| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, SystemfehlermeldungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.05.2012, 23:15
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Wiederhol den Fix im abgesicherten Modus bitte
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.05.2012, 08:22
| #17 |
 | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Hallo Arne,
__________________ich habe OTL im abgesicherten Modus wiederholt; hier das Logfile dazu: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1415130864-2451929093-3127007980-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1415130864-2451929093-3127007980-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetOpenWith not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-1415130864-2451929093-3127007980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-1415130864-2451929093-3127007980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks not found.
Registry value HKEY_USERS\S-1-5-21-1415130864-2451929093-3127007980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction not found.
Registry value HKEY_USERS\S-1-5-21-1415130864-2451929093-3127007980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings not found.
Folder C:\Program Files\Babylon\ not found.
Folder C:\Users\xxxxx\AppData\Roaming\ICQ Toolbar\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: xxxxxx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: xxxxxxx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: xxxxx
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: xxxxx_User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1192 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 0,00 mb
[EMPTYFLASH]
User: All Users
User: xxxxxx
->Flash cache emptied: 0 bytes
User: xxxxxxx
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: xxxxx
->Flash cache emptied: 0 bytes
User: xxxxx_User
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.43.0 log created on 05262012_085128
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Frank |
|
26.05.2012, 15:28
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
26.05.2012, 18:04
| #19 |
| | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Hallo Arne, ich habe im normalen Modus den TDSS-Killer laufen lassen. Er hat 11 Threats gemeldet, die ich alle mit 'skip' beantwortet habe. Hier das entsprechende Ergebnis-log: Code:
ATTFilter 18:55:51.0477 5632 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
18:55:51.0511 5632 ============================================================
18:55:51.0511 5632 Current date / time: 2012/05/26 18:55:51.0511
18:55:51.0511 5632 SystemInfo:
18:55:51.0511 5632
18:55:51.0512 5632 OS Version: 6.0.6002 ServicePack: 2.0
18:55:51.0512 5632 Product type: Workstation
18:55:51.0512 5632 ComputerName: TIEMANN-PC
18:55:51.0512 5632 UserName: xxxxx
18:55:51.0512 5632 Windows directory: C:\Windows
18:55:51.0512 5632 System windows directory: C:\Windows
18:55:51.0512 5632 Processor architecture: Intel x86
18:55:51.0512 5632 Number of processors: 2
18:55:51.0512 5632 Page size: 0x1000
18:55:51.0512 5632 Boot type: Normal boot
18:55:51.0512 5632 ============================================================
18:55:51.0854 5632 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:55:51.0912 5632 Drive \Device\Harddisk6\DR6 - Size: 0x78800000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:55:51.0913 5632 ============================================================
18:55:51.0913 5632 \Device\Harddisk0\DR0:
18:55:51.0913 5632 MBR partitions:
18:55:51.0913 5632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38827D88
18:55:51.0913 5632 \Device\Harddisk6\DR6:
18:55:51.0913 5632 MBR partitions:
18:55:51.0913 5632 ============================================================
18:55:51.0928 5632 C: <-> \Device\Harddisk0\DR0\Partition0
18:55:51.0929 5632 ============================================================
18:55:51.0929 5632 Initialize success
18:55:51.0929 5632 ============================================================
18:56:45.0674 6100 ============================================================
18:56:45.0674 6100 Scan started
18:56:45.0674 6100 Mode: Manual; SigCheck; TDLFS;
18:56:45.0674 6100 ============================================================
18:56:46.0142 6100 3xHybrid (b1e652b9e5cb8e28d3686299944dbcd3) C:\Windows\system32\DRIVERS\3xHybrid.sys
18:56:46.0342 6100 3xHybrid - ok
18:56:46.0437 6100 ACDaemon - ok
18:56:46.0583 6100 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:56:46.0600 6100 ACPI - ok
18:56:46.0678 6100 ADIHdAudAddService (18214c7b97ae093a6631a2fba4129f68) C:\Windows\system32\drivers\ADIHdAud.sys
18:56:46.0745 6100 ADIHdAudAddService - ok
18:56:46.0793 6100 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:56:46.0804 6100 AdobeARMservice - ok
18:56:46.0880 6100 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:56:46.0922 6100 adp94xx - ok
18:56:46.0986 6100 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:56:47.0004 6100 adpahci - ok
18:56:47.0019 6100 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:56:47.0032 6100 adpu160m - ok
18:56:47.0049 6100 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:56:47.0063 6100 adpu320 - ok
18:56:47.0113 6100 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:56:47.0208 6100 AeLookupSvc - ok
18:56:47.0246 6100 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
18:56:47.0292 6100 Afc - ok
18:56:47.0411 6100 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:56:47.0478 6100 AFD - ok
18:56:47.0548 6100 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:56:47.0561 6100 agp440 - ok
18:56:47.0600 6100 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:56:47.0613 6100 aic78xx - ok
18:56:47.0635 6100 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:56:47.0753 6100 ALG - ok
18:56:47.0776 6100 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:56:47.0787 6100 aliide - ok
18:56:47.0803 6100 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:56:47.0815 6100 amdagp - ok
18:56:47.0831 6100 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:56:47.0841 6100 amdide - ok
18:56:47.0854 6100 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:56:48.0008 6100 AmdK7 - ok
18:56:48.0039 6100 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
18:56:48.0093 6100 AmdK8 - ok
18:56:48.0232 6100 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:56:48.0251 6100 AntiVirSchedulerService - ok
18:56:48.0309 6100 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:56:48.0329 6100 AntiVirService - ok
18:56:48.0405 6100 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:56:48.0498 6100 Appinfo - ok
18:56:48.0576 6100 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:56:48.0597 6100 Apple Mobile Device - ok
18:56:48.0627 6100 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:56:48.0660 6100 arc - ok
18:56:48.0706 6100 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:56:48.0726 6100 arcsas - ok
18:56:48.0784 6100 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:56:48.0863 6100 AsyncMac - ok
18:56:48.0897 6100 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:56:48.0918 6100 atapi - ok
18:56:49.0004 6100 athrusb (59db74ef3b328852a736578dff3fcad6) C:\Windows\system32\DRIVERS\athrusb.sys
18:56:49.0072 6100 athrusb - ok
18:56:49.0136 6100 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
18:56:49.0164 6100 atksgt - ok
18:56:49.0234 6100 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:56:49.0278 6100 AudioEndpointBuilder - ok
18:56:49.0286 6100 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:56:49.0314 6100 Audiosrv - ok
18:56:49.0407 6100 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
18:56:49.0431 6100 avgntflt - ok
18:56:49.0500 6100 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
18:56:49.0525 6100 avipbb - ok
18:56:49.0548 6100 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:56:49.0570 6100 avkmgr - ok
18:56:49.0616 6100 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:56:49.0699 6100 Beep - ok
18:56:49.0771 6100 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:56:49.0843 6100 BFE - ok
18:56:49.0893 6100 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\System32\bgsvcgen.exe
18:56:49.0915 6100 bgsvcgen - ok
18:56:50.0028 6100 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
18:56:50.0121 6100 BITS - ok
18:56:50.0160 6100 blbdrive - ok
18:56:50.0250 6100 BMUService (bd32e440dcdf35d421a4b309b13aef5a) C:\Program Files\Memeo\AutoBackup\MemeoService.exe
18:56:50.0278 6100 BMUService ( UnsignedFile.Multi.Generic ) - warning
18:56:50.0278 6100 BMUService - detected UnsignedFile.Multi.Generic (1)
18:56:50.0363 6100 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:56:50.0404 6100 Bonjour Service - ok
18:56:50.0480 6100 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:56:50.0524 6100 bowser - ok
18:56:50.0557 6100 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:56:50.0586 6100 BrFiltLo - ok
18:56:50.0596 6100 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:56:50.0639 6100 BrFiltUp - ok
18:56:50.0703 6100 Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\Windows\system32\brsvc01a.exe
18:56:50.0723 6100 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning
18:56:50.0723 6100 Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)
18:56:50.0763 6100 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:56:50.0817 6100 Browser - ok
18:56:50.0855 6100 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:56:50.0923 6100 Brserid - ok
18:56:50.0944 6100 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:56:51.0018 6100 BrSerWdm - ok
18:56:51.0044 6100 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:56:51.0111 6100 BrUsbMdm - ok
18:56:51.0118 6100 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:56:51.0177 6100 BrUsbSer - ok
18:56:51.0213 6100 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:56:51.0287 6100 BTHMODEM - ok
18:56:51.0350 6100 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
18:56:51.0409 6100 BthServ - ok
18:56:51.0460 6100 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:56:51.0497 6100 cdfs - ok
18:56:51.0561 6100 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
18:56:51.0586 6100 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
18:56:51.0586 6100 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
18:56:51.0626 6100 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:56:51.0668 6100 cdrom - ok
18:56:51.0730 6100 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:56:51.0781 6100 CertPropSvc - ok
18:56:51.0833 6100 CheckStage2_svc (482408efd62a9fdf63382ac71cc74c63) C:\Windows\CheckStage2.exe
18:56:51.0848 6100 CheckStage2_svc ( UnsignedFile.Multi.Generic ) - warning
18:56:51.0848 6100 CheckStage2_svc - detected UnsignedFile.Multi.Generic (1)
18:56:51.0873 6100 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:56:51.0942 6100 circlass - ok
18:56:51.0993 6100 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:56:52.0010 6100 CLFS - ok
18:56:52.0143 6100 ClipInc001 - ok
18:56:52.0230 6100 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:56:52.0250 6100 clr_optimization_v2.0.50727_32 - ok
18:56:52.0304 6100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:56:52.0328 6100 clr_optimization_v4.0.30319_32 - ok
18:56:52.0346 6100 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:56:52.0357 6100 cmdide - ok
18:56:52.0432 6100 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
18:56:52.0443 6100 Compbatt - ok
18:56:52.0449 6100 COMSysApp - ok
18:56:52.0509 6100 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
18:56:52.0531 6100 cpuz135 - ok
18:56:52.0546 6100 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:56:52.0557 6100 crcdisk - ok
18:56:52.0573 6100 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:56:52.0635 6100 Crusoe - ok
18:56:52.0697 6100 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
18:56:52.0735 6100 CryptSvc - ok
18:56:52.0811 6100 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:56:52.0876 6100 DcomLaunch - ok
18:56:52.0913 6100 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:56:52.0964 6100 DfsC - ok
18:56:53.0163 6100 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:56:53.0334 6100 DFSR - ok
18:56:53.0523 6100 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:56:53.0580 6100 Dhcp - ok
18:56:53.0639 6100 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:56:53.0653 6100 disk - ok
18:56:53.0693 6100 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:56:53.0738 6100 Dnscache - ok
18:56:53.0786 6100 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:56:53.0838 6100 dot3svc - ok
18:56:53.0881 6100 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:56:53.0928 6100 DPS - ok
18:56:53.0983 6100 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:56:54.0036 6100 drmkaud - ok
18:56:54.0084 6100 DslMNLwf (e577b5c4a6be078e5445cdcfb65be7ab) C:\Windows\system32\DRIVERS\dslmnlwf.sys
18:56:54.0106 6100 DslMNLwf - ok
18:56:54.0160 6100 dsltestSp5 (c6b2e10cfe79169c72f0269087b9a603) C:\Windows\system32\Drivers\dsltestSp5.sys
18:56:54.0183 6100 dsltestSp5 - ok
18:56:54.0263 6100 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:56:54.0290 6100 DXGKrnl - ok
18:56:54.0342 6100 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:56:54.0398 6100 E1G60 - ok
18:56:54.0439 6100 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:56:54.0480 6100 EapHost - ok
18:56:54.0552 6100 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:56:54.0567 6100 Ecache - ok
18:56:54.0618 6100 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:56:54.0654 6100 ehRecvr - ok
18:56:54.0674 6100 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:56:54.0727 6100 ehSched - ok
18:56:54.0758 6100 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:56:54.0790 6100 ehstart - ok
