5428 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 20:48:51.0581 5428 WimFltr - ok 20:48:51.0596 5428 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:48:51.0612 5428 WIMMount - ok 20:48:51.0628 5428 WinDefend - ok 20:48:51.0643 5428 WinHttpAutoProxySvc - ok 20:48:51.0706 5428 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:48:51.0784 5428 Winmgmt - ok 20:48:51.0862 5428 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:48:51.0971 5428 WinRM - ok 20:48:52.0033 5428 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:48:52.0080 5428 WinUsb - ok 20:48:52.0111 5428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:48:52.0174 5428 Wlansvc - ok 20:48:52.0205 5428 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 20:48:52.0220 5428 wlcrasvc - ok 20:48:52.0361 5428 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:48:52.0439 5428 wlidsvc - ok 20:48:52.0470 5428 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 20:48:52.0501 5428 WmiAcpi - ok 20:48:52.0517 5428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:48:52.0548 5428 wmiApSrv - ok 20:48:52.0579 5428 WMPNetworkSvc - ok 20:48:52.0595 5428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:48:52.0642 5428 WPCSvc - ok 20:48:52.0657 5428 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:48:52.0688 5428 WPDBusEnum - ok 20:48:52.0704 5428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:48:52.0766 5428 ws2ifsl - ok 20:48:52.0782 5428 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 20:48:52.0813 5428 wscsvc - ok 20:48:52.0813 5428 WSearch - ok 20:48:52.0891 5428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:48:53.0000 5428 wuauserv - ok 20:48:53.0000 5428 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:48:53.0047 5428 WudfPf - ok 20:48:53.0094 5428 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:48:53.0141 5428 WUDFRd - ok 20:48:53.0172 5428 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:48:53.0234 5428 wudfsvc - ok 20:48:53.0250 5428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:48:53.0281 5428 WwanSvc - ok 20:48:53.0359 5428 ================ Scan global =============================== 20:48:53.0390 5428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:48:53.0422 5428 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 20:48:53.0437 5428 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 20:48:53.0484 5428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:48:53.0515 5428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:48:53.0531 5428 [Global] - ok 20:48:53.0531 5428 ================ Scan MBR ================================== 20:48:53.0546 5428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 20:48:54.0077 5428 \Device\Harddisk0\DR0 - ok 20:48:54.0077 5428 ================ Scan VBR ================================== 20:48:54.0077 5428 [ BF59654C36CBDF50B9E7154162CEAD4A ] \Device\Harddisk0\DR0\Partition1 20:48:54.0077 5428 \Device\Harddisk0\DR0\Partition1 - ok 20:48:54.0108 5428 [ B262BD1D32DB63179AA1134682B7239B ] \Device\Harddisk0\DR0\Partition2 20:48:54.0124 5428 \Device\Harddisk0\DR0\Partition2 - ok 20:48:54.0124 5428 ============================================================ 20:48:54.0124 5428 Scan finished 20:48:54.0124 5428 ============================================================ 20:48:54.0139 2036 Detected object count: 1 20:48:54.0139 2036 Actual detected object count: 1 20:49:06.0510 2036 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 20:49:06.0510 2036 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip |
16.10.2012, 10:07 | #21 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Österreichischer Polizei Virus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Österreichischer Polizei Virus |
16.10.2012, 16:21 | #22 |
| Österreichischer Polizei Virus Hallo, die ComboFix.txt: Code:
ATTFilter ComboFix 12-10-16.02 - Michael 16.10.2012 16:57:44.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.6055.4204 [GMT 2:00] ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\programdata\Roaming c:\programdata\ssrsc.pad c:\users\Public\sdelevURL.tmp c:\windows\iun6002.exe c:\windows\msvcr71.dll c:\windows\SysWow64\tmp7D69.tmp c:\windows\SysWow64\tmp7D89.tmp D:\install.exe . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NVSvc . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-16 bis 2012-10-16 )))))))))))))))))))))))))))))) . . 2012-10-13 20:51 . 2012-10-13 20:51 -------- d-----w- c:\program files (x86)\ESET 2012-10-12 21:11 . 2012-10-12 21:11 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes 2012-10-12 21:11 . 2012-10-12 21:11 -------- d-----w- c:\programdata\Malwarebytes 2012-10-12 21:10 . 2012-10-12 21:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-12 21:10 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-12 20:52 . 2012-10-12 21:00 -------- d-----w- c:\users\Michael\AppData\Local\NPE 2012-10-02 06:22 . 2012-10-16 06:00 -------- d-----w- c:\windows\system32\drivers\NISx64\1309000.009 2012-09-26 13:04 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-26 07:22 . 2012-09-26 07:22 -------- d-----w- c:\users\Michael\AppData\Roaming\IsolatedStorage 2012-09-26 07:22 . 2012-09-26 07:22 -------- d-----w- c:\users\Michael\AppData\Roaming\Accelrys 2012-09-25 06:21 . 2012-09-25 06:21 -------- d-----w- c:\users\Michael\AppData\Local\Axialis 2012-09-23 17:42 . 2012-09-23 17:42 -------- d-----w- c:\users\Michael\AppData\Local\Macromedia 2012-09-22 20:11 . 2012-09-22 20:11 289768 ----a-w- c:\windows\system32\javaws.exe 2012-09-22 20:11 . 2012-09-22 20:11 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-09-21 19:02 . 2012-09-21 19:02 -------- d-----w- c:\users\Michael\AppData\Roaming\SynthMaker 2012-09-17 20:52 . 2012-09-17 20:52 -------- d-----w- c:\users\Michael\AppData\Roaming\XRay Engine . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-16 15:07 . 2011-12-24 20:20 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-10-05 07:47 . 2011-12-25 12:22 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-09-22 20:11 . 2012-01-03 10:57 189416 ----a-w- c:\windows\system32\javaw.exe 2012-09-22 20:11 . 2012-08-03 15:23 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-22 20:11 . 2012-01-03 10:57 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-22 20:11 . 2012-01-03 10:57 188904 ----a-w- c:\windows\system32\java.exe 2012-09-22 20:10 . 2012-03-30 18:54 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-22 20:10 . 2012-01-01 15:34 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-22 18:12 . 2012-09-12 19:07 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 19:07 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 19:07 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 19:07 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 23:01 . 