| |
| |||||||
Log-Analyse und Auswertung: Windowssystem gesperrt, Malwarebytes ausgeführtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.03.2012, 11:42
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windowssystem gesperrt, Malwarebytes ausgeführt Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2012, 16:08
| #17 |
 | Windowssystem gesperrt, Malwarebytes ausgeführt Hier das Log-File:
__________________Code:
ATTFilter 16:02:42.0293 4592 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
16:02:42.0449 4592 ============================================================
16:02:42.0449 4592 Current date / time: 2012/03/22 16:02:42.0449
16:02:42.0449 4592 SystemInfo:
16:02:42.0449 4592
16:02:42.0449 4592 OS Version: 6.1.7601 ServicePack: 1.0
16:02:42.0449 4592 Product type: Workstation
16:02:42.0449 4592 ComputerName: SARA-PC
16:02:42.0449 4592 UserName: Administrator
16:02:42.0449 4592 Windows directory: C:\windows
16:02:42.0449 4592 System windows directory: C:\windows
16:02:42.0449 4592 Running under WOW64
16:02:42.0449 4592 Processor architecture: Intel x64
16:02:42.0449 4592 Number of processors: 2
16:02:42.0449 4592 Page size: 0x1000
16:02:42.0449 4592 Boot type: Normal boot
16:02:42.0449 4592 ============================================================
16:02:44.0197 4592 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:02:44.0212 4592 \Device\Harddisk0\DR0:
16:02:44.0212 4592 MBR used
16:02:44.0212 4592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
16:02:44.0212 4592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
16:02:44.0228 4592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
16:02:44.0415 4592 Initialize success
16:02:44.0415 4592 ============================================================
16:03:38.0843 4480 ============================================================
16:03:38.0843 4480 Scan started
16:03:38.0843 4480 Mode: Manual; SigCheck; TDLFS;
16:03:38.0843 4480 ============================================================
16:03:39.0374 4480 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:03:39.0577 4480 1394ohci - ok
16:03:39.0733 4480 acedrv07 (6e9c8b324980afe454c6f7762e2b4478) C:\windows\system32\drivers\acedrv07.sys
16:03:39.0748 4480 acedrv07 ( UnsignedFile.Multi.Generic ) - warning
16:03:39.0748 4480 acedrv07 - detected UnsignedFile.Multi.Generic (1)
16:03:39.0857 4480 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:03:39.0889 4480 ACPI - ok
16:03:39.0951 4480 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:03:40.0045 4480 AcpiPmi - ok
16:03:40.0154 4480 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys
16:03:40.0232 4480 ACPIVPC - ok
16:03:40.0357 4480 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
16:03:40.0388 4480 adp94xx - ok
16:03:40.0513 4480 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
16:03:40.0544 4480 adpahci - ok
16:03:40.0591 4480 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
16:03:40.0606 4480 adpu320 - ok
16:03:40.0684 4480 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
16:03:40.0840 4480 AeLookupSvc - ok
16:03:40.0965 4480 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
16:03:41.0043 4480 AFD - ok
16:03:41.0137 4480 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
16:03:41.0168 4480 agp440 - ok
16:03:41.0230 4480 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
16:03:41.0308 4480 ALG - ok
16:03:41.0433 4480 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
16:03:41.0449 4480 aliide - ok
16:03:41.0558 4480 AMD External Events Utility (e47d00b8d7d0081eeac333041660bcfb) C:\windows\system32\atiesrxx.exe
16:03:41.0636 4480 AMD External Events Utility - ok
16:03:41.0823 4480 AMD FUEL Service - ok
16:03:41.0870 4480 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
16:03:41.0886 4480 AMD Reservation Manager - ok
16:03:41.0995 4480 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
16:03:42.0010 4480 amdide - ok
16:03:42.0057 4480 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\windows\system32\DRIVERS\amdiox64.sys
16:03:42.0073 4480 amdiox64 - ok
16:03:42.0166 4480 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
16:03:42.0213 4480 AmdK8 - ok
16:03:42.0478 4480 amdkmdag (59e31f22450ba39d640ecc7e7ab720e4) C:\windows\system32\DRIVERS\atikmdag.sys
16:03:42.0775 4480 amdkmdag - ok
16:03:42.0868 4480 amdkmdap (d54e78d9166e27a833f6e6e325080960) C:\windows\system32\DRIVERS\atikmpag.sys
16:03:42.0915 4480 amdkmdap - ok
16:03:43.0040 4480 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
16:03:43.0071 4480 AmdPPM - ok
16:03:43.0165 4480 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
16:03:43.0196 4480 amdsata - ok
16:03:43.0321 4480 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
16:03:43.0336 4480 amdsbs - ok
16:03:43.0383 4480 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
16:03:43.0399 4480 amdxata - ok
16:03:43.0492 4480 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\windows\system32\DRIVERS\amd_sata.sys
16:03:43.0508 4480 amd_sata - ok
16:03:43.0524 4480 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\windows\system32\DRIVERS\amd_xata.sys
16:03:43.0539 4480 amd_xata - ok
16:03:43.0633 4480 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:03:43.0648 4480 AntiVirSchedulerService - ok
16:03:43.0758 4480 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:03:43.0789 4480 AntiVirService - ok
16:03:43.0960 4480 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
16:03:44.0132 4480 AppID - ok
16:03:44.0226 4480 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
16:03:44.0304 4480 AppIDSvc - ok
16:03:44.0413 4480 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
16:03:44.0475 4480 Appinfo - ok
16:03:44.0538 4480 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
16:03:44.0553 4480 arc - ok
16:03:44.0647 4480 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
16:03:44.0678 4480 arcsas - ok
16:03:44.0787 4480 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:03:44.0803 4480 aspnet_state - ok
16:03:44.0896 4480 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:03:44.0990 4480 AsyncMac - ok
16:03:45.0115 4480 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
16:03:45.0130 4480 atapi - ok
16:03:45.0224 4480 athr (782d36bad8ddbf008d02e055dbe70f82) C:\windows\system32\DRIVERS\athrx.sys
16:03:45.0333 4480 athr - ok
16:03:45.0489 4480 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:03:45.0598 4480 AudioEndpointBuilder - ok
16:03:45.0661 4480 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:03:45.0739 4480 AudioSrv - ok
16:03:45.0848 4480 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\windows\system32\DRIVERS\avgntflt.sys
16:03:45.0879 4480 avgntflt - ok
16:03:45.0988 4480 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\windows\system32\DRIVERS\avipbb.sys
16:03:46.0020 4480 avipbb - ok
16:03:46.0113 4480 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
16:03:46.0129 4480 avkmgr - ok
16:03:46.0238 4480 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
16:03:46.0316 4480 AxInstSV - ok
16:03:46.0456 4480 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
16:03:46.0519 4480 b06bdrv - ok
16:03:46.0644 4480 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:03:46.0690 4480 b57nd60a - ok
16:03:46.0815 4480 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
16:03:46.0862 4480 BDESVC - ok
16:03:46.0971 4480 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:03:47.0049 4480 Beep - ok
16:03:47.0190 4480 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
16:03:47.0268 4480 BFE - ok
16:03:47.0408 4480 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
16:03:47.0517 4480 BITS - ok
16:03:47.0626 4480 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:03:47.0673 4480 blbdrive - ok
16:03:47.0798 4480 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
16:03:47.0845 4480 bowser - ok
16:03:47.0954 4480 BPntDrv (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys
16:03:47.0970 4480 BPntDrv - ok
16:03:48.0032 4480 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:03:48.0126 4480 BrFiltLo - ok
16:03:48.0219 4480 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:03:48.0250 4480 BrFiltUp - ok
