Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Crypt.ULPM.Gen

TR/Crypt.ULPM.Gen


Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ULPM.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 05.08.2012, 14:31   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.08.2012, 22:23   #17
LaFilleUniqu
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Ja, Rechner wurde neu gestartet und hier ist das Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: 2 removed from network.proxy.type
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: *
->Temp folder emptied: 53796691 bytes
->Temporary Internet Files folder emptied: 105686074 bytes
->Java cache emptied: 12543773 bytes
->FireFox cache emptied: 1127790437 bytes
->Flash cache emptied: 63788 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 268388684 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 18093865 bytes
 
Total Files Cleaned = 1.547,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: *
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.55.0 log created on 08052012_231510

Files\Folders moved on Reboot...
C:\Users\*\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\*\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...


Was haben wir da jetzt gemacht?
__________________
Alt 06.08.2012, 14:49   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
__________________
Alt 07.08.2012, 09:03   #19
LaFilleUniqu
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Morgen Arne,

hier der Log:

Code:
ATTFilter
09:58:55.0679 3440	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:58:55.0773 3440	============================================================
09:58:55.0773 3440	Current date / time: 2012/08/07 09:58:55.0773
09:58:55.0773 3440	SystemInfo:
09:58:55.0773 3440	
09:58:55.0773 3440	OS Version: 6.1.7601 ServicePack: 1.0
09:58:55.0773 3440	Product type: Workstation
09:58:55.0773 3440	ComputerName: *-VAIO
09:58:55.0773 3440	UserName: *
09:58:55.0773 3440	Windows directory: C:\Windows
09:58:55.0773 3440	System windows directory: C:\Windows
09:58:55.0773 3440	Running under WOW64
09:58:55.0773 3440	Processor architecture: Intel x64
09:58:55.0773 3440	Number of processors: 4
09:58:55.0773 3440	Page size: 0x1000
09:58:55.0773 3440	Boot type: Normal boot
09:58:55.0773 3440	============================================================
09:58:57.0379 3440	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:58:57.0379 3440	============================================================
09:58:57.0379 3440	\Device\Harddisk0\DR0:
09:58:57.0379 3440	MBR partitions:
09:58:57.0379 3440	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B44000, BlocksNum 0x32000
09:58:57.0379 3440	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B76000, BlocksNum 0x48CE22B0
09:58:57.0379 3440	============================================================
09:58:57.0411 3440	C: <-> \Device\Harddisk0\DR0\Partition1
09:58:57.0411 3440	============================================================
09:58:57.0411 3440	Initialize success
09:58:57.0411 3440	============================================================
09:59:30.0373 1700	============================================================
09:59:30.0373 1700	Scan started
09:59:30.0373 1700	Mode: Manual; SigCheck; TDLFS; 
09:59:30.0373 1700	============================================================
09:59:30.0919 1700	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:59:31.0075 1700	1394ohci - ok
09:59:31.0185 1700	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:59:31.0247 1700	ACDaemon - ok
09:59:31.0309 1700	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:59:31.0341 1700	ACPI - ok
09:59:31.0372 1700	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:59:31.0465 1700	AcpiPmi - ok
09:59:31.0637 1700	AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:59:31.0668 1700	AdobeFlashPlayerUpdateSvc - ok
09:59:31.0762 1700	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
09:59:31.0809 1700	adp94xx - ok
09:59:31.0887 1700	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
09:59:31.0933 1700	adpahci - ok
09:59:31.0965 1700	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
09:59:31.0980 1700	adpu320 - ok
09:59:32.0011 1700	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:59:32.0167 1700	AeLookupSvc - ok
09:59:32.0230 1700	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:59:32.0323 1700	AFD - ok
09:59:32.0355 1700	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:59:32.0401 1700	agp440 - ok
09:59:32.0433 1700	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:59:32.0511 1700	ALG - ok
09:59:32.0557 1700	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:59:32.0589 1700	aliide - ok
09:59:32.0604 1700	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:59:32.0635 1700	amdide - ok
09:59:32.0682 1700	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
09:59:32.0745 1700	AmdK8 - ok
09:59:32.0776 1700	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
09:59:32.0838 1700	AmdPPM - ok
09:59:32.0885 1700	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:59:32.0916 1700	amdsata - ok
09:59:32.0963 1700	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
09:59:32.0994 1700	amdsbs - ok
09:59:33.0010 1700	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:59:33.0025 1700	amdxata - ok
09:59:33.0197 1700	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:59:33.0228 1700	AntiVirSchedulerService - ok
09:59:33.0275 1700	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:59:33.0306 1700	AntiVirService - ok
09:59:33.0384 1700	ApfiltrService  (d80cb25d90474c731c0d1312a6de3b13) C:\Windows\system32\drivers\Apfiltr.sys
09:59:33.0415 1700	ApfiltrService - ok
09:59:33.0462 1700	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:59:33.0665 1700	AppID - ok
09:59:33.0712 1700	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:59:33.0821 1700	AppIDSvc - ok
09:59:33.0852 1700	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:59:33.0961 1700	Appinfo - ok
09:59:34.0008 1700	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
09:59:34.0024 1700	arc - ok
09:59:34.0055 1700	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
09:59:34.0071 1700	arcsas - ok
09:59:34.0117 1700	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
09:59:34.0133 1700	ArcSoftKsUFilter - ok
09:59:34.0227 1700	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:59:34.0258 1700	aspnet_state - ok
09:59:34.0289 1700	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:59:34.0383 1700	AsyncMac - ok
09:59:34.0414 1700	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:59:34.0429 1700	atapi - ok
09:59:34.0476 1700	AthBTPort       (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys
09:59:34.0492 1700	AthBTPort - ok
09:59:34.0554 1700	ATHDFU          (4119870b90e1b5e7797d6433d21f9216) C:\Windows\System32\Drivers\AthDfu.sys
09:59:34.0570 1700	ATHDFU - ok
09:59:34.0632 1700	Atheros Bt&Wlan Coex Agent (650f111d5cda64c10ae4b9d1ba9d4fff) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
09:59:34.0648 1700	Atheros Bt&Wlan Coex Agent - ok
09:59:34.0695 1700	AtherosSvc      (4d643cd9e892e559355b7a77d532bd38) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
09:59:34.0710 1700	AtherosSvc - ok
09:59:34.0991 1700	athr            (c8679a07267f030704168e45e27c3d43) C:\Windows\system32\DRIVERS\athrx.sys
09:59:35.0147 1700	athr - ok
09:59:35.0319 1700	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:59:35.0428 1700	AudioEndpointBuilder - ok
09:59:35.0443 1700	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:59:35.0475 1700	AudioSrv - ok
09:59:35.0537 1700	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
09:59:35.0568 1700	avgntflt - ok
09:59:35.0615 1700	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
09:59:35.0646 1700	avipbb - ok
09:59:35.0677 1700	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
09:59:35.0709 1700	avkmgr - ok
09:59:35.0755 1700	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:59:35.0833 1700	AxInstSV - ok
09:59:35.0896 1700	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
09:59:35.0974 1700	b06bdrv - ok
09:59:36.0036 1700	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:59:36.0099 1700	b57nd60a - ok
09:59:36.0192 1700	BBSvc           (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:59:36.0239 1700	BBSvc - ok
09:59:36.0270 1700	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:59:36.0333 1700	BDESVC - ok
09:59:36.0364 1700	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:59:36.0457 1700	Beep - ok
09:59:36.0551 1700	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:59:36.0660 1700	BFE - ok