18:56:54.0836 6100 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:56:54.0876 6100 elxstor - ok
18:56:54.0959 6100 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:56:55.0029 6100 EMDMgmt - ok
18:56:55.0098 6100 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:56:55.0159 6100 EventSystem - ok
18:56:55.0202 6100 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:56:55.0239 6100 exfat - ok
18:56:55.0285 6100 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:56:55.0335 6100 fastfat - ok
18:56:55.0386 6100 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:56:55.0509 6100 fdc - ok
18:56:55.0542 6100 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:56:55.0573 6100 fdPHost - ok
18:56:55.0605 6100 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:56:55.0660 6100 FDResPub - ok
18:56:55.0718 6100 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:56:55.0727 6100 FileInfo - ok
18:56:55.0748 6100 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:56:55.0795 6100 Filetrace - ok
18:56:55.0814 6100 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:56:55.0867 6100 flpydisk - ok
18:56:55.0912 6100 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:56:55.0923 6100 FltMgr - ok
18:56:56.0030 6100 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:56:56.0109 6100 FontCache - ok
18:56:56.0185 6100 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:56:56.0195 6100 FontCache3.0.0.0 - ok
18:56:56.0223 6100 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:56:56.0262 6100 Fs_Rec - ok
18:56:56.0298 6100 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:56:56.0308 6100 gagp30kx - ok
18:56:56.0333 6100 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:56:56.0341 6100 GEARAspiWDM - ok
18:56:56.0439 6100 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:56:56.0500 6100 gpsvc - ok
18:56:56.0652 6100 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:56:56.0662 6100 gupdate - ok
18:56:56.0683 6100 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:56:56.0693 6100 gupdatem - ok
18:56:56.0744 6100 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:56:56.0796 6100 HdAudAddService - ok
18:56:56.0848 6100 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:56:56.0930 6100 HDAudBus - ok
18:56:56.0958 6100 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:56:57.0034 6100 HidBth - ok
18:56:57.0057 6100 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:56:57.0126 6100 HidIr - ok
18:56:57.0164 6100 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
18:56:57.0180 6100 hidserv - ok
18:56:57.0206 6100 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:56:57.0229 6100 HidUsb - ok
18:56:57.0262 6100 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:56:57.0302 6100 hkmsvc - ok
18:56:57.0313 6100 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:56:57.0324 6100 HpCISSs - ok
18:56:57.0402 6100 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:56:57.0457 6100 HTTP - ok
18:56:57.0497 6100 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:56:57.0517 6100 i2omp - ok
18:56:57.0572 6100 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:56:57.0614 6100 i8042prt - ok
18:56:57.0648 6100 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:56:57.0668 6100 iaStorV - ok
18:56:57.0742 6100 IDriverT - ok
18:56:57.0891 6100 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:56:57.0967 6100 idsvc - ok
18:56:58.0057 6100 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:56:58.0077 6100 iirsp - ok
18:56:58.0147 6100 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:56:58.0224 6100 IKEEXT - ok
18:56:58.0269 6100 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
18:56:58.0280 6100 intelide - ok
18:56:58.0321 6100 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
18:56:58.0394 6100 intelppm - ok
18:56:58.0441 6100 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:56:58.0489 6100 IPBusEnum - ok
18:56:58.0528 6100 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:56:58.0567 6100 IpFilterDriver - ok
18:56:58.0609 6100 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:56:58.0659 6100 iphlpsvc - ok
18:56:58.0666 6100 IpInIp - ok
18:56:58.0692 6100 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:56:58.0765 6100 IPMIDRV - ok
18:56:58.0789 6100 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:56:58.0839 6100 IPNAT - ok
18:56:58.0990 6100 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
18:56:59.0048 6100 iPod Service - ok
18:56:59.0102 6100 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:56:59.0149 6100 IRENUM - ok
18:56:59.0206 6100 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:56:59.0217 6100 isapnp - ok
18:56:59.0252 6100 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:56:59.0267 6100 iScsiPrt - ok
18:56:59.0283 6100 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:56:59.0295 6100 iteatapi - ok
18:56:59.0327 6100 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:56:59.0338 6100 iteraid - ok
18:56:59.0387 6100 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\Windows\system32\DRIVERS\JGOGO.sys
18:56:59.0429 6100 JGOGO - ok
18:56:59.0479 6100 JRAID (f4a31e66a61c0783f51157519b03280b) C:\Windows\system32\DRIVERS\jraid.sys
18:56:59.0530 6100 JRAID - ok
18:56:59.0572 6100 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:56:59.0593 6100 kbdclass - ok
18:56:59.0626 6100 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:56:59.0686 6100 kbdhid - ok
18:56:59.0720 6100 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:56:59.0773 6100 KeyIso - ok
18:56:59.0813 6100 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:56:59.0835 6100 KSecDD - ok
18:56:59.0921 6100 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:56:59.0983 6100 KtmRm - ok
18:57:00.0027 6100 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
18:57:00.0073 6100 LanmanServer - ok
18:57:00.0128 6100 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:57:00.0161 6100 LanmanWorkstation - ok
18:57:00.0235 6100 LightScribeService - ok
18:57:00.0302 6100 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
18:57:00.0340 6100 lirsgt - ok
18:57:00.0362 6100 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:57:00.0427 6100 lltdio - ok
18:57:00.0478 6100 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:57:00.0557 6100 lltdsvc - ok
18:57:00.0580 6100 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:57:00.0636 6100 lmhosts - ok
18:57:00.0658 6100 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:57:00.0671 6100 LSI_FC - ok
18:57:00.0691 6100 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:57:00.0704 6100 LSI_SAS - ok
18:57:00.0739 6100 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:57:00.0752 6100 LSI_SCSI - ok
18:57:00.0776 6100 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:57:00.0822 6100 luafv - ok
18:57:00.0879 6100 lvpopflt (af280405c10f0d20f37670b7432e5c2f) C:\Windows\system32\DRIVERS\lvpopflt.sys
18:57:00.0914 6100 lvpopflt - ok
18:57:00.0952 6100 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
18:57:00.0974 6100 LVPr2Mon - ok
18:57:01.0016 6100 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\Windows\system32\DRIVERS\lvrs.sys
18:57:01.0045 6100 LVRS - ok
18:57:01.0402 6100 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\Windows\system32\DRIVERS\lvuvc.sys
18:57:01.0589 6100 LVUVC - ok
18:57:01.0723 6100 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
18:57:01.0742 6100 MBAMProtector - ok
18:57:01.0817 6100 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:57:01.0838 6100 MBAMService - ok
18:57:01.0863 6100 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:57:01.0875 6100 Mcx2Svc - ok
18:57:01.0928 6100 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:57:01.0938 6100 megasas - ok
18:57:01.0952 6100 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:57:01.0994 6100 MMCSS - ok
18:57:02.0069 6100 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:57:02.0098 6100 Modem - ok
18:57:02.0139 6100 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
18:57:02.0178 6100 MODEMCSA - ok
18:57:02.0234 6100 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:57:02.0272 6100 monitor - ok
18:57:02.0314 6100 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:57:02.0324 6100 mouclass - ok
18:57:02.0339 6100 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:57:02.0376 6100 mouhid - ok
18:57:02.0414 6100 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:57:02.0425 6100 MountMgr - ok
18:57:02.0491 6100 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:57:02.0502 6100 mpio - ok
18:57:02.0546 6100 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:57:02.0568 6100 mpsdrv - ok
18:57:02.0632 6100 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:57:02.0688 6100 MpsSvc - ok
18:57:02.0716 6100 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:57:02.0727 6100 Mraid35x - ok
18:57:02.0776 6100 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:57:02.0793 6100 MRxDAV - ok
18:57:02.0819 6100 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:57:02.0845 6100 mrxsmb - ok
18:57:02.0860 6100 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:57:02.0892 6100 mrxsmb10 - ok
18:57:02.0903 6100 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:57:02.0938 6100 mrxsmb20 - ok
18:57:02.0951 6100 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:57:02.0962 6100 msahci - ok
18:57:02.0976 6100 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:57:02.0989 6100 msdsm - ok
18:57:03.0025 6100 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:57:03.0059 6100 MSDTC - ok
18:57:03.0084 6100 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:57:03.0120 6100 Msfs - ok
18:57:03.0173 6100 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:57:03.0184 6100 msisadrv - ok
18:57:03.0210 6100 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:57:03.0267 6100 MSiSCSI - ok
18:57:03.0272 6100 msiserver - ok
18:57:03.0304 6100 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:57:03.0348 6100 MSKSSRV - ok
18:57:03.0408 6100 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:57:03.0439 6100 MSPCLOCK - ok
18:57:03.0483 6100 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:57:03.0535 6100 MSPQM - ok
18:57:03.0581 6100 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:57:03.0604 6100 MsRPC - ok
18:57:03.0619 6100 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:57:03.0632 6100 mssmbios - ok
18:57:03.0648 6100 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:57:03.0698 6100 MSTEE - ok
18:57:03.0719 6100 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:57:03.0732 6100 Mup - ok
18:57:03.0788 6100 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:57:03.0831 6100 napagent - ok
18:57:03.0877 6100 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:57:03.0898 6100 NativeWifiP - ok
18:57:03.0983 6100 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:57:04.0026 6100 NDIS - ok
18:57:04.0052 6100 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:57:04.0075 6100 NdisTapi - ok
18:57:04.0099 6100 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:57:04.0153 6100 Ndisuio - ok
18:57:04.0198 6100 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:57:04.0232 6100 NdisWan - ok
18:57:04.0253 6100 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:57:04.0277 6100 NDProxy - ok
18:57:04.0289 6100 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:57:04.0349 6100 NetBIOS - ok
18:57:04.0422 6100 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:57:04.0495 6100 netbt - ok
18:57:04.0536 6100 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:57:04.0551 6100 Netlogon - ok
18:57:04.0595 6100 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:57:04.0644 6100 Netman - ok
18:57:04.0688 6100 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:57:04.0731 6100 netprofm - ok
18:57:04.0823 6100 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:57:04.0836 6100 NetTcpPortSharing - ok
18:57:04.0860 6100 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:57:04.0880 6100 nfrd960 - ok
18:57:04.0908 6100 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:57:04.0964 6100 NlaSvc - ok
18:57:05.0017 6100 NMIndexingService - ok
18:57:05.0065 6100 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:57:05.0107 6100 Npfs - ok
18:57:05.0183 6100 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:57:05.0216 6100 nsi - ok
18:57:05.0238 6100 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:57:05.0282 6100 nsiproxy - ok
18:57:05.0403 6100 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:57:05.0501 6100 Ntfs - ok
18:57:05.0536 6100 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:57:05.0604 6100 ntrigdigi - ok
18:57:05.0641 6100 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:57:05.0671 6100 Null - ok
18:57:05.0770 6100 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:57:05.0838 6100 NVENETFD - ok
18:57:06.0574 6100 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:57:07.0025 6100 nvlddmkm - ok
18:57:07.0144 6100 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:57:07.0154 6100 nvraid - ok
18:57:07.0193 6100 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
18:57:07.0216 6100 nvstor - ok
18:57:07.0260 6100 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
18:57:07.0277 6100 nvstor32 - ok
18:57:07.0357 6100 nvsvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
18:57:07.0410 6100 nvsvc - ok
18:57:07.0650 6100 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:57:07.0765 6100 nvUpdatusService - ok
18:57:07.0889 6100 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:57:07.0900 6100 nv_agp - ok
18:57:07.0905 6100 NwlnkFlt - ok
18:57:07.0913 6100 NwlnkFwd - ok
18:57:08.0023 6100 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:57:08.0056 6100 odserv - ok