16:03:48.0375 4480 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
16:03:48.0438 4480 Browser - ok
16:03:48.0547 4480 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:03:48.0625 4480 Brserid - ok
16:03:48.0734 4480 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:03:48.0765 4480 BrSerWdm - ok
16:03:48.0874 4480 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:03:48.0937 4480 BrUsbMdm - ok
16:03:49.0030 4480 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:03:49.0077 4480 BrUsbSer - ok
16:03:49.0186 4480 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
16:03:49.0249 4480 BthEnum - ok
16:03:49.0342 4480 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
16:03:49.0374 4480 BTHMODEM - ok
16:03:49.0467 4480 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
16:03:49.0514 4480 BthPan - ok
16:03:49.0639 4480 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
16:03:49.0701 4480 BTHPORT - ok
16:03:49.0795 4480 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
16:03:49.0873 4480 bthserv - ok
16:03:49.0935 4480 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
16:03:49.0982 4480 BTHUSB - ok
16:03:50.0107 4480 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:03:50.0200 4480 cdfs - ok
16:03:50.0310 4480 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
16:03:50.0341 4480 cdrom - ok
16:03:50.0450 4480 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:03:50.0544 4480 CertPropSvc - ok
16:03:50.0622 4480 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
16:03:50.0668 4480 circlass - ok
16:03:50.0762 4480 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:03:50.0793 4480 CLFS - ok
16:03:50.0902 4480 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:03:50.0918 4480 clr_optimization_v2.0.50727_32 - ok
16:03:50.0965 4480 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:03:50.0996 4480 clr_optimization_v2.0.50727_64 - ok
16:03:51.0121 4480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:03:51.0168 4480 clr_optimization_v4.0.30319_32 - ok
16:03:51.0277 4480 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:03:51.0324 4480 clr_optimization_v4.0.30319_64 - ok
16:03:51.0433 4480 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
16:03:51.0448 4480 clwvd - ok
16:03:51.0480 4480 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:03:51.0526 4480 CmBatt - ok
16:03:51.0604 4480 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
16:03:51.0636 4480 cmdide - ok
16:03:51.0698 4480 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
16:03:51.0745 4480 CNG - ok
16:03:51.0870 4480 CnxtHdAudService (a9078365cce6ddf02dd9e5a3591df1f5) C:\windows\system32\drivers\CHDRT64.sys
16:03:51.0932 4480 CnxtHdAudService - ok
16:03:52.0041 4480 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
16:03:52.0057 4480 Compbatt - ok
16:03:52.0119 4480 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
16:03:52.0150 4480 CompositeBus - ok
16:03:52.0213 4480 COMSysApp - ok
16:03:52.0291 4480 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
16:03:52.0306 4480 crcdisk - ok
16:03:52.0431 4480 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
16:03:52.0509 4480 CryptSvc - ok
16:03:52.0618 4480 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:03:52.0712 4480 DcomLaunch - ok
16:03:52.0790 4480 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
16:03:52.0884 4480 defragsvc - ok
16:03:52.0993 4480 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
16:03:53.0071 4480 DfsC - ok
16:03:53.0196 4480 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
16:03:53.0274 4480 Dhcp - ok
16:03:53.0336 4480 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:03:53.0430 4480 discache - ok
16:03:53.0523 4480 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
16:03:53.0554 4480 Disk - ok
16:03:53.0601 4480 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
16:03:53.0648 4480 Dnscache - ok
16:03:53.0742 4480 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
16:03:53.0835 4480 dot3svc - ok
16:03:53.0898 4480 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
16:03:53.0976 4480 DPS - ok
16:03:54.0069 4480 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:03:54.0116 4480 drmkaud - ok
16:03:54.0241 4480 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\windows\system32\DRIVERS\dtsoftbus01.sys
16:03:54.0256 4480 dtsoftbus01 - ok
16:03:54.0319 4480 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
16:03:54.0381 4480 DXGKrnl - ok
16:03:54.0475 4480 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
16:03:54.0553 4480 EapHost - ok
16:03:54.0678 4480 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
16:03:54.0834 4480 ebdrv - ok
16:03:54.0912 4480 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
16:03:54.0958 4480 EFS - ok
16:03:55.0052 4480 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
16:03:55.0161 4480 ehRecvr - ok
16:03:55.0224 4480 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
16:03:55.0255 4480 ehSched - ok
16:03:55.0348 4480 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
16:03:55.0380 4480 elxstor - ok
16:03:55.0489 4480 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
16:03:55.0520 4480 ErrDev - ok
16:03:55.0629 4480 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
16:03:55.0707 4480 EventSystem - ok
16:03:55.0770 4480 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:03:55.0848 4480 exfat - ok
16:03:55.0941 4480 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:03:56.0019 4480 fastfat - ok
16:03:56.0144 4480 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
16:03:56.0206 4480 Fax - ok
16:03:56.0316 4480 fbfmon (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys
16:03:56.0331 4480 fbfmon - ok
16:03:56.0362 4480 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
16:03:56.0394 4480 fdc - ok
16:03:56.0456 4480 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
16:03:56.0550 4480 fdPHost - ok
16:03:56.0581 4480 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
16:03:56.0659 4480 FDResPub - ok
16:03:56.0752 4480 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:03:56.0768 4480 FileInfo - ok
16:03:56.0815 4480 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:03:56.0893 4480 Filetrace - ok
16:03:56.0971 4480 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
16:03:57.0002 4480 flpydisk - ok
16:03:57.0064 4480 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
16:03:57.0096 4480 FltMgr - ok
16:03:57.0174 4480 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
16:03:57.0252 4480 FontCache - ok
16:03:57.0376 4480 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:03:57.0392 4480 FontCache3.0.0.0 - ok
16:03:57.0454 4480 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:03:57.0470 4480 FsDepends - ok
16:03:57.0532 4480 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
16:03:57.0548 4480 Fs_Rec - ok
16:03:57.0626 4480 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
16:03:57.0657 4480 fvevol - ok
16:03:57.0766 4480 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
16:03:57.0782 4480 gagp30kx - ok
16:03:57.0860 4480 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
16:03:57.0954 4480 gpsvc - ok
16:03:58.0047 4480 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:03:58.0094 4480 hcw85cir - ok
16:03:58.0203 4480 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
16:03:58.0250 4480 HdAudAddService - ok
16:03:58.0375 4480 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
16:03:58.0437 4480 HDAudBus - ok
16:03:58.0468 4480 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
16:03:58.0500 4480 HidBatt - ok
16:03:58.0593 4480 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
16:03:58.0640 4480 HidBth - ok
16:03:58.0749 4480 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
16:03:58.0796 4480 HidIr - ok
16:03:58.0874 4480 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
16:03:58.0952 4480 hidserv - ok
16:03:59.0046 4480 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
16:03:59.0077 4480 HidUsb - ok
16:03:59.0155 4480 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
16:03:59.0233 4480 hkmsvc - ok
16:03:59.0358 4480 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