09:59:36.0723 1700	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
09:59:36.0801 1700	BITS - ok
09:59:36.0863 1700	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
09:59:36.0910 1700	blbdrive - ok
09:59:36.0957 1700	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:59:37.0035 1700	bowser - ok
09:59:37.0066 1700	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
09:59:37.0113 1700	BrFiltLo - ok
09:59:37.0128 1700	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
09:59:37.0175 1700	BrFiltUp - ok
09:59:37.0222 1700	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:59:37.0315 1700	Browser - ok
09:59:37.0362 1700	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:59:37.0425 1700	Brserid - ok
09:59:37.0456 1700	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:59:37.0503 1700	BrSerWdm - ok
09:59:37.0518 1700	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:59:37.0581 1700	BrUsbMdm - ok
09:59:37.0581 1700	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:59:37.0612 1700	BrUsbSer - ok
09:59:37.0690 1700	BTATH_A2DP      (b3bcd755fa9a359d10208cc9f09847cc) C:\Windows\system32\drivers\btath_a2dp.sys
09:59:37.0721 1700	BTATH_A2DP - ok
09:59:37.0752 1700	btath_avdt      (9bbba9d6dbdefc8a6542bc7a6ebaf710) C:\Windows\system32\drivers\btath_avdt.sys
09:59:37.0768 1700	btath_avdt - ok
09:59:37.0815 1700	BTATH_BUS       (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\drivers\btath_bus.sys
09:59:37.0830 1700	BTATH_BUS - ok
09:59:37.0893 1700	BTATH_HCRP      (a441b800e04cf8443faf519207563abb) C:\Windows\system32\drivers\btath_hcrp.sys
09:59:37.0924 1700	BTATH_HCRP - ok
09:59:37.0955 1700	BTATH_LWFLT     (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys
09:59:37.0986 1700	BTATH_LWFLT - ok
09:59:38.0033 1700	BTATH_RCP       (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\drivers\btath_rcp.sys
09:59:38.0064 1700	BTATH_RCP - ok
09:59:38.0158 1700	BtFilter        (6c4911b6fb92984fbef775674795cfa2) C:\Windows\system32\DRIVERS\btfilter.sys
09:59:38.0173 1700	BtFilter - ok
09:59:38.0236 1700	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:59:38.0298 1700	BthEnum - ok
09:59:38.0329 1700	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:59:38.0392 1700	BTHMODEM - ok
09:59:38.0439 1700	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:59:38.0501 1700	BthPan - ok
09:59:38.0579 1700	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
09:59:38.0641 1700	BTHPORT - ok
09:59:38.0688 1700	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:59:38.0751 1700	bthserv - ok
09:59:38.0782 1700	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
09:59:38.0797 1700	BTHUSB - ok
09:59:38.0844 1700	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:59:38.0922 1700	cdfs - ok
09:59:38.0953 1700	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
09:59:38.0985 1700	cdrom - ok
09:59:39.0031 1700	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:59:39.0125 1700	CertPropSvc - ok
09:59:39.0172 1700	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
09:59:39.0234 1700	circlass - ok
09:59:39.0297 1700	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:59:39.0328 1700	CLFS - ok
09:59:39.0390 1700	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:59:39.0437 1700	clr_optimization_v2.0.50727_32 - ok
09:59:39.0484 1700	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:59:39.0515 1700	clr_optimization_v2.0.50727_64 - ok
09:59:39.0593 1700	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:59:39.0609 1700	clr_optimization_v4.0.30319_32 - ok
09:59:39.0640 1700	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:59:39.0655 1700	clr_optimization_v4.0.30319_64 - ok
09:59:39.0702 1700	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
09:59:39.0765 1700	CmBatt - ok
09:59:39.0780 1700	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:59:39.0811 1700	cmdide - ok
09:59:39.0874 1700	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
09:59:39.0936 1700	CNG - ok
09:59:40.0061 1700	CnxtHdAudService (1f394df3714ed4280047810790e6df69) C:\Windows\system32\drivers\CHDRT64.sys
09:59:40.0155 1700	CnxtHdAudService - ok
09:59:40.0311 1700	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
09:59:40.0342 1700	Compbatt - ok
09:59:40.0373 1700	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:59:40.0435 1700	CompositeBus - ok
09:59:40.0451 1700	COMSysApp - ok
09:59:40.0467 1700	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
09:59:40.0498 1700	crcdisk - ok
09:59:40.0545 1700	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
09:59:40.0607 1700	CryptSvc - ok
09:59:40.0669 1700	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:59:40.0779 1700	DcomLaunch - ok
09:59:40.0825 1700	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:59:40.0935 1700	defragsvc - ok
09:59:40.0966 1700	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:59:41.0044 1700	DfsC - ok
09:59:41.0106 1700	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:59:41.0200 1700	Dhcp - ok
09:59:41.0231 1700	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:59:41.0309 1700	discache - ok
09:59:41.0340 1700	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
09:59:41.0371 1700	Disk - ok
09:59:41.0403 1700	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:59:41.0449 1700	Dnscache - ok
09:59:41.0496 1700	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:59:41.0559 1700	dot3svc - ok
09:59:41.0574 1700	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:59:41.0621 1700	DPS - ok
09:59:41.0668 1700	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:59:41.0715 1700	drmkaud - ok
09:59:41.0793 1700	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:59:41.0871 1700	DXGKrnl - ok
09:59:41.0917 1700	e1yexpress      (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
09:59:41.0949 1700	e1yexpress - ok
09:59:41.0980 1700	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:59:42.0058 1700	EapHost - ok
09:59:42.0214 1700	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
09:59:42.0292 1700	ebdrv - ok
09:59:42.0417 1700	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:59:42.0479 1700	EFS - ok
09:59:42.0573 1700	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:59:42.0651 1700	ehRecvr - ok
09:59:42.0666 1700	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:59:42.0713 1700	ehSched - ok
09:59:42.0822 1700	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
09:59:42.0885 1700	elxstor - ok
09:59:42.0900 1700	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:59:42.0947 1700	ErrDev - ok
09:59:43.0009 1700	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:59:43.0119 1700	EventSystem - ok
09:59:43.0165 1700	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:59:43.0228 1700	exfat - ok
09:59:43.0259 1700	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:59:43.0306 1700	fastfat - ok
09:59:43.0384 1700	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:59:43.0446 1700	Fax - ok
09:59:43.0493 1700	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
09:59:43.0540 1700	fdc - ok
09:59:43.0571 1700	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:59:43.0665 1700	fdPHost - ok
09:59:43.0680 1700	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:59:43.0743 1700	FDResPub - ok
09:59:43.0789 1700	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:59:43.0821 1700	FileInfo - ok
09:59:43.0821 1700	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:59:43.0883 1700	Filetrace - ok
09:59:43.0914 1700	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
09:59:43.0930 1700	flpydisk - ok
09:59:43.0961 1700	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:59:43.0992 1700	FltMgr - ok
09:59:44.0086 1700	FontCache       (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
09:59:44.0179 1700	FontCache - ok
09:59:44.0257 1700	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:59:44.0289 1700	FontCache3.0.0.0 - ok
09:59:44.0335 1700	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:59:44.0382 1700	FsDepends - ok
09:59:44.0413 1700	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:59:44.0445 1700	Fs_Rec - ok
09:59:44.0491 1700	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:59:44.0554 1700	fvevol - ok
09:59:44.0616 1700	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
09:59:44.0663 1700	gagp30kx - ok
09:59:44.0725 1700	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:59:44.0803 1700	gpsvc - ok
09:59:44.0835 1700	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:59:44.0881 1700	hcw85cir - ok
09:59:44.0944 1700	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:59:45.0006 1700	HdAudAddService - ok