2012-05-08 18:00 405152 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll 2012-08-20 17:38 . 2012-10-10 18:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-02 17:58 . 2012-09-12 19:07 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-08-02 16:57 . 2012-09-12 19:07 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-07-26 16:37 . 2012-01-05 19:09 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-07-26 16:37 . 2012-01-05 19:06 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-07-25 13:55 . 2012-01-05 19:06 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-07-22 12:33 . 2012-01-05 19:06 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-07-21 21:46 . 2012-07-21 21:58 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe 2012-07-18 18:15 . 2012-08-15 18:46 3148800 ----a-w- c:\windows\system32\win32k.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-10-01 640376] . c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920] R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704] R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496] R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616] R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160] R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856] R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552] R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-25 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-07-25 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-29 283200] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121012.001\IDSvia64.sys [2012-09-01 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344] S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 08:50] . 2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 08:50] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "EvtMgr6"="d:\program files (x86)\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.at/ mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 10.1.8.1:3128 IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Free YouTube to MP3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ryzkgqji.default\ FF - prefs.js: browser.startup.homepage - http:/www.google.at FF - ExtSQL: 2012-08-22 20:29; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ryzkgqji.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd AddRemove-BattlEye A2 Free - d:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe AddRemove-Super Mario World Flash - d:\program files (x86)\Super Mario World Flash\Uninstal.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1167183996-2461493483-177166186-1001\Software\SecuROM\License information*] "datasecu"=hex:27,12,e3,d2,eb,ae,79,25,40,39,05,f6,54,78,6c,20,e0,cc,c7,fe,5e, 72,bc,5f,58,c5,14,2d,0b,b1,03,b7,1a,95,72,4f,8b,8f,9a,ca,8c,a6,86,1a,7d,9f,\ "rkeysecu"=hex:b2,c9,d4,f2,4a,e0,30,36,b6,2d,cc,15,3a,7d,91,e9 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\windows\AsScrPro.exe c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-10-16 17:13:05 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-10-16 15:13 . Vor Suchlauf: 11 Verzeichnis(se), 196.720.881.664 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 198.358.237.184 Bytes frei . - - End Of File - - FFD52474B620A1CF700DE9F51B7D2712 |
17.10.2012, 12:42 | #23 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Österreichischer Polizei Virus Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
19.10.2012, 16:26 | #24 |
| Österreichischer Polizei Virus Hallo, die Logs von GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-10-19 16:57:53 Windows 6.1.7601 Service Pack 1 Running: 3r79lg31.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd507fd5 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd507fd5@10b7f6006bdd 0xBB 0x77 0x31 0xF1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd507fd5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd507fd5@10b7f6006bdd 0xBB 0x77 0x31 0xF1 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:03:42 on 19.10.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Pando" - "Pando Networks" - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASMMAP64" (ASMMAP64) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys "ATKWMIACPI Driver" (ATKWMIACPIIO) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys "BHDrvx64" (BHDrvx64) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx64.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "EagleX64" (EagleX64) - ? - C:\Windows\system32\drivers\EagleX64.sys (File not found) "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "IDSVia64" (IDSVia64) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121018.001\IDSvia64.sys "NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121018.021\ENG64.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121018.021\EX64.SYS "Norton Internet Security Settings Manager" (ccSet_NIS) - "Symantec Corporation" - C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys "Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys "Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys "Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys "Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NISx64\1309000.009\SYMDS64.SYS "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NISx64\1309000.009\SYMEFA64.SYS "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS "Symantec Network Security WFP Driver" (SymNetS) - "Symantec Corporation" - C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS "Symantec Real Time Storage Protection (PEL) x64" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS "Symantec Real Time Storage Protection x64" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT64x86.SYS "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout64" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll Locked "Locked" - ? - (File not found | COM-object registry key not found) {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL {11111111-1111-1111-1111-110011041198} "RewardsArcade" - ? - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (File not found) {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "AsusVibeLauncher.lnk" - ? - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ASUSPRP" - "ASUSTek Computer Inc." - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "ASUSWebStorage" - "ecareme" - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S "ATKMEDIA" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe "ATKOSD2" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe "HControlUser" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe "Nuance PDF Reader-reminder" - "Nuance Communications, Inc." - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" "SonicMasterTray" - "Virage Logic Corporation / Sonic Focus" - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe "UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" "Wireless Console 3" - ? - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "AFBAgent" (AFBAgent) - "ASUSTeK Computer Inc." - C:\Windows\system32\FBAgent.exe "Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe "Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe "ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "ATKGFNEX Service" (ATKGFNEXSrv) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE "Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE "Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "Intel(R) Turbo Boost Technology Monitor" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File not found) "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "Wireless PAN DHCP Server" (MyWiFiDHCPDNS) - ? - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-19 17:19:02 ----------------------------- 17:19:02.654 OS Version: Windows x64 6.1.7601 Service Pack 1 17:19:02.654 Number of processors: 4 586 0x2A07 17:19:02.654 ComputerName: MICHAEL_LAPTOP UserName: Michael 17:19:04.004 Initialize success 17:19:10.024 AVAST engine defs: 12101900 17:19:14.444 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 17:19:14.444 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3 17:19:14.474 Disk 0 MBR read successfully 17:19:14.474 Disk 0 MBR scan 17:19:14.484 Disk 0 Windows 7 default MBR code 17:19:14.484 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048 17:19:14.504 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848 17:19:14.534 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403641 MB offset 638488576 17:19:14.574 Disk 0 scanning C:\Windows\system32\drivers 17:19:25.394 Service scanning 17:19:53.905 Modules scanning 17:19:53.915 Disk 0 trace - called modules: 17:19:53.965 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 17:19:53.985 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800691e060] 17:19:53.995 3 CLASSPNP.SYS[fffff88000fad43f] -> nt!IofCallDriver -> [0xfffffa80062d6e40] 17:19:54.005 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062da050] 17:19:54.015 Scan finished successfully 17:21:27.869 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat" 17:21:27.869 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt" |
21.10.2012, 10:25 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Österreichischer Polizei Virus Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
21.10.2012, 18:55 | #26 |
| Österreichischer Polizei Virus Hallo, die Logs von Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.21.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michael :: MICHAEL_LAPTOP [Administrator] 21.10.2012 12:53:30 mbam-log-2012-10-21 (12-53-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 514985 Laufzeit: 2 Stunde(n), 14 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 10/21/2012 at 07:51 PM Application Version : 5.6.1012 Core Rules Database Version : 9446 Trace Rules Database Version: 7258 Scan type : Complete Scan Total Scan Time : 02:30:20 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Administrator Memory items scanned : 736 Memory threats detected : 0 Registry items scanned : 78510 Registry threats detected : 0 File items scanned : 276465 File threats detected : 455 Adware.Tracking Cookie C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@account.norton[1].txt [ /account.norton ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\MN4Q2SFO.txt [ /collective-media.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\V1STCQ2H.txt [ /ad.modellismo.it ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\BL6DTI43.txt [ /mediaplex.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\VYFFVE6O.txt [ /ad.beepworld.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\9NMH1IEG.txt [ /www.googleadservices.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\9U6O0PPG.txt [ /maniapub.trackmania.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\0EEIE6KF.txt [ /maniahome.trackmania.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\M39TWQC9.txt [ /invitemedia.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\G0CQXWS3.txt [ /webmasterplan.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\YDOPTXCJ.txt [ /ads.creative-serving.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\UXCDXTWE.txt [ /tomtailor.dyntracker.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\EUDB5TL4.txt [ /ad.zanox.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\POTN7Y2Q.txt [ /server.adformdsp.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\J94JPB79.txt [ /openstat.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\2HF0CNSD.txt [ /ad.adc-serv.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\ZPD3WOXE.txt [ /ads.net2day.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\RWJOSV28.txt [ /amazon-adsystem.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\NY7ERHHV.txt [ /kontera.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\SLIAUZHT.txt [ /ad.yieldmanager.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\LSB0ABZB.txt [ /doubleclick.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\DF7NN8N2.txt [ /ad2.adfarm1.adition.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\KURUULJD.txt [ /zanox.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\WTFZ0JRQ.txt [ /revsci.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\HV1TIPD6.txt [ /imrworldwide.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\ZN1UG2T9.txt [ /ru4.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\VK28BY8P.txt [ /splash.trackmania.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\DAY831QQ.txt [ /www.googleadservices.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\67VLKGHC.txt [ /ad.360yield.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\VODTAUW0.txt [ /ads2.net2day.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\YF97G5K5.txt [ /im.banner.t-online.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\ST3JE8H0.txt [ /adx.chip.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\NP2Q8SID.txt [ /serving-sys.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\YJ5K41IP.txt [ /ad1.adfarm1.adition.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\5KMKMQSN.txt [ /ad.124-template.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\5P8XYNLV.txt [ /tracker.vinsight.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\OD17Z7D9.txt [ /ad3.adfarm1.adition.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\K3UKPOTW.txt [ /explore.trackmania.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\53090Q7V.txt [ /maniapub.trackmania.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\FFYCE39I.txt [ /www.etracker.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\5DE4BX2O.txt [ /ad.adnet.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\QAO7A2R8.txt [ /ad.ad-srv.