16:03:59.0420 4480 HomeGroupListener - ok
16:03:59.0467 4480 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
16:03:59.0514 4480 HomeGroupProvider - ok
16:03:59.0623 4480 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
16:03:59.0654 4480 HpSAMD - ok
16:03:59.0748 4480 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
16:03:59.0841 4480 HTTP - ok
16:03:59.0950 4480 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
16:03:59.0966 4480 hwpolicy - ok
16:04:00.0044 4480 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
16:04:00.0075 4480 i8042prt - ok
16:04:00.0169 4480 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
16:04:00.0200 4480 iaStorV - ok
16:04:00.0356 4480 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:04:00.0403 4480 idsvc - ok
16:04:00.0606 4480 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
16:04:00.0871 4480 igfx - ok
16:04:00.0996 4480 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
16:04:01.0027 4480 iirsp - ok
16:04:01.0105 4480 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
16:04:01.0198 4480 IKEEXT - ok
16:04:01.0323 4480 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
16:04:01.0339 4480 intelide - ok
16:04:01.0401 4480 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
16:04:01.0432 4480 intelppm - ok
16:04:01.0495 4480 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
16:04:01.0573 4480 IPBusEnum - ok
16:04:01.0635 4480 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:04:01.0729 4480 IpFilterDriver - ok
16:04:01.0822 4480 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
16:04:01.0900 4480 iphlpsvc - ok
16:04:02.0010 4480 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
16:04:02.0056 4480 IPMIDRV - ok
16:04:02.0088 4480 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:04:02.0166 4480 IPNAT - ok
16:04:02.0259 4480 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:04:02.0322 4480 IRENUM - ok
16:04:02.0431 4480 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
16:04:02.0446 4480 isapnp - ok
16:04:02.0478 4480 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
16:04:02.0509 4480 iScsiPrt - ok
16:04:02.0618 4480 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
16:04:02.0665 4480 k57nd60a - ok
16:04:02.0774 4480 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
16:04:02.0790 4480 kbdclass - ok
16:04:02.0868 4480 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
16:04:02.0914 4480 kbdhid - ok
16:04:03.0008 4480 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:04:03.0024 4480 KeyIso - ok
16:04:03.0055 4480 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
16:04:03.0070 4480 KSecDD - ok
16:04:03.0102 4480 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
16:04:03.0117 4480 KSecPkg - ok
16:04:03.0211 4480 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:04:03.0304 4480 ksthunk - ok
16:04:03.0336 4480 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
16:04:03.0429 4480 KtmRm - ok
16:04:03.0523 4480 L1C (32980b4e711d2ef7128c44dc2cf85706) C:\windows\system32\DRIVERS\L1C62x64.sys
16:04:03.0538 4480 L1C - ok
16:04:03.0648 4480 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
16:04:03.0741 4480 LanmanServer - ok
16:04:03.0850 4480 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
16:04:03.0928 4480 LanmanWorkstation - ok
16:04:03.0991 4480 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
16:04:04.0006 4480 LHDmgr - ok
16:04:04.0084 4480 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:04:04.0162 4480 lltdio - ok
16:04:04.0256 4480 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
16:04:04.0350 4480 lltdsvc - ok
16:04:04.0396 4480 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
16:04:04.0474 4480 lmhosts - ok
16:04:04.0568 4480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
16:04:04.0584 4480 LSI_FC - ok
16:04:04.0646 4480 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
16:04:04.0662 4480 LSI_SAS - ok
16:04:04.0755 4480 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:04:04.0771 4480 LSI_SAS2 - ok
16:04:04.0802 4480 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:04:04.0833 4480 LSI_SCSI - ok
16:04:04.0927 4480 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:04:05.0005 4480 luafv - ok
16:04:05.0114 4480 lxdnCATSCustConnectService (4208b958e35f0e596aa241efb664636b) C:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe
16:04:05.0176 4480 lxdnCATSCustConnectService - ok
16:04:05.0254 4480 lxdn_device - ok
16:04:05.0395 4480 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
16:04:05.0410 4480 MBAMProtector - ok
16:04:05.0488 4480 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:04:05.0520 4480 MBAMService - ok
16:04:05.0660 4480 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
16:04:05.0691 4480 Mcx2Svc - ok
16:04:05.0769 4480 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
16:04:05.0785 4480 megasas - ok
16:04:05.0816 4480 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
16:04:05.0847 4480 MegaSR - ok
16:04:05.0894 4480 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:04:05.0972 4480 MMCSS - ok
16:04:06.0050 4480 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:04:06.0128 4480 Modem - ok
16:04:06.0237 4480 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:04:06.0268 4480 monitor - ok
16:04:06.0378 4480 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
16:04:06.0393 4480 mouclass - ok
16:04:06.0518 4480 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
16:04:06.0549 4480 mouhid - ok
16:04:06.0658 4480 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
16:04:06.0690 4480 mountmgr - ok
16:04:06.0736 4480 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
16:04:06.0752 4480 mpio - ok
16:04:06.0861 4480 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:04:06.0939 4480 mpsdrv - ok
16:04:07.0064 4480 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
16:04:07.0158 4480 MpsSvc - ok
16:04:07.0282 4480 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
16:04:07.0329 4480 MRxDAV - ok
16:04:07.0470 4480 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
16:04:07.0501 4480 mrxsmb - ok
16:04:07.0594 4480 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:04:07.0626 4480 mrxsmb10 - ok
16:04:07.0688 4480 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:04:07.0704 4480 mrxsmb20 - ok
16:04:07.0828 4480 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
16:04:07.0844 4480 msahci - ok
16:04:07.0891 4480 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
16:04:07.0922 4480 msdsm - ok
16:04:08.0094 4480 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
16:04:08.0234 4480 MSDTC - ok
16:04:08.0406 4480 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:04:08.0468 4480 Msfs - ok
16:04:08.0577 4480 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:04:08.0640 4480 mshidkmdf - ok
16:04:08.0671 4480 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
16:04:08.0702 4480 msisadrv - ok
16:04:08.0796 4480 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
16:04:08.0874 4480 MSiSCSI - ok
16:04:08.0889 4480 msiserver - ok
16:04:08.0983 4480 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:04:09.0076 4480 MSKSSRV - ok
16:04:09.0186 4480 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:04:09.0264 4480 MSPCLOCK - ok
16:04:09.0357 4480 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:04:09.0435 4480 MSPQM - ok
16:04:09.0498 4480 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
16:04:09.0529 4480 MsRPC - ok
16:04:09.0607 4480 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
16:04:09.0638 4480 mssmbios - ok
16:04:09.0669 4480 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:04:09.0763 4480 MSTEE - ok
16:04:09.0841 4480 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
16:04:09.0856 4480 MTConfig - ok
16:04:09.0903 4480 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:04:09.0919 4480 Mup - ok
16:04:10.0012 4480 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
16:04:10.0106 4480 napagent - ok
16:04:10.0231 4480 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:04:10.0278 4480 NativeWifiP - ok