18:57:08.0100 6100 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:57:08.0137 6100 ohci1394 - ok
18:57:08.0181 6100 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:57:08.0192 6100 ose - ok
18:57:08.0268 6100 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:57:08.0326 6100 p2pimsvc - ok
18:57:08.0336 6100 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:57:08.0366 6100 p2psvc - ok
18:57:08.0440 6100 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
18:57:08.0486 6100 Parport - ok
18:57:08.0533 6100 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:57:08.0546 6100 partmgr - ok
18:57:08.0555 6100 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
18:57:08.0585 6100 Parvdm - ok
18:57:08.0615 6100 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:57:08.0669 6100 PcaSvc - ok
18:57:08.0709 6100 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:57:08.0723 6100 pci - ok
18:57:08.0757 6100 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:57:08.0769 6100 pciide - ok
18:57:08.0806 6100 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:57:08.0827 6100 pcmcia - ok
18:57:08.0891 6100 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:57:09.0034 6100 PEAUTH - ok
18:57:09.0150 6100 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:57:09.0269 6100 pla - ok
18:57:09.0407 6100 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:57:09.0453 6100 PlugPlay - ok
18:57:09.0534 6100 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:57:09.0590 6100 PNRPAutoReg - ok
18:57:09.0600 6100 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:57:09.0623 6100 PNRPsvc - ok
18:57:09.0672 6100 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:57:09.0699 6100 PolicyAgent - ok
18:57:09.0738 6100 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:57:09.0782 6100 PptpMiniport - ok
18:57:09.0815 6100 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:57:09.0861 6100 Processor - ok
18:57:09.0911 6100 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:57:09.0950 6100 ProfSvc - ok
18:57:09.0978 6100 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:57:09.0993 6100 ProtectedStorage - ok
18:57:10.0054 6100 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) C:\Windows\system32\PSIService.exe
18:57:10.0088 6100 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
18:57:10.0088 6100 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
18:57:10.0119 6100 PxHelp20 (86724469cd077901706854974cd13c3e) C:\Windows\system32\Drivers\PxHelp20.sys
18:57:10.0123 6100 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
18:57:10.0123 6100 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
18:57:10.0209 6100 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:57:10.0247 6100 ql2300 - ok
18:57:10.0269 6100 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:57:10.0282 6100 ql40xx - ok
18:57:10.0318 6100 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:57:10.0367 6100 QWAVE - ok
18:57:10.0404 6100 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:57:10.0432 6100 QWAVEdrv - ok
18:57:10.0522 6100 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
18:57:10.0536 6100 RapiMgr - ok
18:57:10.0572 6100 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:57:10.0644 6100 RasAcd - ok
18:57:10.0686 6100 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:57:10.0737 6100 RasAuto - ok
18:57:10.0779 6100 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:57:10.0824 6100 Rasl2tp - ok
18:57:10.0867 6100 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:57:10.0916 6100 RasMan - ok
18:57:10.0955 6100 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:57:11.0014 6100 RasPppoe - ok
18:57:11.0048 6100 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:57:11.0073 6100 RasSstp - ok
18:57:11.0123 6100 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:57:11.0169 6100 rdbss - ok
18:57:11.0200 6100 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:57:11.0248 6100 RDPCDD - ok
18:57:11.0302 6100 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:57:11.0361 6100 rdpdr - ok
18:57:11.0392 6100 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:57:11.0422 6100 RDPENCDD - ok
18:57:11.0469 6100 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
18:57:11.0518 6100 RDPWD - ok
18:57:11.0562 6100 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:57:11.0604 6100 RemoteAccess - ok
18:57:11.0646 6100 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:57:11.0680 6100 RemoteRegistry - ok
18:57:11.0768 6100 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
18:57:11.0780 6100 RichVideo - ok
18:57:11.0804 6100 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:57:11.0824 6100 RpcLocator - ok
18:57:11.0892 6100 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:57:11.0919 6100 RpcSs - ok
18:57:11.0962 6100 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:57:11.0986 6100 rspndr - ok
18:57:11.0998 6100 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:57:12.0011 6100 SamSs - ok
18:57:12.0035 6100 sbp2port (37ca203f8ccf732cd272a27e55b268c4) C:\Windows\system32\DRIVERS\sbp2port.sys
18:57:12.0048 6100 sbp2port - ok
18:57:12.0099 6100 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:57:12.0140 6100 SCardSvr - ok
18:57:12.0206 6100 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:57:12.0263 6100 Schedule - ok
18:57:12.0305 6100 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:57:12.0325 6100 SCPolicySvc - ok
18:57:12.0352 6100 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:57:12.0411 6100 SDRSVC - ok
18:57:12.0462 6100 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:57:12.0508 6100 seclogon - ok
18:57:12.0537 6100 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
18:57:12.0568 6100 SENS - ok
18:57:12.0610 6100 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
18:57:12.0659 6100 Serenum - ok
18:57:12.0712 6100 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
18:57:12.0744 6100 Serial - ok
18:57:12.0783 6100 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:57:12.0814 6100 sermouse - ok
18:57:12.0854 6100 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:57:12.0908 6100 SessionEnv - ok
18:57:12.0976 6100 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\Windows\system32\drivers\sfdrv01a.sys
18:57:13.0002 6100 sfdrv01a - ok
18:57:13.0038 6100 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:57:13.0107 6100 sffdisk - ok
18:57:13.0132 6100 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:57:13.0186 6100 sffp_mmc - ok
18:57:13.0200 6100 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:57:13.0251 6100 sffp_sd - ok
18:57:13.0295 6100 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
18:57:13.0312 6100 sfhlp02 - ok
18:57:13.0326 6100 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:57:13.0379 6100 sfloppy - ok
18:57:13.0427 6100 sfsync04 (c526ad307ff1900bc4c864f74553f762) C:\Windows\system32\drivers\sfsync04.sys
18:57:13.0444 6100 sfsync04 - ok
18:57:13.0481 6100 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:57:13.0507 6100 SharedAccess - ok
18:57:13.0577 6100 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:57:13.0633 6100 ShellHWDetection - ok
18:57:13.0647 6100 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:57:13.0656 6100 sisagp - ok
18:57:13.0668 6100 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:57:13.0677 6100 SiSRaid2 - ok
18:57:13.0690 6100 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:57:13.0702 6100 SiSRaid4 - ok
18:57:13.0758 6100 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
18:57:13.0769 6100 SkypeUpdate - ok
18:57:14.0000 6100 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:57:14.0163 6100 slsvc - ok
18:57:14.0295 6100 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:57:14.0335 6100 SLUINotify - ok
18:57:14.0415 6100 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:57:14.0476 6100 Smb - ok
18:57:14.0635 6100 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
18:57:14.0724 6100 smserial - ok
18:57:14.0766 6100 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:57:14.0800 6100 SNMPTRAP - ok
18:57:14.0833 6100 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:57:14.0845 6100 spldr - ok
18:57:14.0868 6100 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:57:14.0928 6100 Spooler - ok
18:57:14.0989 6100 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:57:15.0024 6100 srv - ok
18:57:15.0059 6100 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:57:15.0099 6100 srv2 - ok
18:57:15.0164 6100 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:57:15.0198 6100 srvnet - ok
18:57:15.0273 6100 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:57:15.0308 6100 SSDPSRV - ok
18:57:15.0393 6100 SSHDRV86 (b9e31f2a3640403b0ea3a867bb73b9f4) C:\Windows\system32\drivers\SSHDRV86.sys
18:57:15.0399 6100 SSHDRV86 ( UnsignedFile.Multi.Generic ) - warning
18:57:15.0399 6100 SSHDRV86 - detected UnsignedFile.Multi.Generic (1)
18:57:15.0475 6100 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:57:15.0493 6100 ssmdrv - ok
18:57:15.0543 6100 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:57:15.0580 6100 SstpSvc - ok
18:57:15.0646 6100 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:57:15.0673 6100 stisvc - ok
18:57:15.0712 6100 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:57:15.0723 6100 swenum - ok
18:57:15.0786 6100 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:57:15.0829 6100 swprv - ok
18:57:15.0860 6100 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:57:15.0871 6100 Symc8xx - ok
18:57:15.0888 6100 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:57:15.0900 6100 Sym_hi - ok
18:57:15.0912 6100 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:57:15.0923 6100 Sym_u3 - ok
18:57:15.0994 6100 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:57:16.0043 6100 SysMain - ok
18:57:16.0088 6100 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:57:16.0122 6100 TabletInputService - ok
18:57:16.0166 6100 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:57:16.0195 6100 TapiSrv - ok
18:57:16.0222 6100 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:57:16.0268 6100 TBS - ok
18:57:16.0349 6100 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:57:16.0416 6100 Tcpip - ok
18:57:16.0432 6100 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:57:16.0497 6100 Tcpip6 - ok
18:57:16.0540 6100 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:57:16.0564 6100 tcpipreg - ok
18:57:16.0624 6100 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:57:16.0675 6100 TDPIPE - ok
18:57:16.0794 6100 TDslMgrService (16c73f84c202c5380fb63f755bfa8bee) C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe
18:57:16.0833 6100 TDslMgrService ( UnsignedFile.Multi.Generic ) - warning
18:57:16.0833 6100 TDslMgrService - detected UnsignedFile.Multi.Generic (1)
18:57:16.0857 6100 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:57:16.0889 6100 TDTCP - ok
18:57:16.0931 6100 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:57:16.0969 6100 tdx - ok
18:57:17.0005 6100 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:57:17.0018 6100 TermDD - ok
18:57:17.0094 6100 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:57:17.0151 6100 TermService - ok
18:57:17.0195 6100 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:57:17.0215 6100 Themes - ok
18:57:17.0236 6100 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:57:17.0269 6100 THREADORDER - ok
18:57:17.0347 6100 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
18:57:17.0358 6100 TomTomHOMEService - ok
18:57:17.0418 6100 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:57:17.0491 6100 TrkWks - ok
18:57:17.0552 6100 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:57:17.0577 6100 TrustedInstaller - ok
18:57:17.0604 6100 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:57:17.0657 6100 tssecsrv - ok
18:57:17.0694 6100 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:57:17.0709 6100 tunmp - ok
18:57:17.0746 6100 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:57:17.0760 6100 tunnel - ok
18:57:17.0820 6100 TVECapSvc (7b9e06ab84d4bdcc1435de05bd1a9e0c) C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
18:57:17.0845 6100 TVECapSvc ( UnsignedFile.Multi.Generic ) - warning
18:57:17.0845 6100 TVECapSvc - detected UnsignedFile.Multi.Generic (1)
18:57:17.0886 6100 TVESched (4938406f5f74adda8e75ffbd65aa5628) C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
18:57:17.0914 6100 TVESched ( UnsignedFile.Multi.Generic ) - warning
18:57:17.0914 6100 TVESched - detected UnsignedFile.Multi.Generic (1)
18:57:17.0948 6100 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:57:17.0968 6100 uagp35 - ok
18:57:18.0029 6100 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:57:18.0080 6100 udfs - ok
18:57:18.0161 6100 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:57:18.0194 6100 UI0Detect - ok
18:57:18.0221 6100 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:57:18.0233 6100 uliagpkx - ok
18:57:18.0256 6100 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:57:18.0272 6100 uliahci - ok
18:57:18.0287 6100 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:57:18.0300 6100 UlSata - ok
18:57:18.0316 6100 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:57:18.0338 6100 ulsata2 - ok
18:57:18.0395 6100 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:57:18.0425 6100 umbus - ok
18:57:18.0549 6100 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
18:57:18.0584 6100 UMVPFSrv - ok
18:57:18.0637 6100 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:57:18.0695 6100 upnphost - ok
18:57:18.0739 6100 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:57:18.0760 6100 USBAAPL - ok
18:57:18.0777 6100 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:57:18.0815 6100 usbaudio - ok