09:59:45.0053 1700	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:59:45.0100 1700	HDAudBus - ok
09:59:45.0147 1700	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
09:59:45.0193 1700	HidBatt - ok
09:59:45.0225 1700	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
09:59:45.0287 1700	HidBth - ok
09:59:45.0318 1700	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
09:59:45.0349 1700	HidIr - ok
09:59:45.0381 1700	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
09:59:45.0490 1700	hidserv - ok
09:59:45.0521 1700	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
09:59:45.0552 1700	HidUsb - ok
09:59:45.0599 1700	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:59:45.0708 1700	hkmsvc - ok
09:59:45.0739 1700	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:59:45.0771 1700	HomeGroupListener - ok
09:59:45.0802 1700	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:59:45.0833 1700	HomeGroupProvider - ok
09:59:45.0864 1700	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:59:45.0895 1700	HpSAMD - ok
09:59:45.0942 1700	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:59:46.0020 1700	HTTP - ok
09:59:46.0051 1700	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:59:46.0051 1700	hwpolicy - ok
09:59:46.0083 1700	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:59:46.0098 1700	i8042prt - ok
09:59:46.0145 1700	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
09:59:46.0176 1700	iaStor - ok
09:59:46.0270 1700	IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
09:59:46.0285 1700	IAStorDataMgrSvc - ok
09:59:46.0363 1700	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:59:46.0426 1700	iaStorV - ok
09:59:46.0582 1700	IconMan_R       (6f3909a3d40cc9f4b28e03b027f918d8) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
09:59:46.0629 1700	IconMan_R ( UnsignedFile.Multi.Generic ) - warning
09:59:46.0629 1700	IconMan_R - detected UnsignedFile.Multi.Generic (1)
09:59:46.0785 1700	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:59:46.0863 1700	idsvc - ok
09:59:46.0956 1700	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
09:59:46.0987 1700	iirsp - ok
09:59:47.0050 1700	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:59:47.0128 1700	IKEEXT - ok
09:59:47.0159 1700	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:59:47.0175 1700	intelide - ok
09:59:47.0206 1700	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
09:59:47.0221 1700	intelppm - ok
09:59:47.0268 1700	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:59:47.0346 1700	IPBusEnum - ok
09:59:47.0362 1700	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:59:47.0409 1700	IpFilterDriver - ok
09:59:47.0471 1700	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:59:47.0565 1700	iphlpsvc - ok
09:59:47.0596 1700	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:59:47.0627 1700	IPMIDRV - ok
09:59:47.0658 1700	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:59:47.0721 1700	IPNAT - ok
09:59:47.0752 1700	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:59:47.0799 1700	IRENUM - ok
09:59:47.0830 1700	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:59:47.0861 1700	isapnp - ok
09:59:47.0908 1700	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:59:47.0939 1700	iScsiPrt - ok
09:59:48.0001 1700	IviRegMgr       (f415a88162d23977b5edae4f0410e903) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:59:48.0033 1700	IviRegMgr - ok
09:59:48.0079 1700	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:59:48.0111 1700	kbdclass - ok
09:59:48.0142 1700	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:59:48.0189 1700	kbdhid - ok
09:59:48.0235 1700	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:59:48.0251 1700	KeyIso - ok
09:59:48.0298 1700	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
09:59:48.0329 1700	KSecDD - ok
09:59:48.0345 1700	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
09:59:48.0391 1700	KSecPkg - ok
09:59:48.0438 1700	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:59:48.0516 1700	ksthunk - ok
09:59:48.0579 1700	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:59:48.0672 1700	KtmRm - ok
09:59:48.0735 1700	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
09:59:48.0828 1700	LanmanServer - ok
09:59:48.0859 1700	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:59:48.0953 1700	LanmanWorkstation - ok
09:59:48.0984 1700	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:59:49.0062 1700	lltdio - ok
09:59:49.0109 1700	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:59:49.0171 1700	lltdsvc - ok
09:59:49.0187 1700	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:59:49.0234 1700	lmhosts - ok
09:59:49.0343 1700	LMS             (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:59:49.0374 1700	LMS - ok
09:59:49.0421 1700	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
09:59:49.0468 1700	LSI_FC - ok
09:59:49.0499 1700	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
09:59:49.0530 1700	LSI_SAS - ok
09:59:49.0546 1700	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
09:59:49.0577 1700	LSI_SAS2 - ok
09:59:49.0593 1700	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
09:59:49.0624 1700	LSI_SCSI - ok
09:59:49.0655 1700	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:59:49.0733 1700	luafv - ok
09:59:49.0795 1700	MBAMProtector   (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
09:59:49.0827 1700	MBAMProtector - ok
09:59:49.0936 1700	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:59:49.0983 1700	MBAMService - ok
09:59:50.0029 1700	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:59:50.0076 1700	Mcx2Svc - ok
09:59:50.0107 1700	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
09:59:50.0139 1700	megasas - ok
09:59:50.0201 1700	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
09:59:50.0248 1700	MegaSR - ok
09:59:50.0279 1700	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
09:59:50.0295 1700	MEIx64 - ok
09:59:50.0341 1700	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:59:50.0419 1700	MMCSS - ok
09:59:50.0435 1700	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:59:50.0513 1700	Modem - ok
09:59:50.0544 1700	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:59:50.0607 1700	monitor - ok
09:59:50.0638 1700	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:59:50.0685 1700	mouclass - ok
09:59:50.0716 1700	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
09:59:50.0763 1700	mouhid - ok
09:59:50.0794 1700	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:59:50.0841 1700	mountmgr - ok
09:59:50.0934 1700	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:59:50.0965 1700	MozillaMaintenance - ok
09:59:51.0012 1700	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:59:51.0043 1700	mpio - ok
09:59:51.0075 1700	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:59:51.0153 1700	mpsdrv - ok
09:59:51.0215 1700	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:59:51.0293 1700	MpsSvc - ok
09:59:51.0324 1700	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:59:51.0355 1700	MRxDAV - ok
09:59:51.0387 1700	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:59:51.0418 1700	mrxsmb - ok
09:59:51.0449 1700	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:59:51.0480 1700	mrxsmb10 - ok
09:59:51.0511 1700	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:59:51.0527 1700	mrxsmb20 - ok
09:59:51.0558 1700	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:59:51.0574 1700	msahci - ok
09:59:51.0605 1700	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:59:51.0652 1700	msdsm - ok
09:59:51.0699 1700	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:59:51.0745 1700	MSDTC - ok
09:59:51.0777 1700	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:59:51.0870 1700	Msfs - ok
09:59:51.0901 1700	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:59:51.0964 1700	mshidkmdf - ok
09:59:51.0964 1700	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:59:51.0979 1700	msisadrv - ok
09:59:52.0011 1700	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:59:52.0089 1700	MSiSCSI - ok
09:59:52.0104 1700	msiserver - ok
09:59:52.0151 1700	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:59:52.0198 1700	MSKSSRV - ok
09:59:52.0198 1700	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:59:52.0245 1700	MSPCLOCK - ok
09:59:52.0260 1700	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:59:52.0291 1700	MSPQM - ok
09:59:52.0338 1700	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:59:52.0354 1700	MsRPC - ok
09:59:52.0385 1700	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:59:52.0385 1700	mssmbios - ok