16:04:10.0434 4480 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
16:04:10.0480 4480 NDIS - ok
16:04:10.0574 4480 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:04:10.0652 4480 NdisCap - ok
16:04:10.0761 4480 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:04:10.0824 4480 NdisTapi - ok
16:04:10.0902 4480 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
16:04:10.0980 4480 Ndisuio - ok
16:04:11.0073 4480 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
16:04:11.0167 4480 NdisWan - ok
16:04:11.0276 4480 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
16:04:11.0354 4480 NDProxy - ok
16:04:11.0463 4480 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:04:11.0557 4480 NetBIOS - ok
16:04:11.0604 4480 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
16:04:11.0682 4480 NetBT - ok
16:04:11.0775 4480 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:04:11.0791 4480 Netlogon - ok
16:04:11.0838 4480 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
16:04:11.0916 4480 Netman - ok
16:04:12.0025 4480 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:04:12.0040 4480 NetMsmqActivator - ok
16:04:12.0056 4480 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:04:12.0072 4480 NetPipeActivator - ok
16:04:12.0118 4480 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
16:04:12.0228 4480 netprofm - ok
16:04:12.0337 4480 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:04:12.0352 4480 NetTcpActivator - ok
16:04:12.0368 4480 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:04:12.0384 4480 NetTcpPortSharing - ok
16:04:12.0602 4480 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
16:04:12.0805 4480 netw5v64 - ok
16:04:12.0898 4480 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
16:04:12.0914 4480 nfrd960 - ok
16:04:13.0008 4480 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
16:04:13.0101 4480 NlaSvc - ok
16:04:13.0164 4480 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:04:13.0242 4480 Npfs - ok
16:04:13.0304 4480 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
16:04:13.0366 4480 nsi - ok
16:04:13.0429 4480 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:04:13.0507 4480 nsiproxy - ok
16:04:13.0616 4480 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
16:04:13.0678 4480 Ntfs - ok
16:04:13.0772 4480 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:04:13.0850 4480 Null - ok
16:04:13.0944 4480 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
16:04:13.0975 4480 nvraid - ok
16:04:13.0990 4480 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
16:04:14.0022 4480 nvstor - ok
16:04:14.0146 4480 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
16:04:14.0162 4480 nv_agp - ok
16:04:14.0287 4480 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
16:04:14.0318 4480 ohci1394 - ok
16:04:14.0380 4480 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:04:14.0396 4480 ose - ok
16:04:14.0458 4480 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:04:14.0505 4480 p2pimsvc - ok
16:04:14.0536 4480 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
16:04:14.0583 4480 p2psvc - ok
16:04:14.0661 4480 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
16:04:14.0692 4480 Parport - ok
16:04:14.0755 4480 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
16:04:14.0770 4480 partmgr - ok
16:04:14.0833 4480 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
16:04:14.0880 4480 PcaSvc - ok
16:04:14.0958 4480 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
16:04:14.0973 4480 pci - ok
16:04:15.0067 4480 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
16:04:15.0082 4480 pciide - ok
16:04:15.0129 4480 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
16:04:15.0160 4480 pcmcia - ok
16:04:15.0207 4480 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:04:15.0238 4480 pcw - ok
16:04:15.0285 4480 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:04:15.0379 4480 PEAUTH - ok
16:04:15.0472 4480 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
16:04:15.0519 4480 PerfHost - ok
16:04:15.0628 4480 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
16:04:15.0738 4480 pla - ok
16:04:15.0847 4480 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
16:04:15.0909 4480 PlugPlay - ok
16:04:15.0987 4480 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
16:04:16.0018 4480 PNRPAutoReg - ok
16:04:16.0050 4480 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:04:16.0081 4480 PNRPsvc - ok
16:04:16.0174 4480 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
16:04:16.0268 4480 PolicyAgent - ok
16:04:16.0346 4480 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
16:04:16.0424 4480 Power - ok
16:04:16.0502 4480 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
16:04:16.0580 4480 PptpMiniport - ok
16:04:16.0642 4480 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
16:04:16.0689 4480 Processor - ok
16:04:16.0783 4480 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
16:04:16.0861 4480 ProfSvc - ok
16:04:16.0908 4480 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:04:16.0939 4480 ProtectedStorage - ok
16:04:17.0048 4480 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
16:04:17.0126 4480 Psched - ok
16:04:17.0188 4480 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
16:04:17.0251 4480 ql2300 - ok
16:04:17.0329 4480 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
16:04:17.0360 4480 ql40xx - ok
16:04:17.0407 4480 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
16:04:17.0454 4480 QWAVE - ok
16:04:17.0532 4480 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:04:17.0578 4480 QWAVEdrv - ok
16:04:17.0672 4480 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:04:17.0750 4480 RasAcd - ok
16:04:17.0859 4480 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:04:17.0922 4480 RasAgileVpn - ok
16:04:17.0953 4480 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
16:04:18.0031 4480 RasAuto - ok
16:04:18.0140 4480 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
16:04:18.0234 4480 Rasl2tp - ok
16:04:18.0343 4480 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
16:04:18.0421 4480 RasMan - ok
16:04:18.0483 4480 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:04:18.0561 4480 RasPppoe - ok
16:04:18.0670 4480 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:04:18.0748 4480 RasSstp - ok
16:04:18.0858 4480 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
16:04:18.0936 4480 rdbss - ok
16:04:18.0967 4480 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
16:04:19.0014 4480 rdpbus - ok
16:04:19.0138 4480 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:04:19.0201 4480 RDPCDD - ok
16:04:19.0248 4480 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:04:19.0326 4480 RDPENCDD - ok
16:04:19.0419 4480 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:04:19.0497 4480 RDPREFMP - ok
16:04:19.0544 4480 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
16:04:19.0591 4480 RDPWD - ok
16:04:19.0716 4480 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
16:04:19.0731 4480 rdyboost - ok
16:04:19.0840 4480 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
16:04:19.0918 4480 RemoteAccess - ok
16:04:19.0965 4480 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
16:04:20.0043 4480 RemoteRegistry - ok
16:04:20.0137 4480 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
16:04:20.0199 4480 RFCOMM - ok
16:04:20.0308 4480 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
16:04:20.0386 4480 RpcEptMapper - ok
16:04:20.0418 4480 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
16:04:20.0449 4480 RpcLocator - ok
16:04:20.0558 4480 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:04:20.0636 4480 RpcSs - ok
16:04:20.0714 4480 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:04:20.0808 4480 rspndr - ok
16:04:20.0932 4480 RSUSBVSTOR (89dfb71b370d82dfe75183f677043cee) C:\windows\system32\Drivers\RtsUVStor.sys
16:04:20.0964 4480 RSUSBVSTOR - ok
16:04:21.0010 4480 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:04:21.0042 4480 SamSs - ok
16:04:21.0135 4480 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
16:04:21.0151 4480 sbp2port - ok