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\M92YTIHR.txt [ /maniahome.trackmania.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\H5HB9X2G.txt [ /adtech.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\SIN2DASD.txt [ /ads.pubmatic.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\P0V9N68V.txt [ /adform.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\73EQSJXS.txt [ /clickfuse.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\006701U5.txt [ /7.rotator.wigetmedia.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\DXJ2RQA2.txt [ /accounts.google.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\T0U4QJPY.txt [ /track.adform.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\FH2GHZ1D.txt [ /elitegamers.biz ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\P09LXLMT.txt [ /adformdsp.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\NG9P4NNK.txt [ /atdmt.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\9652Q7NF.txt [ /adx2.chip.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\7HBXPJTI.txt [ /bs.serving-sys.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\D7B1C9NB.txt [ /stat.dealtime.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\UUSH7O8P.txt [ /eas.apm.emediate.eu ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\BMT6X0FX.txt [ /ww251.smartadserver.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\2EXLPLIS.txt [ /adbrite.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\OR57ZLHS.txt [ /ads1.ministerial5.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\IH8YKUAR.txt [ /fastclick.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\TSUVEBEC.txt [ /etargetnet.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\V4PXD7JB.txt [ /adserver.directcorp.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\JZK6VABB.txt [ /lucidmedia.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\LEONZAX8.txt [ /www.googleadservices.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\L52G1YN3.txt [ /c.atdmt.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\PEPBQ6A3.txt [ /zanox-affiliate.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\BBZGQ4RU.txt [ /xiti.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\HFT2SS37.txt [ /yadro.ru ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\R7137KT1.txt [ /a.revenuemax.de ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\TRI1CG33.txt [ /edsa.122.2o7.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\2XJXGSHA.txt [ /2o7.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\APVW7DQ1.txt [ /daimlerag.122.2o7.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\GAA4RWCZ.txt [ /casalemedia.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\CMDQU1HW.txt [ /tribalfusion.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\H22AM08G.txt [ /apmebf.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Z5OJKVUB.txt [ /adfarm1.adition.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\LSZ7G23U.txt [ /eas4.emediate.eu ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\MVLYVPJR.txt [ /advertising.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\V18SOPVX.txt [ /de.sitestat.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\AEES0WBQ.txt [ /tradedoubler.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\LO0WWLJF.txt [ /server.adform.net ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\UM7JRV9U.txt [ /adxpose.com ] C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\KYYK0GAZ.txt [ /questionmarket.com ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\VTFDZPN4.txt [ Cookie:michael@clkads.com/adServe ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\7OL4QH9Q.txt [ Cookie:michael@clkads.com/adServe/banners ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ERVYXKR.txt [ Cookie:michael@counter-strike.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CV1QYA2E.txt [ Cookie:michael@media.superillu.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\C5Y6PGD4.txt [ Cookie:michael@webmasterplan.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1UWRDE9.txt [ Cookie:michael@eas.apm.emediate.eu/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GT3Q8IA6.txt [ Cookie:michael@counter-strike.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\WO1J5BXG.txt [ Cookie:michael@track.effiliation.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YWRXVO7Z.txt [ Cookie:michael@accounts.youtube.com/accounts ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EIAYP3OQ.txt [ Cookie:michael@track.effiliation.com/servlet/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0O2IU12F.txt [ Cookie:michael@butlers.traffective-tracking.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\I9XMDU0Y.txt [ Cookie:michael@amazon-adsystem.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NWWFXFND.txt [ Cookie:michael@zanox-affiliate.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\KX96ZUQF.txt [ Cookie:michael@glamour.com/appjs/stats/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4WPLQB5Y.txt [ Cookie:michael@lfstmedia.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IOSYJ5U9.txt [ Cookie:michael@ad.zanox.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OHFQMEVS.txt [ Cookie:michael@zanox.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HG68XS9F.txt [ Cookie:michael@imrworldwide.com/cgi-bin ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9BCEEW23.txt [ Cookie:michael@ad.adserver01.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\R1MO64JE.txt [ Cookie:michael@7.rotator.wigetmedia.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4MYWKJ81.txt [ Cookie:michael@elitepvpers.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q4LIGFII.txt [ Cookie:michael@www.google.com/accounts ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BLU4QGTE.txt [ Cookie:michael@uk.sitestat.com/future/pcgamer/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NQCCJUPJ.txt [ Cookie:michael@clicksor.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3R6VMQCG.txt [ Cookie:michael@ad.adnet.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYRH5CMT.txt [ Cookie:michael@www.qsstats.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XMVYZTDV.txt [ Cookie:michael@eas4.emediate.eu/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\U4EYT13N.txt [ Cookie:michael@www.google.at/accounts ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9RWU7RPO.txt [ Cookie:michael@adxpose.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PUWG2ALK.txt [ Cookie:michael@interclick.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8DN1EGUA.txt [ Cookie:michael@adform.net/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2J3FL0PP.txt [ Cookie:michael@accounts.google.