09:59:52.0432 1700	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:59:52.0494 1700	MSTEE - ok
09:59:52.0510 1700	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
09:59:52.0525 1700	MTConfig - ok
09:59:52.0541 1700	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:59:52.0557 1700	Mup - ok
09:59:52.0603 1700	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:59:52.0650 1700	napagent - ok
09:59:52.0728 1700	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:59:52.0791 1700	NativeWifiP - ok
09:59:52.0853 1700	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:59:52.0884 1700	NDIS - ok
09:59:52.0900 1700	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:59:52.0947 1700	NdisCap - ok
09:59:52.0962 1700	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:59:52.0993 1700	NdisTapi - ok
09:59:53.0025 1700	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:59:53.0071 1700	Ndisuio - ok
09:59:53.0087 1700	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:59:53.0134 1700	NdisWan - ok
09:59:53.0134 1700	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:59:53.0165 1700	NDProxy - ok
09:59:53.0212 1700	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:59:53.0290 1700	NetBIOS - ok
09:59:53.0305 1700	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:59:53.0368 1700	NetBT - ok
09:59:53.0399 1700	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:59:53.0430 1700	Netlogon - ok
09:59:53.0477 1700	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:59:53.0571 1700	Netman - ok
09:59:53.0664 1700	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:59:53.0711 1700	NetMsmqActivator - ok
09:59:53.0711 1700	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:59:53.0742 1700	NetPipeActivator - ok
09:59:53.0789 1700	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:59:53.0883 1700	netprofm - ok
09:59:53.0883 1700	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:59:53.0898 1700	NetTcpActivator - ok
09:59:53.0898 1700	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:59:53.0914 1700	NetTcpPortSharing - ok
09:59:53.0992 1700	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
09:59:54.0023 1700	nfrd960 - ok
09:59:54.0070 1700	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:59:54.0148 1700	NlaSvc - ok
09:59:54.0163 1700	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:59:54.0195 1700	Npfs - ok
09:59:54.0210 1700	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:59:54.0257 1700	nsi - ok
09:59:54.0273 1700	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:59:54.0335 1700	nsiproxy - ok
09:59:54.0444 1700	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:59:54.0553 1700	Ntfs - ok
09:59:54.0647 1700	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:59:54.0741 1700	Null - ok
09:59:54.0772 1700	NVHDA           (f12e3ea0386ebc284c893611107c6a96) C:\Windows\system32\drivers\nvhda64v.sys
09:59:54.0787 1700	NVHDA - ok
09:59:55.0287 1700	nvlddmkm        (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:59:55.0443 1700	nvlddmkm - ok
09:59:55.0645 1700	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:59:55.0692 1700	nvraid - ok
09:59:55.0723 1700	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:59:55.0770 1700	nvstor - ok
09:59:55.0864 1700	NVSvc           (5a4af8ea634b4feeaf6f16bb1845715a) C:\Windows\system32\nvvsvc.exe
09:59:55.0911 1700	NVSvc - ok
09:59:55.0942 1700	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:59:55.0957 1700	nv_agp - ok
09:59:55.0989 1700	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:59:56.0020 1700	ohci1394 - ok
09:59:56.0129 1700	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:59:56.0145 1700	ose - ok
09:59:56.0457 1700	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:59:56.0550 1700	osppsvc - ok
09:59:56.0691 1700	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:59:56.0737 1700	p2pimsvc - ok
09:59:56.0784 1700	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:59:56.0831 1700	p2psvc - ok
09:59:56.0878 1700	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
09:59:56.0925 1700	Parport - ok
09:59:56.0971 1700	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
09:59:57.0018 1700	partmgr - ok
09:59:57.0049 1700	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:59:57.0112 1700	PcaSvc - ok
09:59:57.0143 1700	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:59:57.0190 1700	pci - ok
09:59:57.0221 1700	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:59:57.0252 1700	pciide - ok
09:59:57.0299 1700	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
09:59:57.0346 1700	pcmcia - ok
09:59:57.0361 1700	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:59:57.0393 1700	pcw - ok
09:59:57.0455 1700	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:59:57.0580 1700	PEAUTH - ok
09:59:57.0673 1700	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:59:57.0720 1700	PerfHost - ok
09:59:57.0798 1700	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:59:57.0892 1700	pla - ok
09:59:57.0939 1700	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:59:58.0001 1700	PlugPlay - ok
09:59:58.0126 1700	PMBDeviceInfoProvider (63694c307273062a2167ae4ce80730ef) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
09:59:58.0157 1700	PMBDeviceInfoProvider - ok
09:59:58.0188 1700	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:59:58.0235 1700	PNRPAutoReg - ok
09:59:58.0282 1700	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:59:58.0313 1700	PNRPsvc - ok
09:59:58.0375 1700	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:59:58.0469 1700	PolicyAgent - ok
09:59:58.0516 1700	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:59:58.0578 1700	Power - ok
09:59:58.0641 1700	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:59:58.0719 1700	PptpMiniport - ok
09:59:58.0750 1700	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
09:59:58.0765 1700	Processor - ok
09:59:58.0812 1700	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
09:59:58.0843 1700	ProfSvc - ok
09:59:58.0890 1700	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:59:58.0906 1700	ProtectedStorage - ok
09:59:58.0953 1700	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:59:59.0031 1700	Psched - ok
09:59:59.0093 1700	PSI_SVC_2       (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
09:59:59.0124 1700	PSI_SVC_2 - ok
09:59:59.0265 1700	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
09:59:59.0343 1700	ql2300 - ok
09:59:59.0499 1700	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
09:59:59.0545 1700	ql40xx - ok
09:59:59.0592 1700	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:59:59.0639 1700	QWAVE - ok
09:59:59.0655 1700	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:59:59.0686 1700	QWAVEdrv - ok
09:59:59.0701 1700	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:59:59.0764 1700	RasAcd - ok
09:59:59.0811 1700	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:59:59.0889 1700	RasAgileVpn - ok
09:59:59.0920 1700	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:59:59.0982 1700	RasAuto - ok
10:00:00.0013 1700	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:00:00.0060 1700	Rasl2tp - ok
10:00:00.0107 1700	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:00:00.0154 1700	RasMan - ok
10:00:00.0185 1700	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:00:00.0232 1700	RasPppoe - ok
10:00:00.0263 1700	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:00:00.0357 1700	RasSstp - ok
10:00:00.0388 1700	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:00:00.0450 1700	rdbss - ok
10:00:00.0466 1700	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:00:00.0497 1700	rdpbus - ok
10:00:00.0513 1700	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:00:00.0544 1700	RDPCDD - ok
10:00:00.0559 1700	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:00:00.0637 1700	RDPENCDD - ok
10:00:00.0669 1700	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:00:00.0700 1700	RDPREFMP - ok
10:00:00.0747 1700	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:00:00.0825 1700	RDPWD - ok
10:00:00.0856 1700	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:00:00.0903 1700	rdyboost - ok
10:00:00.0918 1700	regi            (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
10:00:00.0949 1700	regi - ok
10:00:00.0981 1700	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:00:01.0043 1700	RemoteAccess - ok
10:00:01.0090 1700	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:00:01.0137 1700	RemoteRegistry - ok
10:00:01.0183 1700	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:00:01.0230 1700	RFCOMM - ok