16:04:21.0198 4480 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
16:04:21.0276 4480 SCardSvr - ok
16:04:21.0369 4480 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
16:04:21.0432 4480 scfilter - ok
16:04:21.0510 4480 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
16:04:21.0619 4480 Schedule - ok
16:04:21.0712 4480 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:04:21.0775 4480 SCPolicySvc - ok
16:04:21.0806 4480 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
16:04:21.0868 4480 SDRSVC - ok
16:04:21.0962 4480 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:04:22.0040 4480 secdrv - ok
16:04:22.0134 4480 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
16:04:22.0212 4480 seclogon - ok
16:04:22.0243 4480 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
16:04:22.0336 4480 SENS - ok
16:04:22.0414 4480 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
16:04:22.0461 4480 SensrSvc - ok
16:04:22.0508 4480 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
16:04:22.0539 4480 Serenum - ok
16:04:22.0664 4480 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
16:04:22.0711 4480 Serial - ok
16:04:22.0820 4480 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
16:04:22.0851 4480 sermouse - ok
16:04:22.0914 4480 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
16:04:22.0992 4480 SessionEnv - ok
16:04:23.0101 4480 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
16:04:23.0148 4480 sffdisk - ok
16:04:23.0272 4480 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
16:04:23.0288 4480 sffp_mmc - ok
16:04:23.0319 4480 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
16:04:23.0350 4480 sffp_sd - ok
16:04:23.0444 4480 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
16:04:23.0475 4480 sfloppy - ok
16:04:23.0522 4480 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
16:04:23.0616 4480 SharedAccess - ok
16:04:23.0709 4480 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
16:04:23.0787 4480 ShellHWDetection - ok
16:04:23.0881 4480 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:04:23.0912 4480 SiSRaid2 - ok
16:04:23.0943 4480 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
16:04:23.0959 4480 SiSRaid4 - ok
16:04:24.0052 4480 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:04:24.0130 4480 Smb - ok
16:04:24.0224 4480 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
16:04:24.0271 4480 SNMPTRAP - ok
16:04:24.0318 4480 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:04:24.0333 4480 spldr - ok
16:04:24.0442 4480 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
16:04:24.0520 4480 Spooler - ok
16:04:24.0692 4480 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
16:04:24.0864 4480 sppsvc - ok
16:04:24.0957 4480 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
16:04:25.0051 4480 sppuinotify - ok
16:04:25.0113 4480 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
16:04:25.0160 4480 srv - ok
16:04:25.0254 4480 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
16:04:25.0300 4480 srv2 - ok
16:04:25.0378 4480 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
16:04:25.0441 4480 srvnet - ok
16:04:25.0534 4480 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
16:04:25.0612 4480 SSDPSRV - ok
16:04:25.0644 4480 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
16:04:25.0722 4480 SstpSvc - ok
16:04:25.0784 4480 Steam Client Service - ok
16:04:25.0846 4480 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
16:04:25.0878 4480 stexstor - ok
16:04:25.0940 4480 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
16:04:26.0002 4480 stisvc - ok
16:04:26.0143 4480 StumbleUponUpdater (3fb1d84d673b4a9af3856c8843c7a464) C:\Users\Administrator\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
16:04:26.0158 4480 StumbleUponUpdater ( UnsignedFile.Multi.Generic ) - warning
16:04:26.0158 4480 StumbleUponUpdater - detected UnsignedFile.Multi.Generic (1)
16:04:26.0252 4480 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
16:04:26.0268 4480 swenum - ok
16:04:26.0314 4480 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
16:04:26.0408 4480 swprv - ok
16:04:26.0517 4480 SynTP (b3ad15fa10ebeafc1275f34050e4e230) C:\windows\system32\DRIVERS\SynTP.sys
16:04:26.0580 4480 SynTP - ok
16:04:26.0720 4480 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
16:04:26.0814 4480 SysMain - ok
16:04:26.0892 4480 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
16:04:26.0938 4480 TabletInputService - ok
16:04:26.0970 4480 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
16:04:27.0063 4480 TapiSrv - ok
16:04:27.0094 4480 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
16:04:27.0157 4480 TBS - ok
16:04:27.0266 4480 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
16:04:27.0344 4480 Tcpip - ok
16:04:27.0500 4480 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
16:04:27.0562 4480 TCPIP6 - ok
16:04:27.0672 4480 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
16:04:27.0750 4480 tcpipreg - ok
16:04:27.0812 4480 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:04:27.0843 4480 TDPIPE - ok
16:04:27.0921 4480 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
16:04:27.0952 4480 TDTCP - ok
16:04:28.0015 4480 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
16:04:28.0093 4480 tdx - ok
16:04:28.0155 4480 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
16:04:28.0186 4480 TermDD - ok
16:04:28.0280 4480 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
16:04:28.0358 4480 TermService - ok
16:04:28.0436 4480 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
16:04:28.0483 4480 Themes - ok
16:04:28.0530 4480 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:04:28.0592 4480 THREADORDER - ok
16:04:28.0654 4480 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
16:04:28.0748 4480 TrkWks - ok
16:04:28.0810 4480 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
16:04:28.0873 4480 TrustedInstaller - ok
16:04:28.0966 4480 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
16:04:29.0044 4480 tssecsrv - ok
16:04:29.0091 4480 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
16:04:29.0138 4480 TsUsbFlt - ok
16:04:29.0247 4480 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
16:04:29.0310 4480 tunnel - ok
16:04:29.0356 4480 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
16:04:29.0372 4480 uagp35 - ok
16:04:29.0481 4480 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
16:04:29.0559 4480 udfs - ok
16:04:29.0622 4480 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
16:04:29.0653 4480 UI0Detect - ok
16:04:29.0762 4480 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
16:04:29.0793 4480 uliagpkx - ok
16:04:29.0887 4480 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
16:04:29.0918 4480 umbus - ok
16:04:29.0949 4480 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
16:04:29.0996 4480 UmPass - ok
16:04:30.0105 4480 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
16:04:30.0121 4480 UnlockerDriver5 - ok
16:04:30.0214 4480 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
16:04:30.0292 4480 upnphost - ok
16:04:30.0402 4480 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
16:04:30.0448 4480 usbccgp - ok
16:04:30.0573 4480 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
16:04:30.0620 4480 usbcir - ok
16:04:30.0651 4480 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
16:04:30.0698 4480 usbehci - ok
16:04:30.0792 4480 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\windows\system32\DRIVERS\usbfilter.sys
16:04:30.0807 4480 usbfilter - ok
16:04:30.0870 4480 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
16:04:30.0916 4480 usbhub - ok
16:04:30.0994 4480 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
16:04:31.0041 4480 usbohci - ok
16:04:31.0119 4480 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
16:04:31.0166 4480 usbprint - ok
16:04:31.0260 4480 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
16:04:31.0291 4480 usbscan - ok
16:04:31.0322 4480 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:04:31.0369 4480 USBSTOR - ok
16:04:31.0462 4480 usbUDisc (6d14d8ec1dd33a072653e75e3b28b062) C:\windows\system32\DRIVERS\USBDrv_AMD64.sys
16:04:31.0478 4480 usbUDisc - ok