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\FK70SBAS.txt [ Cookie:michael@uk.sitestat.com/future/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HSOVYF5E.txt [ Cookie:michael@www.elitepvpers.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6LH5AYSE.txt [ Cookie:michael@media.photobucket.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SUIUD3PG.txt [ Cookie:michael@www.trackmania-carpark.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\D8O6TK1P.txt [ Cookie:michael@harrenmedianetwork.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2M1OKCVZ.txt [ Cookie:michael@lucidmedia.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NC200EGO.txt [ Cookie:michael@emediate.apmmedia.net/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2MZIBV0Z.txt [ Cookie:michael@glamour.com/images/nocount/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BSB037AH.txt [ Cookie:michael@count.asnetworks.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3CCZ6BL.txt [ Cookie:michael@livestat.derstandard.at/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GVXF15KE.txt [ Cookie:michael@partners.webmasterplan.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HKHJKYO4.txt [ Cookie:michael@server.cpmstar.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BSTH35WM.txt [ Cookie:michael@in.getclicky.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LZTDY3OV.txt [ Cookie:michael@forexyard.advertserve.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXLMJ7OS.txt [ Cookie:michael@ads2.net2day.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1OPWJB0S.txt [ Cookie:michael@im.banner.t-online.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP0Q1M3K.txt [ Cookie:michael@glamour.com/ads/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\QFRHJ53X.txt [ Cookie:michael@glamour.com/nocount/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CBJ3H1FU.txt [ Cookie:michael@ads4.net2day.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2XCCHN0.txt [ Cookie:michael@tracking.gameforge.de/track/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\VD3YH3AF.txt [ Cookie:michael@gostats.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\C63TSL8J.txt [ Cookie:michael@traffictrack.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\C5XYB5LA.txt [ Cookie:michael@mm.chitika.net/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\V0S5WXYI.txt [ Cookie:michael@008.free-counters.co.uk/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\F50JTUDI.txt [ Cookie:michael@track.visitorpath.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9A8JUVBC.txt [ Cookie:michael@www.oberon-media.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SDH9FUZK.txt [ Cookie:michael@4stats.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\A5U2HHN9.txt [ Cookie:michael@de.sitestat.com/idgcom-de/gamestar/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DX4Q79P5.txt [ Cookie:michael@pointroll.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9Y07J976.txt [ Cookie:michael@ads3.net2day.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0SWFMMZ1.txt [ Cookie:michael@dealtime.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SS8SMATF.txt [ Cookie:michael@tracking.oe24.at// ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\63XBKDK0.txt [ Cookie:michael@dc.tremormedia.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0J6D6STM.txt [ Cookie:michael@www.shefinds.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YV3J1II8.txt [ Cookie:michael@de.sitestat.com/sueddeutsche/sueddeutsche/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1HUSVLA5.txt [ Cookie:michael@www.netdebit-counter.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UDT11D6Q.txt [ Cookie:michael@o1.qnsr.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0CR7KVBD.txt [ Cookie:michael@de-fourmedia.videoplaza.tv/proxy/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5YON587P.txt [ Cookie:michael@adserver.bauforum24.biz/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YHICA8BJ.txt [ Cookie:michael@qnsr.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PN652HNQ.txt [ Cookie:michael@teufel-media.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TA5CPCCG.txt [ Cookie:michael@glucklicher-leben.de/2010/06/24/was-fuer-maennergesichter-finden-frauen-wirklich-attraktiv/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XOSHSED4.txt [ Cookie:michael@trackmania.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MFXKQKEP.txt [ Cookie:michael@ads.gamersmedia.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0H3P6TYC.txt [ Cookie:michael@ad2.medialution.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LG4940ML.txt [ Cookie:michael@www.mediamarkt.at/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PAVXBJAX.txt [ Cookie:michael@tradetracker.net/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7KUBT1PK.txt [ Cookie:michael@www.findthatfile.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4RUJJBC8.txt [ Cookie:michael@zanox.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OK2TZDQC.txt [ Cookie:michael@legolas-media.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWRZV8TI.txt [ Cookie:michael@trackmania-carpark.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\V41NHPVF.txt [ Cookie:michael@banner.testberichte.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8APHA1G0.txt [ Cookie:michael@adserverc.acc-hd.de/adserver/itag/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DZXKJXD5.txt [ Cookie:michael@adverticum.net/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7ZC8R2SW.txt [ Cookie:michael@delivery.way2traffic.com/campaign=2068/view/14410 ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3YB966JZ.txt [ Cookie:michael@navtracks.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\AY3O3TSR.txt [ Cookie:michael@quartermedia.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\X603LM9V.txt [ Cookie:michael@ads.gamesbannernet.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\N8XY3B1P.txt [ Cookie:michael@adserver.doccheck.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKH6D7L6.txt [ Cookie:michael@e-2dj6wjliuncpwfp.stats.esomniture.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y9Z7JB6P.txt [ Cookie:michael@ero-advertising.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SWTNO1FD.txt [ Cookie:michael@account.norton.com/amsweb/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PODFIWAQ.txt [ Cookie:michael@www.conversiontrackingsystem.com/overlay/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DHRL27FM.txt [ Cookie:michael@www.usenext.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OE5WS3ZG.txt [ Cookie:michael@server.adform.net/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RYUZB6KA.txt [ Cookie:michael@eyewonder.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XU94Q4AZ.txt [ Cookie:michael@zbox.zanox.