18:57:18.0865 6100 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:57:18.0902 6100 usbccgp - ok
18:57:18.0940 6100 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:57:19.0009 6100 usbcir - ok
18:57:19.0034 6100 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:57:19.0071 6100 usbehci - ok
18:57:19.0112 6100 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:57:19.0162 6100 usbhub - ok
18:57:19.0209 6100 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
18:57:19.0215 6100 USBIO ( UnsignedFile.Multi.Generic ) - warning
18:57:19.0215 6100 USBIO - detected UnsignedFile.Multi.Generic (1)
18:57:19.0228 6100 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
18:57:19.0250 6100 usbohci - ok
18:57:19.0294 6100 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:57:19.0344 6100 usbprint - ok
18:57:19.0399 6100 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:57:19.0423 6100 usbscan - ok
18:57:19.0452 6100 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:57:19.0488 6100 USBSTOR - ok
18:57:19.0510 6100 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
18:57:19.0578 6100 usbuhci - ok
18:57:19.0612 6100 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:57:19.0646 6100 usbvideo - ok
18:57:19.0687 6100 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:57:19.0722 6100 UxSms - ok
18:57:19.0783 6100 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:57:19.0842 6100 vds - ok
18:57:19.0866 6100 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:57:19.0938 6100 vga - ok
18:57:19.0970 6100 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:57:20.0001 6100 VgaSave - ok
18:57:20.0017 6100 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:57:20.0029 6100 viaagp - ok
18:57:20.0042 6100 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:57:20.0115 6100 ViaC7 - ok
18:57:20.0129 6100 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:57:20.0140 6100 viaide - ok
18:57:20.0164 6100 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:57:20.0176 6100 volmgr - ok
18:57:20.0226 6100 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:57:20.0244 6100 volmgrx - ok
18:57:20.0277 6100 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:57:20.0297 6100 volsnap - ok
18:57:20.0314 6100 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:57:20.0327 6100 vsmraid - ok
18:57:20.0466 6100 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:57:20.0635 6100 VSS - ok
18:57:20.0699 6100 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:57:20.0765 6100 W32Time - ok
18:57:20.0817 6100 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:57:20.0917 6100 WacomPen - ok
18:57:20.0949 6100 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:57:20.0973 6100 Wanarp - ok
18:57:20.0978 6100 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:57:21.0004 6100 Wanarpv6 - ok
18:57:21.0058 6100 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
18:57:21.0080 6100 wanatw - ok
18:57:21.0160 6100 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
18:57:21.0180 6100 WcesComm - ok
18:57:21.0239 6100 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:57:21.0266 6100 wcncsvc - ok
18:57:21.0289 6100 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:57:21.0332 6100 WcsPlugInService - ok
18:57:21.0362 6100 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:57:21.0372 6100 Wd - ok
18:57:21.0428 6100 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:57:21.0461 6100 Wdf01000 - ok
18:57:21.0495 6100 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:57:21.0529 6100 WdiServiceHost - ok
18:57:21.0534 6100 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:57:21.0569 6100 WdiSystemHost - ok
18:57:21.0617 6100 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:57:21.0654 6100 WebClient - ok
18:57:21.0701 6100 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:57:21.0748 6100 Wecsvc - ok
18:57:21.0768 6100 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:57:21.0820 6100 wercplsupport - ok
18:57:21.0864 6100 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:57:21.0895 6100 WerSvc - ok
18:57:21.0949 6100 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:57:21.0965 6100 WinDefend - ok
18:57:21.0976 6100 WinHttpAutoProxySvc - ok
18:57:22.0052 6100 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:57:22.0095 6100 Winmgmt - ok
18:57:22.0187 6100 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:57:22.0279 6100 WinRM - ok
18:57:22.0333 6100 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
18:57:22.0371 6100 winusb - ok
18:57:22.0429 6100 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:57:22.0493 6100 Wlansvc - ok
18:57:22.0573 6100 wlidsvc - ok
18:57:22.0629 6100 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:57:22.0704 6100 WmiAcpi - ok
18:57:22.0779 6100 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:57:22.0803 6100 wmiApSrv - ok
18:57:22.0881 6100 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:57:22.0929 6100 WMPNetworkSvc - ok
18:57:22.0955 6100 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:57:22.0983 6100 WPCSvc - ok
18:57:23.0024 6100 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:57:23.0074 6100 WPDBusEnum - ok
18:57:23.0176 6100 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:57:23.0191 6100 WpdUsb - ok
18:57:23.0327 6100 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:57:23.0374 6100 WPFFontCache_v0400 - ok
18:57:23.0412 6100 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:57:23.0485 6100 ws2ifsl - ok
18:57:23.0534 6100 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
18:57:23.0568 6100 wscsvc - ok
18:57:23.0577 6100 WSearch - ok
18:57:23.0724 6100 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
18:57:23.0800 6100 wuauserv - ok
18:57:23.0949 6100 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:57:23.0987 6100 WUDFRd - ok
18:57:24.0024 6100 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:57:24.0051 6100 wudfsvc - ok
18:57:24.0104 6100 MBR (0x1B8) (2f04f445c78d9eb185bcf8fdef1e6df0) \Device\Harddisk0\DR0
18:57:24.0353 6100 \Device\Harddisk0\DR0 - ok
18:57:24.0359 6100 MBR (0x1B8) (822fa28e6cb0fcf050abc5e4a5bfe808) \Device\Harddisk6\DR6
18:57:31.0136 6100 \Device\Harddisk6\DR6 - ok
18:57:31.0154 6100 Boot (0x1200) (b8ec86d88809ab661af7eb569b06a06b) \Device\Harddisk0\DR0\Partition0
18:57:31.0180 6100 \Device\Harddisk0\DR0\Partition0 - ok
18:57:31.0180 6100 ============================================================
18:57:31.0180 6100 Scan finished
18:57:31.0180 6100 ============================================================
18:57:31.0196 6092 Detected object count: 11
18:57:31.0196 6092 Actual detected object count: 11
18:58:16.0770 6092 BMUService ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:16.0771 6092 BMUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:16.0777 6092 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:16.0778 6092 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:16.0781 6092 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:16.0781 6092 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:16.0786 6092 CheckStage2_svc ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:16.0786 6092 CheckStage2_svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:16.0794 6092 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:16.0794 6092 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:16.0797 6092 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:16.0797 6092 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:16.0802 6092 SSHDRV86 ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:16.0802 6092 SSHDRV86 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:16.0807 6092 TDslMgrService ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:16.0807 6092 TDslMgrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:16.0813 6092 TVECapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:16.0813 6092 TVECapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:16.0818 6092 TVESched ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:16.0818 6092 TVESched ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:16.0824 6092 USBIO ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:16.0824 6092 USBIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
Frank |
|
28.05.2012, 14:33
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.05.2012, 17:32
| #21 |
| | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Hallo Arne, Combofix ist durchgelaufen ohne Probleme. Das entsprechende logfile folgt hier: Code:
ATTFilter ComboFix 12-05-28.02 - xxxxx 28.05.2012 17:54:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1978 [GMT 2:00]
ausgeführt von:: c:\users\xxxxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\program files\UNWISE.EXE
c:\users\xxxxxx\AppData\Local\assembly\tmp
c:\users\xxxxx\AppData\Local\assembly\tmp
c:\users\xxxxx\pcwInfoCenter.z.exe
c:\users\Public\001.jpg
c:\windows\IsUn0407.exe
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-28 bis 2012-05-28 ))))))))))))))))))))))))))))))
.
.
2012-05-28 16:01 . 2012-05-28 16:01 -------- d-----w- c:\users\xxxxx\AppData\Local\temp
2012-05-28 16:01 . 2012-05-28 16:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-28 16:01 . 2012-05-28 16:01 -------- d-----w- c:\users\xxxxx_User\AppData\Local\temp
2012-05-28 16:01 . 2012-05-28 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-25 16:31 . 2012-05-25 16:31 -------- d-----w- C:\_OTL
2012-05-23 16:08 . 2012-05-23 16:08 -------- d-----w- c:\users\xxxxx\AppData\Roaming\NVIDIA
2012-05-19 14:01 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7174383-FF5A-4CAD-9ED0-18B046F9E35D}\mpengine.dll
2012-05-17 08:35 . 2012-05-17 08:35 -------- d-----w- c:\program files\7-Zip
2012-05-14 17:31 . 2012-05-14 18:00 -------- d-----w- c:\users\xxxxx_User\Kodak_Bilder
2012-05-14 17:29 . 2012-05-14 17:29 -------- d-----w- c:\users\xxxxx\Batch
2012-05-13 19:55 . 2012-05-13 19:55 -------- d-----w- c:\program files\ESET
2012-05-13 16:31 . 2012-05-13 16:31 -------- d-----w- c:\users\xxxxx\AppData\Roaming\Malwarebytes
2012-05-13 16:31 . 2012-05-13 16:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-13 16:31 . 2012-05-13 16:31 -------- d-----w- c:\programdata\Malwarebytes
2012-05-13 16:31 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 17:08 . 2011-10-24 17:10 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-08 17:08 . 2009-06-28 08:39 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2007-05-24 22:51 . 2007-07-24 19:21 3025703 ----a-r- c:\program files\inst.tmp
2007-05-24 22:51 . 2007-07-24 19:20 3025703 ----a-r- c:\program files\radiosauger_installer_.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"ledpointer"="CNYHKey.exe" [2006-11-09 5585408]
"MoLed"="ModLEDKey.exe" [2006-11-09 53248]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - [N/A]
.
c:\users\xxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\T-Online\DSL-Manager\DslMgr.exe [2007-9-25 1085440]
.
c:\users\xxxxx_User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\T-Online\DSL-Manager\DslMgr.exe [2007-9-25 1085440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2012\mshaktuell.exe [2012-3-24 1380464]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\T-Online\DSL-Manager\DslMgr.exe [2007-9-25 1085440]
T-Online DSL-Manager.lnk - c:\program files\T-Online\DSL-Manager\TODslMgr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClipIncSrvTray]
2007-10-24 15:05 425984 ----a-w- c:\program files\Tobit ClipInc\Player\ClipIncTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-12 23:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-02 09:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2007-05-08 16:22 155648 ------w- c:\program files\CyberLink\TV Enhance\TVEService.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-10-27 2814080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-02 17:03]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 19:14]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 19:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://focus.de/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.mediamarkt-fotoservice.de/ips-opdata/objects/jordan.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
HKLM-Run-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HKLM-Run-SoundMAXPnP - c:\program files\Analog Devices\Core\smax4pnp.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
AddRemove-3D Designer Software Haus und Wohnung_is1 - c:\program files\3DDesignerSoftware\unins000.exe
AddRemove-AOL Deinstallation - c:\program files\Common Files\AOL\uninstaller.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14} - c:\progra~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474} - c:\progra~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
AddRemove-{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1 - c:\program files\Auslogics\Auslogics Registry Cleaner\unins000.exe
AddRemove-{AC86ECA1-FA14-11D1-B4F6-00609781F44C} - c:\program files\Brockhaus Multimedia\Brockhaus multimedial\BMMUninst.exe
AddRemove-{D40EB009-0499-459c-A8AF-C9C110766215} - c:\program files\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-28 18:01
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1415130864-2451929093-3127007980-1001\Software\SecuROM\License information*]
"datasecu"=hex:2a,c9,b2,a2,d4,a2,d5,5f,e7,df,40,57,4d,a4,f2,16,7c,40,66,b7,6a,
55,af,c4,47,e3,fb,28,a1,04,98,c9,a9,a0,4a,e2,c5,f2,86,8b,5b,0b,7f,0e,c1,ce,\
"rkeysecu"=hex:0e,5f,1f,b6,9c,59,85,ca,cc,c7,81,3f,75,f1,d0,2a
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
Zeit der Fertigstellung: 2012-05-28 18:04:56
ComboFix-quarantined-files.txt 2012-05-28 16:04
.
Vor Suchlauf: 17 Verzeichnis(se), 251.082.485.760 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 251.547.250.688 Bytes frei
.