16:04:31.0525 4480 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
16:04:31.0556 4480 usbuhci - ok
16:04:31.0681 4480 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
16:04:31.0743 4480 usbvideo - ok
16:04:31.0821 4480 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
16:04:31.0915 4480 UxSms - ok
16:04:31.0977 4480 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:04:32.0008 4480 VaultSvc - ok
16:04:32.0102 4480 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
16:04:32.0133 4480 vdrvroot - ok
16:04:32.0211 4480 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
16:04:32.0289 4480 vds - ok
16:04:32.0367 4480 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:04:32.0398 4480 vga - ok
16:04:32.0430 4480 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:04:32.0508 4480 VgaSave - ok
16:04:32.0617 4480 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
16:04:32.0632 4480 vhdmp - ok
16:04:32.0679 4480 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
16:04:32.0695 4480 viaide - ok
16:04:32.0788 4480 vm2uvcflt (5cb80afa98111fc6ed6e8702a0d7ac5b) C:\windows\system32\Drivers\vm2uvcflt.sys
16:04:32.0804 4480 vm2uvcflt - ok
16:04:32.0851 4480 vm332avs (fe75ed0244aedff9b278a2a09ac06ca9) C:\windows\system32\Drivers\vm332avs.sys
16:04:32.0866 4480 vm332avs - ok
16:04:32.0929 4480 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
16:04:32.0944 4480 volmgr - ok
16:04:33.0054 4480 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
16:04:33.0085 4480 volmgrx - ok
16:04:33.0132 4480 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
16:04:33.0163 4480 volsnap - ok
16:04:33.0241 4480 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
16:04:33.0256 4480 vsmraid - ok
16:04:33.0366 4480 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
16:04:33.0475 4480 VSS - ok
16:04:33.0553 4480 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:04:33.0600 4480 vwifibus - ok
16:04:33.0631 4480 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
16:04:33.0678 4480 vwififlt - ok
16:04:33.0771 4480 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
16:04:33.0802 4480 vwifimp - ok
16:04:33.0849 4480 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
16:04:33.0927 4480 W32Time - ok
16:04:34.0021 4480 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
16:04:34.0052 4480 WacomPen - ok
16:04:34.0177 4480 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:04:34.0239 4480 WANARP - ok
16:04:34.0255 4480 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:04:34.0333 4480 Wanarpv6 - ok
16:04:34.0411 4480 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
16:04:34.0473 4480 wbengine - ok
16:04:34.0567 4480 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
16:04:34.0598 4480 WbioSrvc - ok
16:04:34.0676 4480 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
16:04:34.0738 4480 wcncsvc - ok
16:04:34.0816 4480 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
16:04:34.0848 4480 WcsPlugInService - ok
16:04:34.0879 4480 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
16:04:34.0910 4480 Wd - ok
16:04:34.0988 4480 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:04:35.0019 4480 Wdf01000 - ok
16:04:35.0097 4480 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:04:35.0191 4480 WdiServiceHost - ok
16:04:35.0206 4480 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:04:35.0253 4480 WdiSystemHost - ok
16:04:35.0347 4480 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
16:04:35.0394 4480 WebClient - ok
16:04:35.0440 4480 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
16:04:35.0518 4480 Wecsvc - ok
16:04:35.0596 4480 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
16:04:35.0674 4480 wercplsupport - ok
16:04:35.0768 4480 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
16:04:35.0830 4480 WerSvc - ok
16:04:35.0893 4480 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:04:35.0955 4480 WfpLwf - ok
16:04:36.0018 4480 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:04:36.0033 4480 WIMMount - ok
16:04:36.0064 4480 WinDefend - ok
16:04:36.0096 4480 WinHttpAutoProxySvc - ok
16:04:36.0174 4480 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
16:04:36.0252 4480 Winmgmt - ok
16:04:36.0376 4480 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
16:04:36.0486 4480 WinRM - ok
16:04:36.0610 4480 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
16:04:36.0642 4480 WinUsb - ok
16:04:36.0704 4480 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
16:04:36.0751 4480 Wlansvc - ok
16:04:36.0813 4480 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:04:36.0829 4480 wlcrasvc - ok
16:04:36.0891 4480 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:04:36.0969 4480 wlidsvc - ok
16:04:37.0078 4480 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
16:04:37.0110 4480 WmiAcpi - ok
16:04:37.0203 4480 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
16:04:37.0250 4480 wmiApSrv - ok
16:04:37.0281 4480 WMPNetworkSvc - ok
16:04:37.0359 4480 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
16:04:37.0390 4480 WPCSvc - ok
16:04:37.0453 4480 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
16:04:37.0484 4480 WPDBusEnum - ok
16:04:37.0546 4480 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:04:37.0624 4480 ws2ifsl - ok
16:04:37.0671 4480 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
16:04:37.0718 4480 wscsvc - ok
16:04:37.0749 4480 WSearch - ok
16:04:37.0858 4480 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
16:04:37.0890 4480 wsvd - ok
16:04:37.0983 4480 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
16:04:38.0108 4480 wuauserv - ok
16:04:38.0217 4480 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
16:04:38.0295 4480 WudfPf - ok
16:04:38.0420 4480 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
16:04:38.0498 4480 WUDFRd - ok
16:04:38.0576 4480 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
16:04:38.0654 4480 wudfsvc - ok
16:04:38.0685 4480 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
16:04:38.0732 4480 WwanSvc - ok
16:04:38.0841 4480 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\windows\system32\DRIVERS\xusb21.sys
16:04:38.0888 4480 xusb21 - ok
16:04:38.0919 4480 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:04:39.0028 4480 \Device\Harddisk0\DR0 - ok
16:04:39.0044 4480 Boot (0x1200) (ee1a14302dfbcb09c099bca907471a44) \Device\Harddisk0\DR0\Partition0
16:04:39.0044 4480 \Device\Harddisk0\DR0\Partition0 - ok
16:04:39.0075 4480 Boot (0x1200) (1d2361db500e76e26a26fc8d37ab7c12) \Device\Harddisk0\DR0\Partition1
16:04:39.0075 4480 \Device\Harddisk0\DR0\Partition1 - ok
16:04:39.0106 4480 Boot (0x1200) (f8fbbf31f610bd4b6ab29dfed0fc497e) \Device\Harddisk0\DR0\Partition2
16:04:39.0106 4480 \Device\Harddisk0\DR0\Partition2 - ok
16:04:39.0106 4480 ============================================================
16:04:39.0106 4480 Scan finished
16:04:39.0106 4480 ============================================================
16:04:39.0122 3544 Detected object count: 2
16:04:39.0122 3544 Actual detected object count: 2
16:04:55.0533 3544 acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user
16:04:55.0533 3544 acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:04:55.0533 3544 StumbleUponUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
16:04:55.0533 3544 StumbleUponUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:11.0067 2084 Deinitialize success
|
|
22.03.2012, 16:26
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowssystem gesperrt, Malwarebytes ausgeführt Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
22.03.2012, 17:13
| #19 |
| | Windowssystem gesperrt, Malwarebytes ausgeführt EDIT: Ach, verdammt.. -.- Hatte den Windows Defender vergessen/übersehen... Noch mal mit Combofix deshalb oder geht das trotzdem? Ging ohne Fehlermeldungen und schnell über die Bühne: Code:
ATTFilter ComboFix 12-03-22.01 - Administrator 22.03.2012 16:54:02.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3691.2338 [GMT 1:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\s.bat
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-22 bis 2012-03-22 ))))))))))))))))))))))))))))))
.
.