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PZRKYDT7.txt [ Cookie:michael@de.sitestat.com/idgcom-de/projekt2/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EONLWV3W.txt [ Cookie:michael@adserver.strategyinformer.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\URPF9SN4.txt [ Cookie:michael@histats.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9U3FQL27.txt [ Cookie:michael@www.downloadfilecrack.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6MBRCX68.txt [ Cookie:michael@delivery.way2traffic.com/tracker=858/track ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TS78KW8G.txt [ Cookie:michael@www.directadvert.ru/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TSEHMZ26.txt [ Cookie:michael@tomtailor.dyntracker.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MRVSSF9Q.txt [ Cookie:michael@delivery.way2traffic.com/campaign=2068 ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TCPBLV0K.txt [ Cookie:michael@www.republicofadvertising.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EA62HWEX.txt [ Cookie:michael@mh.motorpresse-statistik.de/track/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CSC3PZ04.txt [ Cookie:michael@sniperelitev2.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\N87CJO52.txt [ Cookie:michael@clickcash.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\AD1D89P3.txt [ Cookie:michael@ad6media.fr/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LXFQL7GV.txt [ Cookie:michael@games.mediamarkt.at/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3K6VU13V.txt [ Cookie:michael@track.adjal.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RBQHR88N.txt [ Cookie:michael@delivery.way2traffic.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RT6LEVFN.txt [ Cookie:michael@saymedia.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1X4RPBWU.txt [ Cookie:michael@sniperelitev2.com/de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GRUR68N1.txt [ Cookie:michael@directadvert.ru/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PZUF3O63.txt [ Cookie:michael@adx.roodo.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UTA09ZDE.txt [ Cookie:michael@easy-web-stats.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\63MFZYLY.txt [ Cookie:michael@adsonar.com/adserving ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EDO39L0L.txt [ Cookie:michael@ads1.moonchildmedia.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\C2FHJW2N.txt [ Cookie:michael@adserver.nsadev.net/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\K7M9YBBK.txt [ Cookie:michael@count.primawebtools.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RIYHQUHI.txt [ Cookie:michael@google.com/accounts/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UC43H9MI.txt [ Cookie:michael@server.adformdsp.net/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MFMXUC05.txt [ Cookie:michael@adnetwork.net/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4I4SB4AZ.txt [ Cookie:michael@www.mediafire.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\W4DSJDU5.txt [ Cookie:michael@c.gigcount.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJ0G943Z.txt [ Cookie:michael@www.moviepilot.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPL7AZ8T.txt [ Cookie:michael@www.antwortenfinden.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z705LO91.txt [ Cookie:michael@sexmedpedia.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\66DUJXAM.txt [ Cookie:michael@adserver.gb5.motorpresse.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4PZRGB28.txt [ Cookie:michael@de.sitestat.com/idgcom-de/tecchannel/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HCFCX0N5.txt [ Cookie:michael@adserver.ps3m.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TUD047GK.txt [ Cookie:michael@clkads.com/adServe ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9GMXZ4SX.txt [ Cookie:michael@de.sitestat.com/ndr/ndr/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\L6FLQD5F.txt [ Cookie:michael@tracking.trafficcaptain.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\F35U2DNG.txt [ Cookie:michael@engine.letsstat.nl/core/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PICXHBWF.txt [ Cookie:michael@etargetnet.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\AHRGB3I1.txt [ Cookie:michael@tracking.mobile.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1LAXTICQ.txt [ Cookie:michael@my-adserver.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GY88ED9C.txt [ Cookie:michael@indieclick.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3N1XP0DE.txt [ Cookie:michael@unister-adservices.com/campaign/conversion/22 ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\WDKZJ6HW.txt [ Cookie:michael@otclick-adv.ru/core ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2K6LVPNV.txt [ Cookie:michael@stats.vertriebsassistent.de/track/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UUGGGMKJ.txt [ Cookie:michael@clkads.com/adServe/banners ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SDBDZG47.txt [ Cookie:michael@tracking.affiliates.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\AGFV57CE.txt [ Cookie:michael@accounts.google.com/o ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3AUZK03X.txt [ Cookie:michael@tracking1.aleadpay.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\K1V432U0.txt [ Cookie:michael@banner.lv.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BN1404JE.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1051120015/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2GS2A9TJ.txt [ Cookie:michael@eas3.emediate.se/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\K98VY2KI.txt [ Cookie:michael@adformdsp.net/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\KJUZH4VF.txt [ Cookie:michael@rts.pgmediaserve.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\J65UK39K.txt [ Cookie:michael@geoadserving.coffeetree.info/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8M8X1MX5.txt [ Cookie:michael@optimize.indieclick.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\60AB8QJX.txt [ Cookie:michael@stats.yme.com/dcsmm6y3q0000004zhgx8uuaa_9g7g ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7E1VURBJ.txt [ Cookie:michael@adinterax.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\11283MHM.txt [ Cookie:michael@e-2dj6wjnygpcjmco.stats.esomniture.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\K4O5LHGO.txt [ Cookie:michael@moviepilot.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\P1F0BNU1.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1072534660/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\G060V2Z3.txt [ Cookie:michael@adserver.yopi.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3IJVYMGF.txt [ Cookie:michael@www.nextag.