- - End Of File - - 88B2AD74000FC1AC3238E5BA50469DE4
Frank |
|
29.05.2012, 08:22
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2012, 10:49
| #23 |
| | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Hallo Arne, hier wieder meine Rückmeldung zu Deinen Arbeitsaufträgen: GMER lief nur kurz und bringt auch nur kurzes Ergebnisfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-05-29 11:21:34
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005c WDC_WD50 rev.12.0
Running: yrnmndcg.exe; Driver: C:\Users\xxxx\AppData\Local\Temp\uxdirfoc.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 883FDDD0
Device \Driver\atapi \Device\Ide\IdePort0 883FDDD0
Device \Driver\atapi \Device\Ide\IdePort1 883FDDD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 883FDDD0
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:35:47 on 29.05.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "bdeadmin.cpl" - "Borland Software Corporation" - C:\Windows\system32\bdeadmin.cpl "ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\ddbaccpl.cpl "ddbacctm.cpl" - "DataDesign AG" - C:\Windows\system32\ddbacctm.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\xxxxx\AppData\Local\Temp\catchme.sys (File not found) "cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\Windows\system32\drivers\cdrbsdrv.sys "cpuz135" (cpuz135) - "CPUID" - C:\Windows\system32\drivers\cpuz135_x32.sys "dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\System32\Drivers\dsltestSp5.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "Logitech POP Suppression Filter" (lvpopflt) - "Logitech Inc." - C:\Windows\System32\DRIVERS\lvpopflt.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SSHDRV86" (SSHDRV86) - ? - C:\Windows\system32\drivers\SSHDRV86.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x.a)" (sfdrv01a) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfdrv01a.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfsync04.sys "USBIO Driver (usbio.sys)" (USBIO) - "Thesycon GmbH, Germany" - C:\Windows\System32\Drivers\usbio.sys "uxdirfoc" (uxdirfoc) - ? - C:\Users\xxxxx\AppData\Local\Temp\uxdirfoc.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - ? - C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\XEBShell.dll (File not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} "JordanUploader Class" - "IPLabs GmbH" - C:\Windows\Downloaded Program Files\JordanApplet.dll / hxxp://www.mediamarkt-fotoservice.de/ips-opdata/objects/jordan.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {A8F2B9BD-A6A0-486A-9744-18920D898429} "ScorchPlugin Class" - "Sibelius Software, a division of Avid Technology, Inc. and its licensors." - C:\Program Files\Sibelius Software\Scorch\ActiveXPlugin\ScorchAxPlugin.dll / hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10v.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {B119EB0C-C021-46CF-85B0-34A760E0D5FE} "IE7Pro Preferences" - "IE7Pro.com" - C:\Program Files\IE7Pro\IE7Pro.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {0FB6A909-6086-458F-BD92-1F8EE10042A0} "AC-Pro" - ? - C:\Program Files\AutocompletePro\AutocompletePro.dll (File not found) {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll {00011268-E188-40DF-A514-835FCD78B1BF} "IE7Pro BHO" - "IE7Pro.com" - C:\Program Files\IE7Pro\IE7Pro.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - ? - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (File not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "WISO Mein Steuer-Sparbuch heute.lnk" - "Buhl Tax Service, Hannover" - C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "IndexSearch" - "ScanSoft, Inc." - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "JMB36X IDE Setup" - ? - C:\Windows\JM\JMInsIDE.exe (File found, but it contains no detailed information) "LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" "ledpointer" - "Chicony" - CNYHKey.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "MoLed" - "Chicony" - ModLEDKey.exe "PaperPort PTD" - "ScanSoft, Inc." - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe "RemoteControl" - "Cyberlink Corp." - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ArcSoft Connect Daemon" (ACDaemon) - ? - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (File not found) "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe "BrSplService" (Brother XP spl Service) - "brother Industries Ltd" - C:\Windows\system32\brsvc01a.exe "CheckStage2_svc" (CheckStage2_svc) - ? - C:\Windows\CheckStage2.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "DSL-Manager" (TDslMgrService) - "T-Systems Enterprise Services GmbH" - C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - ? - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (File not found) "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - ? - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (File not found) "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Memeo" (BMUService) - "Memeo" - C:\Program Files\Memeo\AutoBackup\MemeoService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe "TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe "TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - ? - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-29 11:39:46
-----------------------------
11:39:46.265 OS Version: Windows 6.0.6002 Service Pack 2
11:39:46.265 Number of processors: 2 586 0x6B01
11:39:46.267 ComputerName: yyyyyyy-PC UserName: xxxxx
11:39:48.796 Initialize success
11:39:55.694 AVAST engine download error: 0
11:40:09.084 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
11:40:09.089 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 6
11:40:09.113 Disk 0 MBR read successfully
11:40:09.119 Disk 0 MBR scan
11:40:09.125 Disk 0 unknown MBR code
11:40:09.132 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 462927 MB offset 63
11:40:09.161 Disk 0 Partition 2 00 27 Hidden NTFS WinRE MSDOS5.0 14009 MB offset 948075975
11:40:09.172 Disk 0 scanning sectors +976768065
11:40:09.220 Disk 0 scanning C:\Windows\system32\drivers
11:40:16.689 Service scanning
11:40:31.448 Modules scanning
11:40:38.902 Disk 0 trace - called modules:
11:40:38.920 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87f1d740]<<
11:40:38.925 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87f1e988]
11:40:38.931 3 CLASSPNP.SYS[84bdd8b3] -> nt!IofCallDriver -> [0x86b92b68]
11:40:38.936 5 acpi.sys[806126bc] -> nt!IofCallDriver -> \Device\0000005c[0x86b92c90]
11:40:38.941 \Driver\nvstor32[0x87533dc0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x87f1d740
11:40:38.947 Scan finished successfully
11:41:00.853 Disk 0 MBR has been saved successfully to "C:\Users\xxxxx\Desktop\WURM\2012_05_29\MBR.dat"
11:41:00.873 The log file has been saved successfully to "C:\Users\xxxxx\Desktop\WURM\2012_05_29\aswMBR.txt"
Frank |
|
29.05.2012, 11:11
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2012, 12:20
| #25 |
| | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Hallo Arne, der Fix ist ohne erkennbare Probleme gelaufen. Hier der kurze Log nach dem Fix: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-29 12:43:55
-----------------------------
12:43:55.495 OS Version: Windows 6.0.6002 Service Pack 2
12:43:55.495 Number of processors: 2 586 0x6B01
12:43:55.497 ComputerName: yyyyyyy-PC UserName: xxxxx
12:43:57.701 Initialize success
12:50:36.102 Verifying
12:50:46.106 Disk 0 Windows 600 MBR fixed successfully
12:53:27.380 Disk 0 MBR has been saved successfully to "C:\Users\xxxxx\Desktop\WURM\2012_05_29\MBR.dat"
12:53:27.381 The log file has been saved successfully to "C:\Users\xxxxx\Desktop\WURM\2012_05_29\aswMBR_nach_fix.txt"
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-29 13:00:47
-----------------------------
13:00:47.238 OS Version: Windows 6.0.6002 Service Pack 2
13:00:47.238 Number of processors: 2 586 0x6B01
13:00:47.240 ComputerName: yyyyyyy-PC UserName: xxxxx
13:01:05.015 Initialize success
13:04:15.000 AVAST engine defs: 12052800
13:04:37.630 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
13:04:37.635 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 6
13:04:37.648 Disk 0 MBR read successfully
13:04:37.654 Disk 0 MBR scan
13:04:37.665 Disk 0 Windows VISTA default MBR code
13:04:37.672 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 462927 MB offset 63
13:04:37.704 Disk 0 Partition 2 00 27 Hidden NTFS WinRE MSDOS5.0 14009 MB offset 948075975
13:04:37.720 Disk 0 scanning sectors +976768065
13:04:37.776 Disk 0 scanning C:\Windows\system32\drivers
13:04:49.288 Service scanning
13:05:13.742 Modules scanning
13:05:19.242 Disk 0 trace - called modules:
13:05:19.263 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87f1f178]<<
13:05:19.269 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87f1f9a8]
13:05:19.275 3 CLASSPNP.SYS[84bd18b3] -> nt!IofCallDriver -> [0x8753c150]
13:05:19.282 5 acpi.sys[806136bc] -> nt!IofCallDriver -> \Device\0000005c[0x8753c5c8]
13:05:19.288 \Driver\nvstor32[0x87531b30] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x87f1f178
13:05:21.955 AVAST engine scan C:\Windows
13:05:28.589 AVAST engine scan C:\Windows\system32
13:09:47.950 AVAST engine scan C:\Windows\system32\drivers
13:10:34.375 AVAST engine scan C:\Users\xxxxx
13:14:30.177 Disk 0 MBR has been saved successfully to "C:\Users\xxxxx\Desktop\WURM\2012_05_29\MBR.dat"
13:14:30.191 The log file has been saved successfully to "C:\Users\xxxxx\Desktop\WURM\2012_05_29\aswMBR_nach_fix_und_neustart.txt"
Frank |
|
29.05.2012, 12:33
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2012, 17:09
| #27 |
| | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Hallo Arne, die beiden Tools brauchten eine Weile zur Durchführung; hier die Ergebnisse: Log von malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.29.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 xxxxx :: yyyyyyy-PC [Administrator] 29.05.2012 13:51:35 mbam-log-2012-05-29 (13-51-35).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 472302 Laufzeit: 1 Stunde(n), 17 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 05/29/2012 at 05:31 PM
Application Version : 5.0.1150
Core Rules Database Version : 8650
Trace Rules Database Version: 6462
Scan type : Complete Scan
Total Scan Time : 02:11:50
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator
Memory items scanned : 764
Memory threats detected : 0
Registry items scanned : 38399
Registry threats detected : 0
File items scanned : 175708
File threats detected : 420
Adware.Tracking Cookie
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\ZKEX0KP4.txt [ /tracking.quisma.com ]
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\938Q6G80.txt [ /fastclick.net ]
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\LZUVZY20.txt [ /apmebf.com ]
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\T6KLONJ5.txt [ /mediaplex.com ]
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\QALG7K6H.txt [ /revsci.net ]
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Y5ZP3T1C.txt [ /doubleclick.net ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\O9MPW3RH.txt [ Cookie:xxxxxx@mediaplex.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\QYS9KTPT.txt [ Cookie:xxxxxx@dyntracker.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\HX5LCJR9.txt [ Cookie:xxxxxx@2o7.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\QH9M0XIG.txt [ Cookie:xxxxxx@smartadserver.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\VCZJ30KU.txt [ Cookie:xxxxxx@fastclick.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\FNQLR1M9.txt [ Cookie:xxxxxx@atdmt.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\GFGEGGR8.txt [ Cookie:xxxxxx@zanox.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\8DAYFZUH.txt [ Cookie:xxxxxx@tracking.quisma.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\9YNRHAMA.txt [ Cookie:xxxxxx@ad.zanox.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ZIBGJ5J.txt [ Cookie:xxxxxx@mediaplex.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@ero-advertising[1].txt [ Cookie:xxxxxx@ero-advertising.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\QA2LV2CQ.txt [ Cookie:xxxxxx@traffictrack.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8CGVHIQU.txt [ Cookie:xxxxxx@serving-sys.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\81P332WP.txt [ Cookie:xxxxxx@adfarm1.adition.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@ads.youporn[1].txt [ Cookie:xxxxxx@ads.youporn.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@media.gan-online[1].txt [ Cookie:xxxxxx@media.gan-online.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@clkads[2].txt [ Cookie:xxxxxx@clkads.com/adServe/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@clkads[3].txt [ Cookie:xxxxxx@clkads.com/adServe/banners ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@statse.webtrendslive[1].txt [ Cookie:xxxxxx@statse.webtrendslive.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\JQUA3YZ3.txt [ Cookie:xxxxxx@doubleclick.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@msnportal.112.2o7[2].txt [ Cookie:xxxxxx@msnportal.112.2o7.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@sexpartnerclub[2].txt [ Cookie:xxxxxx@sexpartnerclub.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\4YO0QZXX.txt [ Cookie:xxxxxx@ad.yieldmanager.