2012-03-22 16:03 . 2012-03-22 16:03 -------- d-----w- c:\users\Sara\AppData\Local\temp
2012-03-22 16:03 . 2012-03-22 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-22 15:02 . 2012-03-22 15:02 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFFB39D9-A341-4186-B8AF-045F35EC84D0}\offreg.dll
2012-03-21 19:47 . 2012-03-21 19:47 -------- d-----w- C:\_OTL
2012-03-20 17:17 . 2012-03-20 17:17 -------- d-----w- c:\program files (x86)\ESET
2012-03-20 17:14 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFFB39D9-A341-4186-B8AF-045F35EC84D0}\mpengine.dll
2012-03-20 02:43 . 2012-03-20 02:43 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-03-20 02:42 . 2012-03-20 02:42 -------- d-----w- c:\programdata\Malwarebytes
2012-03-20 02:42 . 2012-03-20 02:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-20 02:42 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 01:03 . 2012-03-20 02:35 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2012-03-17 07:09 . 2012-03-17 07:09 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 07:09 . 2012-03-17 07:09 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 18:51 . 2012-03-14 18:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\RenPy
2012-03-14 16:55 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 16:55 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 16:55 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 05:50 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 05:50 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 05:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 05:17 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 05:17 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 05:17 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 05:17 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 05:17 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 05:17 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 05:17 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-09 01:52 . 2012-03-10 03:59 -------- d-----w- c:\program files (x86)\Slingo Quest Hawaii
2012-03-09 01:39 . 2012-03-09 01:40 -------- d-----w- c:\program files (x86)\Slingo Quest Egypt Beta
2012-03-09 01:38 . 2012-03-09 01:38 -------- d-----w- c:\program files (x86)\Slingo Supreme
2012-03-09 01:38 . 2012-03-09 01:38 -------- d-----w- c:\windows\Slingo Supreme
2012-03-09 01:29 . 2012-03-09 01:29 -------- d-----w- c:\program files (x86)\Slingo Quest Amazon [UPDATE]
2012-03-06 23:44 . 2012-03-06 23:44 -------- d-----w- c:\program files (x86)\Funkitron
2012-03-05 22:20 . 2012-02-28 16:15 611224 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-05 21:37 . 2012-03-16 18:09 -------- d-----w- c:\users\Administrator\AppData\Roaming\funkitron
2012-03-03 23:06 . 2012-03-03 23:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\Iggels
2012-03-03 23:00 . 2012-03-03 23:03 -------- d-----w- c:\users\Administrator\.junique
2012-03-03 23:00 . 2012-03-03 23:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\VMLoad
2012-03-03 22:54 . 2012-03-03 22:54 -------- d--h--w- c:\programdata\Common Files
2012-03-03 22:07 . 2012-03-05 21:32 -------- d-----w- c:\programdata\Big Fish Games
2012-03-03 22:07 . 2012-03-03 22:07 -------- d-----w- c:\program files (x86)\Pflanzen gegen Zombies
2012-03-02 17:37 . 2012-03-02 17:37 -------- d-----w- c:\windows\solcache
2012-03-02 17:36 . 2012-03-02 17:36 -------- d-----w- c:\program files (x86)\Sierra On-Line
2012-03-02 17:36 . 2012-03-02 17:36 -------- d-----w- C:\SIERRA
2012-03-02 17:35 . 1997-05-12 16:53 314368 ----a-w- c:\windows\IsUninst.exe
2012-03-02 17:34 . 2012-03-02 18:17 -------- d-----w- c:\program files (x86)\Spawn
2012-03-02 17:33 . 2012-03-02 17:34 2829 ----a-w- c:\windows\DiabUnin.pif
2012-03-02 17:33 . 2012-03-02 17:34 118784 ----a-w- c:\windows\DiabUnin.exe
2012-03-02 17:33 . 2012-03-03 21:03 -------- d-----w- c:\program files (x86)\Diablo
2012-03-01 19:48 . 2012-03-01 19:48 -------- d-----w- c:\programdata\SpecialBit Games
2012-03-01 19:47 . 2012-03-05 21:34 -------- d-----w- c:\program files (x86)\Big Fish
2012-03-01 19:47 . 2012-03-05 21:32 -------- d-----w- c:\program files (x86)\bfgclient
2012-03-01 19:46 . 2012-03-05 21:36 -------- d-----w- C:\BigFishGamesCache
2012-02-29 22:01 . 2012-02-29 22:03 -------- d-----w- c:\users\Administrator\.gimp-2.6
2012-02-28 16:21 . 2012-02-28 16:24 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2012-02-28 16:15 . 2012-02-28 16:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-26 19:02 . 2012-02-26 19:02 -------- d-----w- c:\program files (x86)\KV Software
2012-02-26 18:56 . 2012-02-26 18:56 -------- d-----w- c:\users\Administrator\AppData\Local\InterBA
2012-02-26 18:55 . 2012-02-26 18:56 -------- d-----w- c:\programdata\InterBA
2012-02-26 18:55 . 2009-02-09 01:10 68232 ----a-w- c:\windows\UnDeployV.exe
2012-02-24 00:46 . 2012-02-28 01:31 -------- d-----w- c:\program files (x86)\Vieh Chroniken
2012-02-21 19:24 . 2012-02-24 00:58 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-21 19:24 . 2012-02-24 00:58 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-21 19:24 . 2012-02-24 00:58 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-21 19:24 . 2012-02-24 00:58 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-21 19:24 . 2012-02-21 19:24 -------- d-----w- c:\program files (x86)\OpenAL
2012-02-21 19:23 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-02-21 19:23 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-02-21 19:23 . 2008-07-12 07:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-02-21 19:23 . 2008-07-12 07:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-02-21 19:23 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-02-21 19:23 . 2008-07-12 07:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-02-21 18:54 . 2012-02-24 00:45 -------- d-----w- c:\program files (x86)\Unwritten Tales
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 16:14 . 2011-04-01 22:01 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 08:18 . 2011-03-20 18:24 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 22:05 . 2011-05-13 12:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-18 03:45 . 2012-02-18 03:45 125440 ----a-w- c:\windows\system32\drivers\acedrv07.sys
2012-02-18 03:45 . 2012-02-18 03:45 81920 ----a-w- c:\windows\SysWow64\acedrv07.dll
2012-02-15 18:15 . 2011-10-15 22:39 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-04 10:44 . 2012-02-15 08:33 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 08:33 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26 . 2012-02-15 08:32 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 08:32 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 08:32 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-24 23:36 . 2011-12-24 23:36 17280 ----a-w- c:\windows\system32\drivers\USBDrv_AMD64.sys
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59 269824 ----a-w- c:\users\Administrator\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-25 336384]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-02-27 329056]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [2009-04-28 29184]
R2 StumbleUponUpdater;StumbleUpon Updater;c:\users\Administrator\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [2011-11-22 18432]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv_AMD64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-25 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 59171905
*Deregistered* - 59171905
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 16:21]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 16:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-02-27 11:40 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-02-27 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-02-27 9744800]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-02-27 5399456]
"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [2009-10-29 660136]
"lxdnamon"="c:\program files (x86)\Lexmark 2600 Series\lxdnamon.exe" [2009-10-29 16040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: Alles mit NetXfer herunterladen - c:\program files (x86)\Xi\NetXfer\NXAddList.html
IE: Free YouTube Download - c:\users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Herunterladen mit NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddLink.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9grnwodb.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Sanitarium - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:75,54,15,24,9b,8b,cc,01
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,3f,1e,3d,bb,c5,bf,45,be,07,37,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,3f,1e,3d,bb,c5,bf,45,be,07,37,\
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.INF\UserChoice]
@Denied: (2) (Administrator)
"Progid"="inffile"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-22 17:08:04
ComboFix-quarantined-files.txt 2012-03-22 16:08
.
Vor Suchlauf: 14 Verzeichnis(se), 37.116.379.136 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 36.745.515.008 Bytes frei
.