10:00:01.0261 1700	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:00:01.0339 1700	RpcEptMapper - ok
10:00:01.0371 1700	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:00:01.0417 1700	RpcLocator - ok
10:00:01.0464 1700	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:00:01.0527 1700	RpcSs - ok
10:00:01.0573 1700	RSPCIESTOR      (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
10:00:01.0589 1700	RSPCIESTOR - ok
10:00:01.0620 1700	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:00:01.0698 1700	rspndr - ok
10:00:01.0745 1700	RTL8167         (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:00:01.0792 1700	RTL8167 - ok
10:00:01.0854 1700	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:00:01.0885 1700	SamSs - ok
10:00:01.0917 1700	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:00:01.0963 1700	sbp2port - ok
10:00:02.0010 1700	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:00:02.0088 1700	SCardSvr - ok
10:00:02.0104 1700	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:00:02.0151 1700	scfilter - ok
10:00:02.0197 1700	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:00:02.0275 1700	Schedule - ok
10:00:02.0291 1700	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:00:02.0322 1700	SCPolicySvc - ok
10:00:02.0353 1700	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
10:00:02.0400 1700	sdbus - ok
10:00:02.0447 1700	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:00:02.0509 1700	SDRSVC - ok
10:00:02.0603 1700	SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:00:02.0634 1700	SeaPort - ok
10:00:02.0665 1700	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:00:02.0728 1700	secdrv - ok
10:00:02.0775 1700	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:00:02.0853 1700	seclogon - ok
10:00:02.0884 1700	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:00:02.0931 1700	SENS - ok
10:00:02.0946 1700	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:00:02.0977 1700	SensrSvc - ok
10:00:03.0009 1700	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:00:03.0055 1700	Serenum - ok
10:00:03.0071 1700	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:00:03.0102 1700	Serial - ok
10:00:03.0149 1700	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:00:03.0180 1700	sermouse - ok
10:00:03.0227 1700	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:00:03.0305 1700	SessionEnv - ok
10:00:03.0321 1700	SFEP            (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
10:00:03.0367 1700	SFEP - ok
10:00:03.0383 1700	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:00:03.0414 1700	sffdisk - ok
10:00:03.0445 1700	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:00:03.0508 1700	sffp_mmc - ok
10:00:03.0539 1700	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:00:03.0586 1700	sffp_sd - ok
10:00:03.0617 1700	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:00:03.0664 1700	sfloppy - ok
10:00:03.0726 1700	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:00:03.0851 1700	SharedAccess - ok
10:00:03.0882 1700	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:00:03.0960 1700	ShellHWDetection - ok
10:00:03.0991 1700	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:00:04.0023 1700	SiSRaid2 - ok
10:00:04.0054 1700	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:00:04.0085 1700	SiSRaid4 - ok
10:00:04.0116 1700	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:00:04.0179 1700	Smb - ok
10:00:04.0225 1700	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:00:04.0257 1700	SNMPTRAP - ok
10:00:04.0350 1700	SOHCImp         (ddf2ec98af6fc70608a4f9ce4db52758) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
10:00:04.0381 1700	SOHCImp - ok
10:00:04.0397 1700	SOHDs           (5fa03f5ea6efef6d17b4a1a48c40a23c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
10:00:04.0428 1700	SOHDs - ok
10:00:04.0537 1700	SpfService      (65e5659e9c2a0762d05657c0e22a7ca2) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
10:00:04.0584 1700	SpfService - ok
10:00:04.0615 1700	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:00:04.0631 1700	spldr - ok
10:00:04.0678 1700	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:00:04.0740 1700	Spooler - ok
10:00:04.0896 1700	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:00:05.0005 1700	sppsvc - ok
10:00:05.0115 1700	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:00:05.0193 1700	sppuinotify - ok
10:00:05.0255 1700	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:00:05.0333 1700	srv - ok
10:00:05.0380 1700	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:00:05.0442 1700	srv2 - ok
10:00:05.0489 1700	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:00:05.0520 1700	srvnet - ok
10:00:05.0567 1700	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:00:05.0645 1700	SSDPSRV - ok
10:00:05.0661 1700	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:00:05.0707 1700	SstpSvc - ok
10:00:05.0832 1700	Stereo Service  (79969acaeebeda7dc3673656ab9918fd) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:00:05.0863 1700	Stereo Service - ok
10:00:05.0895 1700	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:00:05.0941 1700	stexstor - ok
10:00:06.0004 1700	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:00:06.0051 1700	stisvc - ok
10:00:06.0082 1700	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:00:06.0113 1700	swenum - ok
10:00:06.0160 1700	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:00:06.0222 1700	swprv - ok
10:00:06.0300 1700	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:00:06.0394 1700	SysMain - ok
10:00:06.0503 1700	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:00:06.0550 1700	TabletInputService - ok
10:00:06.0581 1700	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:00:06.0643 1700	TapiSrv - ok
10:00:06.0659 1700	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:00:06.0706 1700	TBS - ok
10:00:06.0940 1700	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:00:07.0018 1700	Tcpip - ok
10:00:07.0236 1700	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:00:07.0314 1700	TCPIP6 - ok
10:00:07.0439 1700	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:00:07.0548 1700	tcpipreg - ok
10:00:07.0579 1700	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:00:07.0626 1700	TDPIPE - ok
10:00:07.0657 1700	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:00:07.0689 1700	TDTCP - ok
10:00:07.0735 1700	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:00:07.0829 1700	tdx - ok
10:00:07.0876 1700	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:00:07.0891 1700	TermDD - ok
10:00:07.0954 1700	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:00:08.0032 1700	TermService - ok
10:00:08.0047 1700	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:00:08.0063 1700	Themes - ok
10:00:08.0079 1700	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:00:08.0125 1700	THREADORDER - ok
10:00:08.0157 1700	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:00:08.0250 1700	TrkWks - ok
10:00:08.0297 1700	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:00:08.0375 1700	TrustedInstaller - ok
10:00:08.0406 1700	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:00:08.0484 1700	tssecsrv - ok
10:00:08.0531 1700	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:00:08.0562 1700	TsUsbFlt - ok
10:00:08.0593 1700	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:00:08.0640 1700	TsUsbGD - ok
10:00:08.0687 1700	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:00:08.0765 1700	tunnel - ok
10:00:08.0812 1700	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:00:08.0827 1700	uagp35 - ok
10:00:08.0905 1700	uCamMonitor     (1fe69f3c1ca1cf4b7ec7e2e9090fffdc) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
10:00:08.0921 1700	uCamMonitor - ok
10:00:08.0952 1700	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:00:09.0030 1700	udfs - ok
10:00:09.0061 1700	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:00:09.0093 1700	UI0Detect - ok
10:00:09.0124 1700	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:00:09.0155 1700	uliagpkx - ok
10:00:09.0202 1700	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:00:09.0249 1700	umbus - ok
10:00:09.0264 1700	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:00:09.0296 1700	UmPass - ok
10:00:09.0483 1700	UNS             (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:00:09.0545 1700	UNS - ok
10:00:09.0686 1700	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:00:09.0795 1700	upnphost - ok
10:00:09.0857 1700	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:00:09.0920 1700	usbccgp - ok