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\SP7054GM.txt [ Cookie:xxxxxx@ad3.adfarm1.adition.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@eas4.emediate[2].txt [ Cookie:xxxxxx@eas4.emediate.eu/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\XRGFXEEG.txt [ Cookie:xxxxxx@ww251.smartadserver.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8J70XEN.txt [ Cookie:xxxxxx@tradedoubler.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\7GTB4U1D.txt [ Cookie:xxxxxx@track.adform.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\9PUP9HWE.txt [ Cookie:xxxxxx@2o7.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@www.elitepartner[1].txt [ Cookie:xxxxxx@www.elitepartner.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\JTP856IY.txt [ Cookie:xxxxxx@zanox-affiliate.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@questionmarket[2].txt [ Cookie:xxxxxx@questionmarket.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@track.webtrekk[1].txt [ Cookie:xxxxxx@track.webtrekk.de/471497967328727/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\QPISZ7FY.txt [ Cookie:xxxxxx@eas.apm.emediate.eu/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@4stats[1].txt [ Cookie:xxxxxx@4stats.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\72DCX5S7.txt [ Cookie:xxxxxx@unitymedia.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\1UN37KV4.txt [ Cookie:xxxxxx@smartadserver.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8SI12GU1.txt [ Cookie:xxxxxx@fastclick.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\QGQDTP1E.txt [ Cookie:xxxxxx@www.active-tracking.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\OC24ZOAV.txt [ Cookie:xxxxxx@revsci.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@secmedia[2].txt [ Cookie:xxxxxx@secmedia.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\4B6U6QWW.txt [ Cookie:xxxxxx@atdmt.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\JRUENTCQ.txt [ Cookie:xxxxxx@content.yieldmanager.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@youporn[1].txt [ Cookie:xxxxxx@youporn.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\WVJL3S82.txt [ Cookie:xxxxxx@statcounter.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\9O2YKLHV.txt [ Cookie:xxxxxx@jobscanner.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@getitgmbh.122.2o7[1].txt [ Cookie:xxxxxx@getitgmbh.122.2o7.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0P9A1N4J.txt [ Cookie:xxxxxx@zanox.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MS2GRA08.txt [ Cookie:xxxxxx@www.etracker.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@weborama[2].txt [ Cookie:xxxxxx@weborama.fr/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\SPQWEVWO.txt [ Cookie:xxxxxx@im.banner.t-online.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@imrworldwide[2].txt [ Cookie:xxxxxx@imrworldwide.com/cgi-bin ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@tracking.hannoversche[1].txt [ Cookie:xxxxxx@tracking.hannoversche.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\G4GS1QZ4.txt [ Cookie:xxxxxx@bs.serving-sys.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@loyaltypartner.122.2o7[1].txt [ Cookie:xxxxxx@loyaltypartner.122.2o7.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@naked[1].txt [ Cookie:xxxxxx@naked.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@www.sexpartnerclub[1].txt [ Cookie:xxxxxx@www.sexpartnerclub.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\2710SQGR.txt [ Cookie:xxxxxx@tracking.quisma.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@track.effiliation[1].txt [ Cookie:xxxxxx@track.effiliation.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\5KV1CAUL.txt [ Cookie:xxxxxx@dealtime.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\RKR63C1H.txt [ Cookie:xxxxxx@ad.zanox.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@xiti[1].txt [ Cookie:xxxxxx@xiti.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\40FLFCRV.txt [ Cookie:xxxxxx@ad4.adfarm1.adition.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\QXKXJ2S6.txt [ Cookie:xxxxxx@paypal.112.2o7.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\RE89OPMR.txt [ Cookie:xxxxxx@adserver2.clipkit.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\QJ9ZPFF5.txt [ Cookie:xxxxxx@efeducationfirst.112.2o7.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\XSFCSQO5.txt [ Cookie:xxxxxx@c.atdmt.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\QFDKILV8.txt [ Cookie:xxxxxx@server.adform.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\X57HVI67.txt [ Cookie:xxxxxx@webmasterplan.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\KSLSX5AO.txt [ Cookie:xxxxxx@advertising.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\5LUXKU6P.txt [ Cookie:xxxxxx@server.adformdsp.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\CF3U1F32.txt [ Cookie:xxxxxx@stat.dealtime.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\3IGXV0MD.txt [ Cookie:xxxxxx@www.zanox-affiliate.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\VH7G8X7M.txt [ Cookie:xxxxxx@www.googleadservices.com/pagead/conversion/1052902474/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@a.revenuemax[1].txt [ Cookie:xxxxxx@a.revenuemax.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\W0UJDV0K.txt [ Cookie:xxxxxx@www.usenext.de/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\2UKS4T5J.txt [ Cookie:xxxxxx@e-2dj6wflicldpgfp.stats.esomniture.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@insidergroup.122.2o7[1].txt [ Cookie:xxxxxx@insidergroup.122.2o7.net/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\RZPNTBXO.txt [ Cookie:xxxxxx@invitemedia.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@adsrv1.admediate[1].txt [ Cookie:xxxxxx@adsrv1.admediate.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\4C2U065X.txt [ Cookie:xxxxxx@zedo.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q6Y4E5QL.txt [ Cookie:xxxxxx@overture.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\87188KMR.txt [ Cookie:xxxxxx@ru4.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxx@fl01.ct2.comclick[1].txt [ Cookie:xxxxxx@fl01.ct2.comclick.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8DFV0UXK.txt [ Cookie:xxxxxx@stats.paypal.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\XSXLYAV9.txt [ Cookie:xxxxxx@adbrite.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\T2DNRF4W.txt [ Cookie:xxxxxx@in.getclicky.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXL3646U.txt [ Cookie:xxxxxx@media6degrees.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\U4S0R5R5.txt [ Cookie:xxxxxx@zieltrack.com/ ]
C:\USERS\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\LE7G9U5P.txt [ Cookie:xxxxxx@breuninger.mosaiq-media.de/ ]
C:\USERS\xxxxxx\Cookies\O9MPW3RH.txt [ Cookie:xxxxxx@mediaplex.com/ ]
C:\USERS\xxxxxx\Cookies\QYS9KTPT.txt [ Cookie:xxxxxx@dyntracker.com/ ]
C:\USERS\xxxxxx\Cookies\HX5LCJR9.txt [ Cookie:xxxxxx@2o7.net/ ]
C:\USERS\xxxxxx\Cookies\QH9M0XIG.txt [ Cookie:xxxxxx@smartadserver.com/ ]
C:\USERS\xxxxxx\Cookies\VCZJ30KU.txt [ Cookie:xxxxxx@fastclick.net/ ]
C:\USERS\xxxxxx\Cookies\FNQLR1M9.txt [ Cookie:xxxxxx@atdmt.com/ ]
C:\USERS\xxxxxx\Cookies\GFGEGGR8.txt [ Cookie:xxxxxx@zanox.com/ ]
C:\USERS\xxxxxx\Cookies\8DAYFZUH.txt [ Cookie:xxxxxx@tracking.quisma.com/ ]
C:\USERS\xxxxxx\Cookies\9YNRHAMA.txt [ Cookie:xxxxxx@ad.zanox.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@bs.serving-sys[1].txt [ Cookie:xxxxxxx@bs.serving-sys.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@fastclick[1].txt [ Cookie:xxxxxxx@fastclick.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@imrworldwide[2].txt [ Cookie:xxxxxxx@imrworldwide.com/cgi-bin ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@zbox.zanox[2].txt [ Cookie:xxxxxxx@zbox.zanox.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@ehg-legonewyorkinc.hitbox[2].txt [ Cookie:xxxxxxx@ehg-legonewyorkinc.hitbox.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@ad.zanox[1].txt [ Cookie:xxxxxxx@ad.zanox.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@2o7[1].txt [ Cookie:xxxxxxx@2o7.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@media.wii.ign[2].txt [ Cookie:xxxxxxx@media.wii.ign.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@adfarm1.adition[1].txt [ Cookie:xxxxxxx@adfarm1.adition.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@partners.webmasterplan[2].txt [ Cookie:xxxxxxx@partners.webmasterplan.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@ads3.net2day[1].txt [ Cookie:xxxxxxx@ads3.net2day.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@tacoda[2].txt [ Cookie:xxxxxxx@tacoda.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@atwola[1].txt [ Cookie:xxxxxxx@atwola.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@adviva[2].txt [ Cookie:xxxxxxx@adviva.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@atdmt[2].txt [ Cookie:xxxxxxx@atdmt.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@data.coremetrics[1].txt [ Cookie:xxxxxxx@data.coremetrics.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@de2.komtrack[2].txt [ Cookie:xxxxxxx@de2.komtrack.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@insightexpressai[1].txt [ Cookie:xxxxxxx@insightexpressai.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@tracking.3gnet[1].txt [ Cookie:xxxxxxx@tracking.3gnet.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@www.zanox-affiliate[1].txt [ Cookie:xxxxxxx@www.zanox-affiliate.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@tradedoubler[2].txt [ Cookie:xxxxxxx@tradedoubler.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@doubleclick[1].txt [ Cookie:xxxxxxx@doubleclick.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@revsci[2].txt [ Cookie:xxxxxxx@revsci.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@as-eu.falkag[1].txt [ Cookie:xxxxxxx@as-eu.falkag.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@www.etracker[1].txt [ Cookie:xxxxxxx@www.etracker.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@statse.webtrendslive[2].txt [ Cookie:xxxxxxx@statse.webtrendslive.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@advertising[2].txt [ Cookie:xxxxxxx@advertising.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@specificclick[2].txt [ Cookie:xxxxxxx@specificclick.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@adtech[2].txt [ Cookie:xxxxxxx@adtech.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@serving-sys[1].txt [ Cookie:xxxxxxx@serving-sys.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxx@indextools[2].txt [ Cookie:xxxxxxx@indextools.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@bs.serving-sys[2].txt [ Cookie:xxxxxxx@bs.serving-sys.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@fastclick[2].txt [ Cookie:xxxxxxx@fastclick.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@imrworldwide[1].txt [ Cookie:xxxxxxx@imrworldwide.com/cgi-bin ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@rotator.adjuggler[1].txt [ Cookie:xxxxxxx@rotator.adjuggler.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@zanox-affiliate[2].txt [ Cookie:xxxxxxx@zanox-affiliate.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@www.googleadservices[3].txt [ Cookie:xxxxxxx@www.googleadservices.com/pagead/conversion/1067932919/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@wissende.122.2o7[2].txt [ Cookie:xxxxxxx@wissende.122.2o7.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@adopt.euroclick[1].txt [ Cookie:xxxxxxx@adopt.euroclick.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@zbox.zanox[2].txt [ Cookie:xxxxxxx@zbox.zanox.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@2o7[1].txt [ Cookie:xxxxxxx@2o7.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@ad.zanox[1].txt [ Cookie:xxxxxxx@ad.zanox.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@smartadserver[1].txt [ Cookie:xxxxxxx@smartadserver.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@sevenloadgmbh.112.2o7[2].txt [ Cookie:xxxxxxx@sevenloadgmbh.112.2o7.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@adfarm1.adition[1].txt [ Cookie:xxxxxxx@adfarm1.adition.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@adserver.myvideo[1].txt [ Cookie:xxxxxxx@adserver.myvideo.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@ads3.net2day[2].txt [ Cookie:xxxxxxx@ads3.net2day.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@de.sitestat[1].txt [ Cookie:xxxxxxx@de.sitestat.com/tele2/tele2de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@tto2.traffictrack[1].txt [ Cookie:xxxxxxx@tto2.traffictrack.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@stat.onestat[2].txt [ Cookie:xxxxxxx@stat.onestat.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@media.adrevolver[1].txt [ Cookie:xxxxxxx@media.adrevolver.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@tacoda[2].txt [ Cookie:xxxxxxx@tacoda.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@atwola[2].txt [ Cookie:xxxxxxx@atwola.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@estat[1].txt [ Cookie:xxxxxxx@estat.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@atdmt[2].txt [ Cookie:xxxxxxx@atdmt.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@adviva[2].txt [ Cookie:xxxxxxx@adviva.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@uk.media.wii.ign[2].txt [ Cookie:xxxxxxx@uk.media.wii.ign.