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PSZ1CE8K.txt [ Cookie:michael@cnzz.mmstat.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1DZTBVKE.txt [ Cookie:michael@fr.sitestat.com/eurosport/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\AR1RL29P.txt [ Cookie:michael@mmstat.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SFBYOA1Z.txt [ Cookie:michael@rihannanudesextape.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZFYJGR12.txt [ Cookie:michael@openx.mediasense.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DT8V8Q5E.txt [ Cookie:michael@mediathek.daserste.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NLGPK9D6.txt [ Cookie:michael@imagevenue.advertserve.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DDLIHOUS.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1016525333/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\X1PTH4VA.txt [ Cookie:michael@fr.sitestat.com/eurosport/yahoode/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XSAMFFFE.txt [ Cookie:michael@nextag.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\05FWVCFY.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1067886644/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3LISDWIP.txt [ Cookie:michael@a.intentmedia.net/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9MYX3QUT.txt [ Cookie:michael@adserver.sevenload.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCPQU8DZ.txt [ Cookie:michael@urbia.wwe-media.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\K50JV85F.txt [ Cookie:michael@adserver.fotografie.at/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NY50JQPC.txt [ Cookie:michael@www.maxfunadserver.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VKX48SX.txt [ Cookie:michael@www.clickclickclick.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW0QBEU1.txt [ Cookie:michael@ads1.vtxnet.ch/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JQ6FD9EH.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1072182529/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\QGCE2IGF.txt [ Cookie:michael@banner.electronic-arts.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLH6V5JO.txt [ Cookie:michael@advert.uloz.to/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BQWHEVYA.txt [ Cookie:michael@in.mydirtyhobby.com/track/PXkVAGAU/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\X8S3W0A3.txt [ Cookie:michael@elitegamers.biz/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RUPAI3NH.txt [ Cookie:michael@adx2.chip.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DGTFMB3X.txt [ Cookie:michael@geoadserve2.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\R1BKZGWD.txt [ Cookie:michael@banners.gossipcenter.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3VE61NC.txt [ Cookie:michael@impactmedia.at/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FR4P4UL.txt [ Cookie:michael@eas5.emediate.eu/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\J4OU3YQ8.txt [ Cookie:michael@intext.billboard.cz/core/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\300TDZHO.txt [ Cookie:michael@questions.technicpack.net/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BQYUT13C.txt [ Cookie:michael@nfm-adserver.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8YSWIYRW.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1072426157/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UGEWEV8.txt [ Cookie:michael@de.sitestat.com/otto-eu/at/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XA39U005.txt [ Cookie:michael@adserver.directcorp.de/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8PR2QCOV.txt [ Cookie:michael@commons.wikimedia.org/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z5W6ZF77.txt [ Cookie:michael@7.rotator.trafficbee.com/ ] C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ISMY4AM.txt [ Cookie:michael@1click-downloader.net/ ] C:\USERS\MICHAEL\Cookies\BL6DTI43.txt [ Cookie:michael@mediaplex.com/ ] C:\USERS\MICHAEL\Cookies\9NMH1IEG.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1057167729/ ] C:\USERS\MICHAEL\Cookies\0EEIE6KF.txt [ Cookie:michael@maniahome.trackmania.com/add/ ] C:\USERS\MICHAEL\Cookies\M39TWQC9.txt [ Cookie:michael@invitemedia.com/ ] C:\USERS\MICHAEL\Cookies\G0CQXWS3.txt [ Cookie:michael@webmasterplan.com/ ] C:\USERS\MICHAEL\Cookies\VTFDZPN4.txt [ Cookie:michael@clkads.com/adServe ] C:\USERS\MICHAEL\Cookies\UXCDXTWE.txt [ Cookie:michael@tomtailor.dyntracker.com/ ] C:\USERS\MICHAEL\Cookies\EUDB5TL4.txt [ Cookie:michael@ad.zanox.com/ ] C:\USERS\MICHAEL\Cookies\POTN7Y2Q.txt [ Cookie:michael@server.adformdsp.net/ ] C:\USERS\MICHAEL\Cookies\RWJOSV28.txt [ Cookie:michael@amazon-adsystem.com/ ] C:\USERS\MICHAEL\Cookies\NY7ERHHV.txt [ Cookie:michael@kontera.com/ ] C:\USERS\MICHAEL\Cookies\LSB0ABZB.txt [ Cookie:michael@doubleclick.net/ ] C:\USERS\MICHAEL\Cookies\7OL4QH9Q.txt [ Cookie:michael@clkads.com/adServe/banners ] C:\USERS\MICHAEL\Cookies\KURUULJD.txt [ Cookie:michael@zanox.com/ ] C:\USERS\MICHAEL\Cookies\michael@account.norton[1].txt [ Cookie:michael@account.norton.com/ ] C:\USERS\MICHAEL\Cookies\HV1TIPD6.txt [ Cookie:michael@imrworldwide.com/cgi-bin ] C:\USERS\MICHAEL\Cookies\VK28BY8P.txt [ Cookie:michael@splash.trackmania.com/display/ ] C:\USERS\MICHAEL\Cookies\DAY831QQ.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1002072985/ ] C:\USERS\MICHAEL\Cookies\VODTAUW0.txt [ Cookie:michael@ads2.net2day.de/ ] C:\USERS\MICHAEL\Cookies\YF97G5K5.txt [ Cookie:michael@im.banner.t-online.de/ ] C:\USERS\MICHAEL\Cookies\NP2Q8SID.txt [ Cookie:michael@serving-sys.com/ ] C:\USERS\MICHAEL\Cookies\YJ5K41IP.txt [ Cookie:michael@ad1.adfarm1.adition.com/ ] C:\USERS\MICHAEL\Cookies\OD17Z7D9.txt [ Cookie:michael@ad3.adfarm1.adition.com/ ] C:\USERS\MICHAEL\Cookies\K3UKPOTW.txt [ Cookie:michael@explore.trackmania.com/ ] C:\USERS\MICHAEL\Cookies\53090Q7V.txt [ Cookie:michael@maniapub.trackmania.com/banner/click/ ] C:\USERS\MICHAEL\Cookies\5DE4BX2O.txt [ Cookie:michael@ad.adnet.de/ ] C:\USERS\MICHAEL\Cookies\M92YTIHR.txt [ Cookie:michael@maniahome.trackmania.com/ ] C:\USERS\MICHAEL\Cookies\P0V9N68V.txt [ Cookie:michael@adform.net/ ] C:\USERS\MICHAEL\Cookies\006701U5.txt [ Cookie:michael@7.rotator.wigetmedia.com/ ] C:\USERS\MICHAEL\Cookies\DXJ2RQA2.txt [ Cookie:michael@accounts.google.com/ ] C:\USERS\MICHAEL\Cookies\T0U4QJPY.txt [ Cookie:michael@track.adform.net/ ] C:\USERS\MICHAEL\Cookies\FH2GHZ1D.txt [ Cookie:michael@elitegamers.biz/ ] C:\USERS\MICHAEL\Cookies\P09LXLMT.txt [ Cookie:michael@adformdsp.net/ ] C:\USERS\MICHAEL\Cookies\NG9P4NNK.txt [ Cookie:michael@atdmt.com/ ] C:\USERS\MICHAEL\Cookies\9652Q7NF.txt [ Cookie:michael@adx2.chip.de/ ] C:\USERS\MICHAEL\Cookies\7HBXPJTI.txt [ Cookie:michael@bs.serving-sys.com/ ] C:\USERS\MICHAEL\Cookies\UUSH7O8P.txt [ Cookie:michael@eas.apm.emediate.eu/ ] C:\USERS\MICHAEL\Cookies\2EXLPLIS.txt [ Cookie:michael@adbrite.com/ ] C:\USERS\MICHAEL\Cookies\OR57ZLHS.txt [ Cookie:michael@ads1.ministerial5.com/ ] C:\USERS\MICHAEL\Cookies\IH8YKUAR.txt [ Cookie:michael@fastclick.net/ ] C:\USERS\MICHAEL\Cookies\TSUVEBEC.txt [ Cookie:michael@etargetnet.com/ ] C:\USERS\MICHAEL\Cookies\V4PXD7JB.txt [ Cookie:michael@adserver.directcorp.de/ ] C:\USERS\MICHAEL\Cookies\JZK6VABB.txt [ Cookie:michael@lucidmedia.com/ ] C:\USERS\MICHAEL\Cookies\LEONZAX8.