10:00:09.0951 1700	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:00:09.0982 1700	usbcir - ok
10:00:09.0998 1700	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:00:10.0029 1700	usbehci - ok
10:00:10.0076 1700	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:00:10.0138 1700	usbhub - ok
10:00:10.0169 1700	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:00:10.0216 1700	usbohci - ok
10:00:10.0263 1700	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:00:10.0310 1700	usbprint - ok
10:00:10.0341 1700	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:00:10.0388 1700	usbscan - ok
10:00:10.0419 1700	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:00:10.0481 1700	USBSTOR - ok
10:00:10.0528 1700	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:00:10.0575 1700	usbuhci - ok
10:00:10.0637 1700	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:00:10.0684 1700	usbvideo - ok
10:00:10.0731 1700	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:00:10.0809 1700	UxSms - ok
10:00:10.0918 1700	VAIO Event Service (dcb1f83ad167d16d263ce57c94e9eedf) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
10:00:10.0949 1700	VAIO Event Service - ok
10:00:10.0996 1700	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:00:11.0027 1700	VaultSvc - ok
10:00:11.0136 1700	VCFw            (d00058c1fff3f3de990444a5734e9639) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
10:00:11.0214 1700	VCFw - ok
10:00:11.0355 1700	VcmIAlzMgr      (4b7ed2d6f738219068361bb14d19cbde) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
10:00:11.0417 1700	VcmIAlzMgr - ok
10:00:11.0464 1700	VcmINSMgr       (2f06d134554ba84fe253dbc481dcfe6d) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
10:00:11.0511 1700	VcmINSMgr - ok
10:00:11.0573 1700	VcmXmlIfHelper  (32a3735f6874b7783c6209ed5ca36d9d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
10:00:11.0620 1700	VcmXmlIfHelper - ok
10:00:11.0651 1700	VCService       (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe
10:00:11.0682 1700	VCService - ok
10:00:11.0792 1700	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:00:11.0838 1700	vdrvroot - ok
10:00:11.0901 1700	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:00:11.0979 1700	vds - ok
10:00:12.0026 1700	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:00:12.0072 1700	vga - ok
10:00:12.0088 1700	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:00:12.0150 1700	VgaSave - ok
10:00:12.0182 1700	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:00:12.0197 1700	vhdmp - ok
10:00:12.0213 1700	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:00:12.0228 1700	viaide - ok
10:00:12.0275 1700	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:00:12.0306 1700	volmgr - ok
10:00:12.0353 1700	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:00:12.0400 1700	volmgrx - ok
10:00:12.0447 1700	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:00:12.0494 1700	volsnap - ok
10:00:12.0540 1700	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:00:12.0572 1700	vsmraid - ok
10:00:12.0728 1700	VSNService      (0ed394bfba3eb4740f063e0ba5ec7104) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
10:00:12.0790 1700	VSNService - ok
10:00:12.0868 1700	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:00:12.0977 1700	VSS - ok
10:00:13.0118 1700	VUAgent         (9c665557b314ead129555599d94233db) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
10:00:13.0164 1700	VUAgent - ok
10:00:13.0305 1700	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:00:13.0352 1700	vwifibus - ok
10:00:13.0383 1700	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:00:13.0445 1700	vwififlt - ok
10:00:13.0461 1700	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:00:13.0523 1700	vwifimp - ok
10:00:13.0586 1700	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:00:13.0664 1700	W32Time - ok
10:00:13.0695 1700	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:00:13.0742 1700	WacomPen - ok
10:00:13.0820 1700	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:00:13.0913 1700	WANARP - ok
10:00:13.0929 1700	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:00:13.0976 1700	Wanarpv6 - ok
10:00:14.0069 1700	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:00:14.0163 1700	wbengine - ok
10:00:14.0272 1700	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:00:14.0334 1700	WbioSrvc - ok
10:00:14.0366 1700	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:00:14.0412 1700	wcncsvc - ok
10:00:14.0428 1700	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:00:14.0459 1700	WcsPlugInService - ok
10:00:14.0490 1700	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:00:14.0522 1700	Wd - ok
10:00:14.0600 1700	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:00:14.0662 1700	Wdf01000 - ok
10:00:14.0678 1700	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:00:14.0787 1700	WdiServiceHost - ok
10:00:14.0787 1700	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:00:14.0834 1700	WdiSystemHost - ok
10:00:14.0880 1700	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:00:14.0958 1700	WebClient - ok
10:00:14.0974 1700	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:00:15.0083 1700	Wecsvc - ok
10:00:15.0099 1700	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:00:15.0130 1700	wercplsupport - ok
10:00:15.0177 1700	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:00:15.0255 1700	WerSvc - ok
10:00:15.0317 1700	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:00:15.0380 1700	WfpLwf - ok
10:00:15.0411 1700	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:00:15.0411 1700	WIMMount - ok
10:00:15.0442 1700	WinDefend - ok
10:00:15.0458 1700	WinHttpAutoProxySvc - ok
10:00:15.0536 1700	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:00:15.0598 1700	Winmgmt - ok
10:00:15.0707 1700	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:00:15.0785 1700	WinRM - ok
10:00:15.0972 1700	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:00:16.0050 1700	Wlansvc - ok
10:00:16.0113 1700	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:00:16.0144 1700	wlcrasvc - ok
10:00:16.0300 1700	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:00:16.0378 1700	wlidsvc - ok
10:00:16.0503 1700	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:00:16.0550 1700	WmiAcpi - ok
10:00:16.0612 1700	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:00:16.0674 1700	wmiApSrv - ok
10:00:16.0706 1700	WMPNetworkSvc - ok
10:00:16.0752 1700	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:00:16.0799 1700	WPCSvc - ok
10:00:16.0830 1700	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:00:16.0862 1700	WPDBusEnum - ok
10:00:16.0893 1700	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:00:16.0971 1700	ws2ifsl - ok
10:00:16.0986 1700	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:00:17.0018 1700	wscsvc - ok
10:00:17.0018 1700	WSearch - ok
10:00:17.0189 1700	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:00:17.0283 1700	wuauserv - ok
10:00:17.0408 1700	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:00:17.0501 1700	WudfPf - ok
10:00:17.0532 1700	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:00:17.0610 1700	WUDFRd - ok
10:00:17.0642 1700	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:00:17.0704 1700	wudfsvc - ok
10:00:17.0720 1700	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:00:17.0766 1700	WwanSvc - ok
10:00:17.0813 1700	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:00:18.0796 1700	\Device\Harddisk0\DR0 - ok
10:00:18.0827 1700	Boot (0x1200)   (2322ba4cd81698df825f8ff1e5463617) \Device\Harddisk0\DR0\Partition0
10:00:18.0843 1700	\Device\Harddisk0\DR0\Partition0 - ok
10:00:18.0843 1700	Boot (0x1200)   (43274b5aa8983119141afbaf35c86af7) \Device\Harddisk0\DR0\Partition1
10:00:18.0858 1700	\Device\Harddisk0\DR0\Partition1 - ok
10:00:18.0858 1700	============================================================
10:00:18.0858 1700	Scan finished
10:00:18.0858 1700	============================================================
10:00:18.0874 1684	Detected object count: 1
10:00:18.0874 1684	Actual detected object count: 1
10:01:04.0457 1684	IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
10:01:04.0457 1684	IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 07.08.2012, 09:10   #20
LaFilleUniqu
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Heute als ich deine Antwort hier lesen wollte, war erstmal mein Computer abgestürzt mit folgender Meldung (siehe Anhang). Danach konnte ich den Laptop aber wieder im normalen Modus starten. Hat das was mit meinen Problemen bzgl Trojaner zu tun?