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@ad.adnet[1].txt [ Cookie:xxxxxxx@ad.adnet.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@de.sitestat[2].txt [ Cookie:xxxxxxx@de.sitestat.com/idgcom-de/pcwelt/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@www.belstat[1].txt [ Cookie:xxxxxxx@www.belstat.be/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@adserver.mmoga[1].txt [ Cookie:xxxxxxx@adserver.mmoga.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@adrevolver[2].txt [ Cookie:xxxxxxx@adrevolver.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@overture[1].txt [ Cookie:xxxxxxx@overture.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@www.elitepvpers[2].txt [ Cookie:xxxxxxx@www.elitepvpers.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@tracking.3gnet[2].txt [ Cookie:xxxxxxx@tracking.3gnet.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@msnportal.112.2o7[1].txt [ Cookie:xxxxxxx@msnportal.112.2o7.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@www.zanox-affiliate[2].txt [ Cookie:xxxxxxx@www.zanox-affiliate.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@myroitracking[2].txt [ Cookie:xxxxxxx@myroitracking.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@xiti[1].txt [ Cookie:xxxxxxx@xiti.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@doubleclick[2].txt [ Cookie:xxxxxxx@doubleclick.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@bfast[2].txt [ Cookie:xxxxxxx@bfast.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@revsci[1].txt [ Cookie:xxxxxxx@revsci.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@www.etracker[1].txt [ Cookie:xxxxxxx@www.etracker.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@statse.webtrendslive[2].txt [ Cookie:xxxxxxx@statse.webtrendslive.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@de.sitestat[7].txt [ Cookie:xxxxxxx@de.sitestat.com/idgcom-de/gamepro/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@www.googleadservices[4].txt [ Cookie:xxxxxxx@www.googleadservices.com/pagead/conversion/1069043174/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@advertising[1].txt [ Cookie:xxxxxxx@advertising.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@4stats[2].txt [ Cookie:xxxxxxx@4stats.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@sixapart.adbureau[1].txt [ Cookie:xxxxxxx@sixapart.adbureau.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@specificclick[2].txt [ Cookie:xxxxxxx@specificclick.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@adserver.easyad[1].txt [ Cookie:xxxxxxx@adserver.easyad.info/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@adtech[2].txt [ Cookie:xxxxxxx@adtech.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@traffictrack[2].txt [ Cookie:xxxxxxx@traffictrack.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@serving-sys[1].txt [ Cookie:xxxxxxx@serving-sys.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@de.sitestat[3].txt [ Cookie:xxxxxxx@de.sitestat.com/karstadt-de/karstadt/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@de.sitestat[4].txt [ Cookie:xxxxxxx@de.sitestat.com/karstadt-de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@adserv.gamersunity[2].txt [ Cookie:xxxxxxx@adserv.gamersunity.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@ad.yieldmanager[2].txt [ Cookie:xxxxxxx@ad.yieldmanager.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@im.banner.t-online[1].txt [ Cookie:xxxxxxx@im.banner.t-online.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@penis-vergroessern[1].txt [ Cookie:xxxxxxx@penis-vergroessern.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@indextools[1].txt [ Cookie:xxxxxxx@indextools.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@de.sitestat[5].txt [ Cookie:xxxxxxx@de.sitestat.com/idgcom-de/macwelt/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@www.webhostingcounter[1].txt [ Cookie:xxxxxxx@www.webhostingcounter.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@ads.grx.adbrite[1].txt [ Cookie:xxxxxxx@ads.grx.adbrite.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@www.gratiscounter[1].txt [ Cookie:xxxxxxx@www.gratiscounter.at/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@bluestreak[1].txt [ Cookie:xxxxxxx@bluestreak.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@ehg-legonewyorkinc.hitbox[2].txt [ Cookie:xxxxxxx@ehg-legonewyorkinc.hitbox.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@meet-teens[1].txt [ Cookie:xxxxxxx@meet-teens.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@eaeacom.112.2o7[1].txt [ Cookie:xxxxxxx@eaeacom.112.2o7.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@server.cpmstar[2].txt [ Cookie:xxxxxxx@server.cpmstar.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@legobrandretail.112.2o7[1].txt [ Cookie:xxxxxxx@legobrandretail.112.2o7.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@de2.komtrack[2].txt [ Cookie:xxxxxxx@de2.komtrack.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@yadro[2].txt [ Cookie:xxxxxxx@yadro.ru/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@adsrv.admediate[2].txt [ Cookie:xxxxxxx@adsrv.admediate.net/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@www.burstnet[1].txt [ Cookie:xxxxxxx@www.burstnet.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@apm.emediate[1].txt [ Cookie:xxxxxxx@apm.emediate.eu/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@adbrite[2].txt [ Cookie:xxxxxxx@adbrite.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@list[1].txt [ Cookie:xxxxxxx@list.ru/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@tradedoubler[2].txt [ Cookie:xxxxxxx@tradedoubler.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@webmasterplan[1].txt [ Cookie:xxxxxxx@webmasterplan.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@burstnet[2].txt [ Cookie:xxxxxxx@burstnet.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@promo.elitepvpers[1].txt [ Cookie:xxxxxxx@promo.elitepvpers.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@ads.clicksor[1].txt [ Cookie:xxxxxxx@ads.clicksor.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@www.supercheats[3].txt [ Cookie:xxxxxxx@www.supercheats.com/nintendods/questions/spectrobes/112560/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@www.active-tracking[2].txt [ Cookie:xxxxxxx@www.active-tracking.de/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@ads.adbrite[1].txt [ Cookie:xxxxxxx@ads.adbrite.com/ ]
C:\USERS\xxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxxxx@ad.trackbar[1].txt [ Cookie:xxxxxxx@ad.trackbar.de/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@bs.serving-sys[1].txt [ Cookie:xxxxxxx@bs.serving-sys.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@fastclick[1].txt [ Cookie:xxxxxxx@fastclick.net/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@imrworldwide[2].txt [ Cookie:xxxxxxx@imrworldwide.com/cgi-bin ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@zbox.zanox[2].txt [ Cookie:xxxxxxx@zbox.zanox.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@ehg-legonewyorkinc.hitbox[2].txt [ Cookie:xxxxxxx@ehg-legonewyorkinc.hitbox.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@ad.zanox[1].txt [ Cookie:xxxxxxx@ad.zanox.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@2o7[1].txt [ Cookie:xxxxxxx@2o7.net/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@media.wii.ign[2].txt [ Cookie:xxxxxxx@media.wii.ign.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@adfarm1.adition[1].txt [ Cookie:xxxxxxx@adfarm1.adition.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@partners.webmasterplan[2].txt [ Cookie:xxxxxxx@partners.webmasterplan.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@ads3.net2day[1].txt [ Cookie:xxxxxxx@ads3.net2day.de/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@tacoda[2].txt [ Cookie:xxxxxxx@tacoda.net/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@atwola[1].txt [ Cookie:xxxxxxx@atwola.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@adviva[2].txt [ Cookie:xxxxxxx@adviva.net/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@atdmt[2].txt [ Cookie:xxxxxxx@atdmt.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@data.coremetrics[1].txt [ Cookie:xxxxxxx@data.coremetrics.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@de2.komtrack[2].txt [ Cookie:xxxxxxx@de2.komtrack.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@insightexpressai[1].txt [ Cookie:xxxxxxx@insightexpressai.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@tracking.3gnet[1].txt [ Cookie:xxxxxxx@tracking.3gnet.de/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@www.zanox-affiliate[1].txt [ Cookie:xxxxxxx@www.zanox-affiliate.de/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@tradedoubler[2].txt [ Cookie:xxxxxxx@tradedoubler.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@doubleclick[1].txt [ Cookie:xxxxxxx@doubleclick.net/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@revsci[2].txt [ Cookie:xxxxxxx@revsci.net/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@as-eu.falkag[1].txt [ Cookie:xxxxxxx@as-eu.falkag.net/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@www.etracker[1].txt [ Cookie:xxxxxxx@www.etracker.de/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@statse.webtrendslive[2].txt [ Cookie:xxxxxxx@statse.webtrendslive.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@advertising[2].txt [ Cookie:xxxxxxx@advertising.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@specificclick[2].txt [ Cookie:xxxxxxx@specificclick.net/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@adtech[2].txt [ Cookie:xxxxxxx@adtech.de/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@serving-sys[1].txt [ Cookie:xxxxxxx@serving-sys.com/ ]
C:\USERS\xxxxxxx\Cookies\xxxxxxx@indextools[2].txt [ Cookie:xxxxxxx@indextools.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\IRZ4GQ67.txt [ Cookie:xxxxx@kontera.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\65A7RL1X.txt [ Cookie:xxxxx@at.atwola.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\37G05I2P.txt [ Cookie:xxxxx@ad3.adfarm1.adition.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\KV8R81FP.txt [ Cookie:xxxxx@tracking.quisma.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\M42JDUMP.txt [ Cookie:xxxxx@collective-media.net/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\7RI8595E.txt [ Cookie:xxxxx@atdmt.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\X17SM3S5.txt [ Cookie:xxxxx@serving-sys.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\7IMHY4OJ.txt [ Cookie:xxxxx@mediaplex.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\NAVYAABK.txt [ Cookie:xxxxx@track.adform.net/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\FF32MZRT.txt [ Cookie:xxxxx@findthatfile.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\LTUUMAQ8.txt [ Cookie:xxxxx@revsci.net/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZVI4ZZF.txt [ Cookie:xxxxx@ad.zanox.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\02X73XJC.txt [ Cookie:xxxxx@invitemedia.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\H1GHSXJ5.txt [ Cookie:xxxxx@adform.net/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\UHKVRWBL.txt [ Cookie:xxxxx@www.findthatfile.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\2EJODB0U.txt [ Cookie:xxxxx@adx.chip.de/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0F28Q57M.txt [ Cookie:xxxxx@www.googleadservices.com/pagead/conversion/1069390747/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\E733ZT7Y.txt [ Cookie:xxxxx@doubleclick.net/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\94RWCCBO.txt [ Cookie:xxxxx@ad1.adfarm1.adition.com/ ]
C:\USERS\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\E0MSR0N3.txt [ Cookie:xxxxx@ad2.adfarm1.adition.com/ ]
C:\USERS\xxxxx\Cookies\ZKEX0KP4.txt [ Cookie:xxxxx@tracking.quisma.com/ ]
C:\USERS\xxxxx\Cookies\T6KLONJ5.txt [ Cookie:xxxxx@mediaplex.com/ ]
C:\USERS\xxxxx\Cookies\QALG7K6H.txt [ Cookie:xxxxx@revsci.net/ ]