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1036980325/ ] C:\USERS\MICHAEL\Cookies\L52G1YN3.txt [ Cookie:michael@c.atdmt.com/ ] C:\USERS\MICHAEL\Cookies\PEPBQ6A3.txt [ Cookie:michael@zanox-affiliate.de/ ] C:\USERS\MICHAEL\Cookies\BBZGQ4RU.txt [ Cookie:michael@xiti.com/ ] C:\USERS\MICHAEL\Cookies\HFT2SS37.txt [ Cookie:michael@yadro.ru/ ] C:\USERS\MICHAEL\Cookies\APVW7DQ1.txt [ Cookie:michael@daimlerag.122.2o7.net/ ] C:\USERS\MICHAEL\Cookies\GAA4RWCZ.txt [ Cookie:michael@casalemedia.com/ ] C:\USERS\MICHAEL\Cookies\H22AM08G.txt [ Cookie:michael@apmebf.com/ ] C:\USERS\MICHAEL\Cookies\Z5OJKVUB.txt [ Cookie:michael@adfarm1.adition.com/ ] C:\USERS\MICHAEL\Cookies\LSZ7G23U.txt [ Cookie:michael@eas4.emediate.eu/ ] C:\USERS\MICHAEL\Cookies\MVLYVPJR.txt [ Cookie:michael@advertising.com/ ] C:\USERS\MICHAEL\Cookies\V18SOPVX.txt [ Cookie:michael@de.sitestat.com/otto-eu/at/ ] C:\USERS\MICHAEL\Cookies\AEES0WBQ.txt [ Cookie:michael@tradedoubler.com/ ] C:\USERS\MICHAEL\Cookies\LO0WWLJF.txt [ Cookie:michael@server.adform.net/ ] C:\USERS\MICHAEL\Cookies\UM7JRV9U.txt [ Cookie:michael@adxpose.com/ ] 149.memecounter.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] account.goodgamestudios.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] ad.adverticum.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] aka-cdn-ns.adtech.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] cdnx.tribalfusion.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] core.saymedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] delivery.ibanner.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] ds.serving-sys.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] ia.media-imdb.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] images.newmedia.lu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] imagesrv.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] macromedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] media.bose.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] media.kyte.tv [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] media.mtvnservices.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] media1.break.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] s0.2mdn.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] secure-us.imrworldwide.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] track.webgains.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] ads.saymedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .saymedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .saymedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] in.getclicky.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .game-advertising-online.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .lucidmedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .flagcounter.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .amazon-adsystem.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] www.zanox-affiliate.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] ad.dyntracker.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .tracker.vinsight.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] zbox.zanox.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] teufel-media.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] tomtailor.dyntracker.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .histats.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .histats.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] imagevenue.advertserve.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] imagevenue.advertserve.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .amazon-adsystem.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] ads.adultwebads.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .zanox-affiliate.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .zanox.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .adform.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] www.googleadservices.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ] |
22.10.2012, 09:31 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Österreichischer Polizei Virus Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
22.10.2012, 12:28 | #28 |
| Österreichischer Polizei Virus Hallo, das mit den Cookies werde ich mir noch anschauen. Prinzipiell stört mich die Werbung aber nicht wirklich. Den Laptop kann ich jetzt wieder normal verwenden. Allerdings habe ich eine Sicherheitskopie von meinen Schulsachen auf meinem USB-Stick gemacht, nachdem der Virus auf dem Laptop war. Kann es sein, dass auf dem Stick noch schädliche Daten sind? |
22.10.2012, 12:36 | #29 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Österreichischer Polizei VirusZitat:
Automatische Wiedergabe deaktivieren Windows XP: Zur Vereinfachung hab ich mal die noautoplay.reg hochgeladen. Lad das auf dem Desktop herunter, führ die Datei aus und bestätige mit ja. Nach einem Neustart des Rechners ist die automatische Wiedergabe (von Datenträgern) auf allen Laufwerken deaktiviert, d.h. keine CD, kein Stick oder sonstwas startet nach dem Einstecken mehr automatisch. Windows Vista/7: In der Systemsteuerung unter automatische Wiedergabe von CDs und anderen Medien alles deaktivieren. => siehe auch Einstellungen für automatische Wiedergabe ändern Prüf den Stick dann mit einem Virenscanner deiner Wahl. 100% Sicherheit gibt es bekanntlich nicht.
__________________ Logfiles bitte immer in CODE-Tags posten |
22.10.2012, 16:01 | #30 |
| Österreichischer Polizei Virus Hallo, ich habe den Stick gerade mit Anti-Malware gescannt, dabei wurden keine infizierten Dateien gefunden. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.21.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michael :: MICHAEL_LAPTOP [Administrator] 22.10.2012 16:56:09 mbam-log-2012-10-22 (16-56-09).txt Art des Suchlaufs: Vollständiger Suchlauf (G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 249472 Laufzeit: 3 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
Themen zu Österreichischer Polizei Virus |
abgesicherten, anti-malware, anwendung, brauche, entdeck, kinox.to, laptop, malwarebytes, modus, msconfig, ordner, programme, pup.rewardsarcade, schule, seite, systemstart, trojan.agent, trojan.fakems, verdächtige, virus, wichtig, zugreifen |