Miniaturansicht angehängter Grafiken
TR/Crypt.ULPM.Gen-2012-08-07-07.47.04.jpg  

Alt 08.08.2012, 13:19   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> TR/Crypt.ULPM.Gen

Alt 04.10.2012, 17:57   #22
LaFilleUniqu
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Hallo,

ich war außer Lande, daher erst die sehr verspätete Antwort.

Code:
ATTFilter
ComboFix 12-10-04.02 - *04.10.2012  18:47:49.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6126.4284 [GMT 2:00]
ausgeführt von:: c:\users\*\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\*\4.0
c:\users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B54F3A7C-704E-4FC2-ABB6-B504FD3F2ED3}.xps
c:\users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C887C678-59AB-4891-840C-EEBAD259FE46}.xps
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-04 bis 2012-10-04  ))))))))))))))))))))))))))))))
.
.
2012-10-04 16:51 . 2012-10-04 16:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-04 16:50 . 2012-10-04 16:50	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{04C2C943-ED08-4DFF-842C-B9D8D07F6212}\offreg.dll
2012-10-02 07:59 . 2012-08-30 07:27	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{04C2C943-ED08-4DFF-842C-B9D8D07F6212}\mpengine.dll
2012-09-26 07:16 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-17 20:46 . 2012-09-17 20:46	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-13 20:01 . 2012-09-13 20:01	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-09-13 20:01 . 2012-09-13 20:01	--------	d-----r-	c:\program files (x86)\Skype
2012-09-12 19:57 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 19:57 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 19:57 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-12 19:57 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-12 19:57 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 19:57 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 19:57 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 08:11 . 2012-04-02 15:01	696240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 08:11 . 2012-01-22 11:02	73136	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 19:18 . 2012-06-29 15:13	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-07-18 18:15 . 2012-08-22 19:05	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-22 20:17	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.7\ICQ.exe" [2012-01-23 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-22 348664]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-31 36000]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2011-03-31 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-31 259232]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-03-31 109216]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-03-31 166048]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-31 59040]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-03-31 283296]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-31 287392]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-17 114144]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-18 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-31 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-31 75936]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-29 2361344]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-03-31 29344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-03-29 173160]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-29 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-29 425064]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-31 790176]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-31 657056]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sony.eu/vaioportal
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\mypkmpg5.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-04  18:53:41
ComboFix-quarantined-files.txt  2012-10-04 16:53
.
Vor Suchlauf: 12 Verzeichnis(se), 564.749.115.392 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 564.474.548.224 Bytes frei
.
- - End Of File - - 4B278B0DE4554E2693F23F39C418BD94
Liebe Grüße

Alt 04.10.2012, 19:34   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.10.2012, 17:02   #24
LaFilleUniqu
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Hier schonmal das Log von Gmer...

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-15 17:54:55
Windows 6.1.7601 Service Pack 1 
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eba0ee4                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ec9c3d0                      
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eba0ee4 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ec9c3d0 (not active ControlSet)  
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ec9c3d0@3c5a378cf678         0xF5 0x34 0x4F 0x14 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ec9c3d0@3c5a378cf678             0xF5 0x34 0x4F 0x14 ...

---- EOF - GMER 1.0.15 ----

Und OSAM
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:21:42 on 15.10.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"regi" (regi) - "InterVideo" - C:\Windows\system32\drivers\regi.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "ClsidExtension" - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
"ICQ7.7" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.7\ICQ.exe
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "CIESpeechBHO Class" - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ICQ" - "ICQ, LLC." - "C:\Program Files (x86)\ICQ7.7\ICQ.exe" silent loginmode=4
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"ISBMgr.exe" - ? - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PMBVolumeWatcher" - "Sony Corporation" - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Atheros Bt&Wlan Coex Agent" (Atheros Bt&Wlan Coex Agent) - "Atheros" - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
"AtherosSvc" (AtherosSvc) - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
"CamMonitor" (uCamMonitor) - "ArcSoft, Inc." - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
"IconMan_R" (IconMan_R) - "Realsil Microelectronics Inc." - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PMBDeviceInfoProvider" (PMBDeviceInfoProvider) - "Sony Corporation" - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"VAIO Care Performance Service" (SampleCollector) - "Sony Corporation" - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
"VAIO Content Folder Watcher" (VCFw) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
"VAIO Content Importer" (SOHCImp) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
"VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
"VAIO Content Metadata Intelligent Network Service Manager" (VcmINSMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
"VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
"VAIO Device Searcher" (SOHDs) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
"VAIO Entertainment Common Service" (SpfService) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
"VCService" (VCService) - "Sony Corporation" - C:\Program Files\Sony\VAIO Care\VCService.exe
"VSNService" (VSNService) - "Sony Corporation" - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
"VUAgent" (VUAgent) - "Sony Corporation" - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/code]




Und noch das dritte Programm:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-15 18:34:16
-----------------------------
18:34:16.454    OS Version: Windows x64 6.1.7601 Service Pack 1
18:34:16.454    Number of processors: 4 586 0x2A07
18:34:16.454    ComputerName: *-VAIO  UserName: *
18:34:17.343    Initialize success
18:34:22.756    AVAST engine defs: 12101500
18:34:43.722    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:34:43.722    Disk 0 Vendor: TOSHIBA_ GH01 Size: 610480MB BusType: 3
18:34:43.769    Disk 0 MBR read successfully
18:34:43.769    Disk 0 MBR scan
18:34:43.769    Disk 0 Windows 7 default MBR code
18:34:43.785    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13958 MB offset 2048
18:34:43.800    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 28590080
18:34:43.816    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       596420 MB offset 28794880
18:34:43.832    Disk 0 scanning C:\Windows\system32\drivers
18:34:54.206    Service scanning
18:35:31.692    Modules scanning
18:35:31.708    Disk 0 trace - called modules:
18:35:31.755    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:35:31.770    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006584060]
18:35:31.770    3 CLASSPNP.SYS[fffff880013ae43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062f0050]
18:35:31.770    Scan finished successfully
18:35:59.975    Disk 0 MBR has been saved successfully to "C:\Users\*\Desktop\MBR.dat"
18:35:59.975    The log file has been saved successfully to "C:\Users\*\Desktop\aswMBR.txt"
Geändert von LaFilleUniqu (15.10.2012 um 17:37 Uhr)

Alt 15.10.2012, 18:09   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.10.2012, 20:10   #26
LaFilleUniqu
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Das Log von Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.15.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*:: *-VAIO [Administrator]

15.10.2012 20:06:15
mbam-log-2012-10-15 (20-06-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 321957
Laufzeit: 46 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
So, zweiter Log....