C:\USERS\xxxxx\Cookies\Y5ZP3T1C.txt [ Cookie:xxxxx@doubleclick.net/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@www.filthyadserver[1].txt [ Cookie:xxxxx_user@www.filthyadserver.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@tradedoubler[1].txt [ Cookie:xxxxx_user@tradedoubler.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@www.yourmomhassex[3].txt [ Cookie:xxxxx_user@www.yourmomhassex.com/st/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@www.yourmomhassex[1].txt [ Cookie:xxxxx_user@www.yourmomhassex.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@xxxcounter[1].txt [ Cookie:xxxxx_user@xxxcounter.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@counter14.sextracker[1].txt [ Cookie:xxxxx_user@counter14.sextracker.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@banner.newspepper[2].txt [ Cookie:xxxxx_user@banner.newspepper.info/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@sexlist[1].txt [ Cookie:xxxxx_user@sexlist.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@www.myfuckinwife[1].txt [ Cookie:xxxxx_user@www.myfuckinwife.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@adtech[2].txt [ Cookie:xxxxx_user@adtech.de/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@sextracker[1].txt [ Cookie:xxxxx_user@sextracker.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@imrworldwide[2].txt [ Cookie:xxxxx_user@imrworldwide.com/cgi-bin ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@www.etracker[2].txt [ Cookie:xxxxx_user@www.etracker.de/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@bluestreak[1].txt [ Cookie:xxxxx_user@bluestreak.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@pornaccess[2].txt [ Cookie:xxxxx_user@pornaccess.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@www.allpornsitespass[2].txt [ Cookie:xxxxx_user@www.allpornsitespass.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@adfarm1.adition[1].txt [ Cookie:xxxxx_user@adfarm1.adition.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@doubleclick[2].txt [ Cookie:xxxxx_user@doubleclick.net/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx_user@atdmt[2].txt [ Cookie:xxxxx_user@atdmt.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@tradedoubler[1].txt [ Cookie:xxxxx_user@tradedoubler.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@msnportal.112.2o7[1].txt [ Cookie:xxxxx_user@msnportal.112.2o7.net/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@advertising[2].txt [ Cookie:xxxxx_user@advertising.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@secure.pornaccess[1].txt [ Cookie:xxxxx_user@secure.pornaccess.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@overture[1].txt [ Cookie:xxxxx_user@overture.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@banner.newspepper[1].txt [ Cookie:xxxxx_user@banner.newspepper.info/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@adtech[1].txt [ Cookie:xxxxx_user@adtech.de/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@www.sinfulmaturesex[2].txt [ Cookie:xxxxx_user@www.sinfulmaturesex.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@imrworldwide[2].txt [ Cookie:xxxxx_user@imrworldwide.com/cgi-bin ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@traffic.mpnrs[1].txt [ Cookie:xxxxx_user@traffic.mpnrs.com/mbb/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@www.etracker[2].txt [ Cookie:xxxxx_user@www.etracker.de/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@pornaccess[1].txt [ Cookie:xxxxx_user@pornaccess.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@adfarm1.adition[1].txt [ Cookie:xxxxx_user@adfarm1.adition.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@adultfriendfinder[1].txt [ Cookie:xxxxx_user@adultfriendfinder.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@doubleclick[1].txt [ Cookie:xxxxx_user@doubleclick.net/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@ad.adnet[2].txt [ Cookie:xxxxx_user@ad.adnet.biz/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@atwola[1].txt [ Cookie:xxxxx_user@atwola.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@bs.serving-sys[3].txt [ Cookie:xxxxx_user@bs.serving-sys.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@atdmt[2].txt [ Cookie:xxxxx_user@atdmt.com/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@2o7[1].txt [ Cookie:xxxxx_user@2o7.net/ ]
C:\USERS\xxxxx_USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx_user@www.newsclick[1].txt [ Cookie:xxxxx_user@www.newsclick.de/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@www.filthyadserver[1].txt [ Cookie:xxxxx_user@www.filthyadserver.com/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@tradedoubler[1].txt [ Cookie:xxxxx_user@tradedoubler.com/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@www.yourmomhassex[3].txt [ Cookie:xxxxx_user@www.yourmomhassex.com/st/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@www.yourmomhassex[1].txt [ Cookie:xxxxx_user@www.yourmomhassex.com/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@xxxcounter[1].txt [ Cookie:xxxxx_user@xxxcounter.com/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@counter14.sextracker[1].txt [ Cookie:xxxxx_user@counter14.sextracker.com/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@banner.newspepper[2].txt [ Cookie:xxxxx_user@banner.newspepper.info/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@sexlist[1].txt [ Cookie:xxxxx_user@sexlist.com/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@www.myfuckinwife[1].txt [ Cookie:xxxxx_user@www.myfuckinwife.com/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@adtech[2].txt [ Cookie:xxxxx_user@adtech.de/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@sextracker[1].txt [ Cookie:xxxxx_user@sextracker.com/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@imrworldwide[2].txt [ Cookie:xxxxx_user@imrworldwide.com/cgi-bin ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@www.etracker[2].txt [ Cookie:xxxxx_user@www.etracker.de/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@bluestreak[1].txt [ Cookie:xxxxx_user@bluestreak.com/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@pornaccess[2].txt [ Cookie:xxxxx_user@pornaccess.com/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@www.allpornsitespass[2].txt [ Cookie:xxxxx_user@www.allpornsitespass.com/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@adfarm1.adition[1].txt [ Cookie:xxxxx_user@adfarm1.adition.com/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@doubleclick[2].txt [ Cookie:xxxxx_user@doubleclick.net/ ]
C:\USERS\xxxxx_USER\Cookies\xxxxx_user@atdmt[2].txt [ Cookie:xxxxx_user@atdmt.com/ ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxx@ADX.CHIP[1].TXT [ /ADX.CHIP ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@AD.1-TCL[1].TXT [ /AD.1-TCL ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@ADS.KONTAKT24[2].TXT [ /ADS.KONTAKT24 ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@SPECIFICCLICK[2].TXT [ /SPECIFICCLICK ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@AD.EXTR1[2].TXT [ /AD.EXTR1 ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@WWW.YOUPORN[1].TXT [ /WWW.YOUPORN ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@ADNETXCHANGE[1].TXT [ /ADNETXCHANGE ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@ADS.CRAKMEDIA[2].TXT [ /ADS.CRAKMEDIA ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@AD1.CHEFKOCH[2].TXT [ /AD1.CHEFKOCH ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@GUJ.122.2O7[1].TXT [ /GUJ.122.2O7 ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@ADSERVER.ADWORXS[2].TXT [ /ADSERVER.ADWORXS ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@DEUTSCHEPOSTAG.112.2O7[1].TXT [ /DEUTSCHEPOSTAG.112.2O7 ]
C:\USERS\xxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxx@AD.NCODE[2].TXT [ /AD.NCODE ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@AD.ADNET[2].TXT [ /AD.ADNET ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@HITBOX[2].TXT [ /HITBOX ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@AD.71I[1].TXT [ /AD.71I ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@AD.CHEATBOX[2].TXT [ /AD.CHEATBOX ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@ADS2.NET2DAY[1].TXT [ /ADS2.NET2DAY ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@SEVENONEINTERMEDIA.112.2O7[1].TXT [ /SEVENONEINTERMEDIA.112.2O7 ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@ADS.T-ONLINE[2].TXT [ /ADS.T-ONLINE ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@APMEBF[1].TXT [ /APMEBF ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@AD.ADITION[2].TXT [ /AD.ADITION ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@ADS.PLANETACTIVE[2].TXT [ /ADS.PLANETACTIVE ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@ADS.NET2DAY[1].TXT [ /ADS.NET2DAY ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxxxx@ADSERVER.71I[1].TXT [ /ADSERVER.71I ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADSERVER.EXTREME-GAMING[2].TXT [ /ADSERVER.EXTREME-GAMING ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@KOMTRACK[1].TXT [ /KOMTRACK ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADS.JINKADS[1].TXT [ /ADS.JINKADS ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADS.ADMEDIATE[1].TXT [ /ADS.ADMEDIATE ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@HITBOX[1].TXT [ /HITBOX ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@AD.ADFILL[1].TXT [ /AD.ADFILL ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADSERVER.SEVENLOAD[2].TXT [ /ADSERVER.SEVENLOAD ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@AD.71I[2].TXT [ /AD.71I ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@AD.TRIPLEMIND[2].TXT [ /AD.TRIPLEMIND ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADS.ADSHOPPING[1].TXT [ /ADS.ADSHOPPING ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADS.HEIAS[1].TXT [ /ADS.HEIAS ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@TOPLIST[1].TXT [ /TOPLIST ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@COUNTER.TOP.CHEBRA[1].TXT [ /COUNTER.TOP.CHEBRA ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADSERVER.MOMO-NET[2].TXT [ /ADSERVER.MOMO-NET ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADS.IM-AUTO[1].TXT [ /ADS.IM-AUTO ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@AD.CHEATBOX[1].TXT [ /AD.CHEATBOX ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADS.WIDGETBUCKS[2].TXT [ /ADS.WIDGETBUCKS ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@SERW.CLICKSOR[2].TXT [ /SERW.CLICKSOR ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@WWW.ADVERTEXADS[2].TXT [ /WWW.ADVERTEXADS ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@SEVENONEINTERMEDIA.112.2O7[1].TXT [ /SEVENONEINTERMEDIA.112.2O7 ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@EAS.APM.EMEDIATE[2].TXT [ /EAS.APM.EMEDIATE ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADS2.NET2DAY[2].TXT [ /ADS2.NET2DAY ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ZANOX[2].TXT [ /ZANOX ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@EHG-SYSTRAN.HITBOX[1].TXT [ /EHG-SYSTRAN.HITBOX ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@CZ11.CLICKZS[2].TXT [ /CZ11.CLICKZS ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@STATCOUNTER[1].TXT [ /STATCOUNTER ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@AD.SALEBROKER[2].TXT [ /AD.SALEBROKER ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@APMEBF[2].TXT [ /APMEBF ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@AD.UK.TANGOZEBRA[1].TXT [ /AD.UK.TANGOZEBRA ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADS.PLANETACTIVE[2].TXT [ /ADS.PLANETACTIVE ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@TRACK.WEBTREKK[1].TXT [ /TRACK.WEBTREKK ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ELITEPVPERS[2].TXT [ /ELITEPVPERS ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@A2.ADSERVER01[2].TXT [ /A2.ADSERVER01 ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADS.NET2DAY[1].TXT [ /ADS.NET2DAY ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@EUROS4CLICK[1].TXT [ /EUROS4CLICK ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@ADSERVER.71I[1].TXT [ /ADSERVER.71I ]
C:\USERS\xxxxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxxxx@SPOXGMBH.112.2O7[1].TXT [ /SPOXGMBH.112.2O7 ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxx_USER@OLDFARTFUCKIN[1].TXT [ /OLDFARTFUCKIN ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxx_USER@WWW.MYFUCKINWIFE[3].TXT [ /WWW.MYFUCKINWIFE ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxx_USER@MYFUCKINWIFE[1].TXT [ /MYFUCKINWIFE ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxx_USER@REALMILFSEX[2].TXT [ /REALMILFSEX ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\xxxxx_USER@ADS.T-ONLINE[1].TXT [ /ADS.T-ONLINE ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxx_USER@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxx_USER@HMT.CONNEXPROMOTIONS[2].TXT [ /HMT.CONNEXPROMOTIONS ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxx_USER@PARTNERS.WEBMASTERPLAN[1].TXT [ /PARTNERS.WEBMASTERPLAN ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxx_USER@KOMTRACK[2].TXT [ /KOMTRACK ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxx_USER@ADSERVER.71I[1].TXT [ /ADSERVER.71I ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxx_USER@SERVING-SYS[2].TXT [ /SERVING-SYS ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxx_USER@ALLESKLARCOMAG.112.2O7[1].TXT [ /ALLESKLARCOMAG.112.2O7 ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxx_USER@ADS.T-ONLINE[1].TXT [ /ADS.T-ONLINE ]
C:\USERS\xxxxx_USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxxx_USER@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\yyyyyyy-PC$@XITI[1].TXT [ /XITI ]
Frank |
|
30.05.2012, 09:13
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2012, 09:29
| #29 |
| | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Hallo Arne, Vielen Dank. Das System sieht gut aus, keine Auffälligkeiten. Danke für die Tipps und natürlich die Hilfe über die letzten Tage. Eine Frage noch: Wie kann ich die Sicherheit ggf. Noch erhöhen bzw. Hätte ich den Befall hier irgendwie vermeiden können ? Gruß Frank |
|
30.05.2012, 11:29
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen |
| avira, befall, benutzerkonten, bildschirm, bildschirm schwarz, computer, dateien, desktop, explorer, failed, gelöscht, internet, internet explorer, leer, malware, nicht sicher, not, online, programme, rechner, scan, schwarzer bildschirm, starten, system, tr/crypt.zpack.gen, versteckte |
Linear-Darstellung