- - End Of File - - C78C93785E3411FB82EF7B8CF4B4A705
Geändert von Madame (22.03.2012 um 17:53 Uhr) |
|
23.03.2012, 20:44
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowssystem gesperrt, Malwarebytes ausgeführt Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.03.2012, 21:15
| #21 |
| | Windowssystem gesperrt, Malwarebytes ausgeführt Hmm, scheint nichts gefunden zu haben!? Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-23 20:56:11
-----------------------------
20:56:11.308 OS Version: Windows x64 6.1.7601 Service Pack 1
20:56:11.308 Number of processors: 2 586 0x100
20:56:11.308 ComputerName: SARA-PC UserName:
20:56:12.649 Initialze error C000010E - driver not loaded
20:56:19.950 AVAST engine defs: 12032301
20:56:20.434 Service scanning
20:57:01.431 Modules scanning
20:57:01.431 Disk 0 trace - called modules:
20:57:01.431
20:57:02.741 AVAST engine scan C:\windows
20:57:06.828 AVAST engine scan C:\windows\system32
21:01:49.844 AVAST engine scan C:\windows\system32\drivers
21:02:08.533 AVAST engine scan C:\Users\Administrator
21:11:53.238 AVAST engine scan C:\ProgramData
21:13:18.679 Scan finished successfully
21:13:31.611 The log file has been saved successfully to "C:\Users\Administrator\Desktop\Scan1.txt"
|
|
23.03.2012, 22:00
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowssystem gesperrt, Malwarebytes ausgeführt Du hast das irgendwie falsch ausgeführt. Wiederhol das bitte, halte dich an die Anleitung
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.03.2012, 22:07
| #23 |
| | Windowssystem gesperrt, Malwarebytes ausgeführt Also beim ersten Mal war unten "Quickscan" ausgewählt, dazu stand aber auch nichts in der Anleitung. :/ Habe es jetzt beim zweiten Mal auf "[none]" gestellt. Ging nun noch schneller, sieht aber anders aus. Hoffe, Du kannst damit was anfangen!? Habe sonst alles gemacht wie in der Anleitung. Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-23 22:02:34
-----------------------------
22:02:34.807 OS Version: Windows x64 6.1.7601 Service Pack 1
22:02:34.807 Number of processors: 2 586 0x100
22:02:34.807 ComputerName: SARA-PC UserName:
22:02:35.915 Initialize success
22:02:43.294 AVAST engine defs: 12032301
22:02:53.590 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
22:02:53.590 Disk 0 Vendor: HITACHI_ PB3Z Size: 305245MB BusType: 11
22:02:53.605 Disk 0 MBR read successfully
22:02:53.621 Disk 0 MBR scan
22:02:53.621 Disk 0 Windows 7 default MBR code
22:02:53.636 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
22:02:53.652 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648
22:02:53.668 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312
22:02:53.714 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528
22:02:53.761 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360
22:02:53.808 Disk 0 scanning C:\windows\system32\drivers
22:03:10.235 Service scanning
22:03:51.201 Modules scanning
22:03:51.216 Disk 0 trace - called modules:
22:03:51.263 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
22:03:51.263 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004090060]
22:03:51.279 3 CLASSPNP.SYS[fffff8800166543f] -> nt!IofCallDriver -> [0xfffffa8003c11af0]
22:03:51.294 5 amd_xata.sys[fffff880011027a8] -> nt!IofCallDriver -> [0xfffffa8003c0fa20]
22:03:51.294 7 ACPI.sys[fffff88000f1e7a1] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8003c0d060]
22:03:51.310 Scan finished successfully
22:04:11.933 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
22:04:11.949 The log file has been saved successfully to "C:\Users\Administrator\Desktop\Scan2.txt"
|
|
24.03.2012, 18:08
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowssystem gesperrt, Malwarebytes ausgeführt Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2012, 15:52
| #25 |
| | Windowssystem gesperrt, Malwarebytes ausgeführt So, hier die Logs. Hab mich bei dem SUPERAntispyware-Log etwas erschrocken, aber scheinen ja alles Cookies zu sein!? Wie verfahre ich damit? Oder sind die egal? Wenn jetzt alles so weit okay zu sein scheint.. Eine Frage hätte ich da noch. Mit ESET hatte ich ja 6 Funde, vor allem ja in den Java-Ordnern. Sind die jetzt durch die Combofix-Aktion auch weg? Ich frage weil die ja vorher mit Malwarebytes auch nicht angezeigt worden waren. Grüße und nochmals VIELEN DANK für die Hilfe! Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.25.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Administrator :: SARA-PC [Administrator] Schutz: Aktiviert 25.03.2012 05:56:27 mbam-log-2012-03-25 (05-56-27).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 384996 Laufzeit: 2 Stunde(n), 8 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/25/2012 at 01:13 PM
Application Version : 5.0.1146
Core Rules Database Version : 8377
Trace Rules Database Version: 6189
Scan type : Complete Scan
Total Scan Time : 02:38:12
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 769
Memory threats detected : 0
Registry items scanned : 65720
Registry threats detected : 0
File items scanned : 193613
File threats detected : 227
Adware.Tracking Cookie
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\SHIXBGKX.txt [ /apmebf.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\IWF8L71Q.txt [ /forum.usenext.de ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\KJDKRBXG.txt [ /doubleclick.net ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\YFPHTPU1.txt [ /fastclick.net ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\MQH65QB8.txt [ /mediaplex.com ]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\F435VQAJ.txt [ /smartadserver.com ]
C:\USERS\ADMINISTRATOR\Cookies\SHIXBGKX.txt [ Cookie:administrator@apmebf.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\KJDKRBXG.txt [ Cookie:administrator@doubleclick.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\YFPHTPU1.txt [ Cookie:administrator@fastclick.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\MQH65QB8.txt [ Cookie:administrator@mediaplex.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\F435VQAJ.txt [ Cookie:administrator@smartadserver.com/ ]
.paypal.112.2o7.net [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unister-adservices.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unister-adservices.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ads.ersamedia.ch [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
1xxx.cqcounter.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
stats.computecmedia.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
partners.webmasterplan.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.conrad.122.2o7.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\SARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9APB6FBC.DEFAULT\COOKIES.SQLITE ]
PUP.SoftonicDownloader
C:\USERS\ADMINISTRATOR\DOWNLOADS\SOFTONICDOWNLOADER_FUER_VMLOAD.EXE
|
|
25.03.2012, 16:03
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowssystem gesperrt, Malwarebytes ausgeführt Sieht ok aus, da wurden nur Cookies gefunden. Naja und 1x Softonic-Müll!  Finger weg in Zukunft von SoftonicCookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2012, 16:06
| #27 |
| | Windowssystem gesperrt, Malwarebytes ausgeführt Nein, sonst keine Probleme mehr. Die damals mit ESET gefundenen Sachen sind mit Combofix erledigt worden? Die wurden ja mit Malwarebytes vorher auch nicht gefunden. Meine die, die in den Java-Ordnern saßen. 6 waren das gleich und ESET hat die das erste Mal aufgebracht. Kein anderer Scan vorher. Also muss ich mir da noch Sorgen machhen? Sonst läuft alles prima, besser als vorher, meine ich. |
|
25.03.2012, 17:39
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowssystem gesperrt, Malwarebytes ausgeführt Den Javaordner kannst du doch einfach manuell leeren, wo ist da das Problem Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2012, 18:15
| #29 |
| | Windowssystem gesperrt, Malwarebytes ausgeführt Alles klar, wird gemacht. Vielen Dank für Deine Hilfe, Ihr alle macht einen großartigen Job! Ohne Euch wären so einige Leute aufgeschmissen. |
|
| Themen zu Windowssystem gesperrt, Malwarebytes ausgeführt |
| 0x00000001, alternate, antivir, avira, bho, c:\windows\system32\cmd.exe, cid, desktop, downloader, error, firefox, flash player, format, helper, home, install.exe, installation, jdownloader, lenovo, locker, logfile, microsoft office 2003, mp3, plug-in, programm, realtek, registry, rundll, scan, searchscopes, security, software, super, usb, usb 2.0, windows |
Linear-Darstellung