Code:
ATTFilter
 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/15/2012 at 10:38 PM

Application Version : 5.6.1010

Core Rules Database Version : 9407
Trace Rules Database Version: 7219

Scan type       : Complete Scan
Total Scan Time : 01:21:21

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 684
Memory threats detected   : 0
Registry items scanned    : 72951
Registry threats detected : 0
File items scanned        : 133136
File threats detected     : 162

Adware.Tracking Cookie
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\I9Y7XYS5.txt [ /ad.yieldmanager.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\VYYJPCFX.txt [ /fastclick.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\EZSOOTYL.txt [ /zanox-affiliate.de ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\ZK894VZK.txt [ /apmebf.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\OI0CWFTF.txt [ /tracking.quisma.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\GYCO3LQ5.txt [ /ad.dyntracker.de ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\3RNQT3BD.txt [ /invitemedia.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\5SOAMLI2.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\UQYYTIT9.txt [ /questionmarket.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\GTKWWDV2.txt [ /adform.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\CR0UDPRZ.txt [ /zanox.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\O9SQSGHA.txt [ /server.adform.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\8S6AFMYP.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\LQ8IA5IN.txt [ /serving-sys.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\IWWFN7UY.txt [ /tradedoubler.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\RDYB53SA.txt [ /c.atdmt.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\G6LG0R4E.txt [ /bs.serving-sys.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\4RNFNQOL.txt [ /adfarm1.adition.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\0IJMYT2V.txt [ /unitymedia.de ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\9ZSP31TA.txt [ /adformdsp.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\ROBY7AQE.txt [ /doubleclick.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\Q4K3ZC0X.txt [ /imrworldwide.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\4P3YE6S7.txt [ /adtech.de ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\GD4NDTOQ.txt [ /track.adform.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\LL0LF0LN.txt [ /mediaplex.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\MSW65PDZ.txt [ /revsci.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\2QLT3K29.txt [ /smartadserver.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\ECS49GLK.txt [ /atdmt.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\VPBZ21MH.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\52TV7BK7.txt [ /ad4.adfarm1.adition.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\9V54HZTR.txt [ /ad.360yield.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\A25QXD4P.txt [ /ads.creative-serving.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\CQJTWXJV.txt [ /ad.zanox.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\PZEW62GO.txt [ /server.adformdsp.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\77SIYJTW.txt [ /www.zanox-affiliate.de ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\92T28U03.txt [ Cookie:*@fastclick.net/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3BGHJX7.txt [ Cookie:*@ad.yieldmanager.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\SWXV0TKB.txt [ Cookie:*@fl01.ct2.comclick.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@invitemedia[1].txt [ Cookie:*@invitemedia.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@zanox[1].txt [ Cookie:*@zanox.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ad2.adfarm1.adition[1].txt [ Cookie:*@ad2.adfarm1.adition.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@statse.webtrendslive[1].txt [ Cookie:*@statse.webtrendslive.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5HO8FRM.txt [ Cookie:*@adfarm1.adition.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@doubleclick[2].txt [ Cookie:*@doubleclick.net/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ad.zanox[1].txt [ Cookie:*@ad.zanox.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@2o7[1].txt [ Cookie:*@2o7.net/ ]
	C:\USERS\*\Cookies\I9Y7XYS5.txt [ Cookie:*@ad.yieldmanager.com/ ]
	C:\USERS\*\Cookies\VYYJPCFX.txt [ Cookie:*@fastclick.net/ ]
	C:\USERS\*\Cookies\EZSOOTYL.txt [ Cookie:*@zanox-affiliate.de/ ]
	C:\USERS\*\Cookies\OI0CWFTF.txt [ Cookie:*@tracking.quisma.com/ ]
	C:\USERS\*\Cookies\3RNQT3BD.txt [ Cookie:*@invitemedia.com/ ]
	C:\USERS\*\Cookies\5SOAMLI2.txt [ Cookie:*@ad1.adfarm1.adition.com/ ]
	C:\USERS\*\Cookies\GTKWWDV2.txt [ Cookie:*@adform.net/ ]
	C:\USERS\*\Cookies\CR0UDPRZ.txt [ Cookie:*@zanox.com/ ]
	C:\USERS\*\Cookies\8S6AFMYP.txt [ Cookie:*@ad2.adfarm1.adition.com/ ]
	C:\USERS\*\Cookies\LQ8IA5IN.txt [ Cookie:*@serving-sys.com/ ]
	C:\USERS\*\Cookies\IWWFN7UY.txt [ Cookie:*@tradedoubler.com/ ]
	C:\USERS\*\Cookies\G6LG0R4E.txt [ Cookie:*@bs.serving-sys.com/ ]
	C:\USERS\*\Cookies\4RNFNQOL.txt [ Cookie:*@adfarm1.adition.com/ ]
	C:\USERS\*\Cookies\ROBY7AQE.txt [ Cookie:*@doubleclick.net/ ]
	C:\USERS\*\Cookies\4P3YE6S7.txt [ Cookie:*@adtech.de/ ]
	C:\USERS\*\Cookies\GD4NDTOQ.txt [ Cookie:*@track.adform.net/ ]
	C:\USERS\*\Cookies\MSW65PDZ.txt [ Cookie:*@revsci.net/ ]
	C:\USERS\*\Cookies\2QLT3K29.txt [ Cookie:*@smartadserver.com/ ]
	C:\USERS\*\Cookies\VPBZ21MH.txt [ Cookie:*@ad3.adfarm1.adition.com/ ]
	C:\USERS\*\Cookies\52TV7BK7.txt [ Cookie:*@ad4.adfarm1.adition.com/ ]
	C:\USERS\*\Cookies\CQJTWXJV.txt [ Cookie:*@ad.zanox.com/ ]
	C:\USERS\*\Cookies\PZEW62GO.txt [ Cookie:*@server.adformdsp.net/ ]
	C:\USERS\*\Cookies\77SIYJTW.txt [ Cookie:*@www.zanox-affiliate.de/ ]
	oddcast.com [ C:\USERS\*\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\67QKZ28A ]
	s0.2mdn.net [ C:\USERS\*\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\67QKZ28A ]
	C:\USERS\*\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\*@GOOGLEADS.G.DOUBLECLICK[1].TXT [ /GOOGLEADS.G.DOUBLECLICK ]
	C:\USERS\*\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\*@ADX.CHIP[2].TXT [ /ADX.CHIP ]
	.rambler.ru [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.bwincom.122.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	topmedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	topmedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.topmedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.topmedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.topmedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.rambler.ru [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.estat.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.lengow.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.lengow.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.lengow.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.lengow.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.lengow.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.lengow.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.thomascookag.122.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.tchibo.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.mobile.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.4stats.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.4stats.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.4stats.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.hrs.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.hrs.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.hrs.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.youporn.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.tuiinteractive.122.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.3dstats.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.comvelgmbh.112.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	uk.sitestat.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	track.zalando.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wgkyghdpclp.stats.esomniture.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	counters.gigya.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wjmiuhdzsbq.stats.esomniture.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	media-manager.ksk-koeln.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	partners.webmasterplan.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	media-manager.ksk-koeln.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	media-manager.ksk-koeln.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.msnportal.112.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.parship.122.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
Was mache ich jetzt eigentlich mit den ganzen Programmen? Kann ich das alles wieder deinstallieren?

Alt 16.10.2012, 13:43   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Code:
ATTFilter
UAC On - Limited User
Wie hast du SUPERAntiSpyware gestartet? Einfach per Doppelklick?

Bitte so wie es in der Anleitung steht auch ausführen!

Zitat:
Zitat von cosinus Beitrag anzeigen
Teil 2: Programm ausführen
Das Programm wurde nun installiert, eine Verknüpfung auf dem Desktop sollte erstellt worden sein. Nachdem du es gestartet hast, wird es sich erstmalig beim Updateserver nach neuen Schädlingssignaturen umsehen und Updates installieren. Diesen Vorgang NICHT abbrechen!

Benutzer mit Windows Vista und Windows 7 starten das Tool bitte wieder per Rechtsklick => als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.10.2012, 16:21   #28
LaFilleUniqu
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Mmh. Verstehe ich nicht, warum der das sagt. Ich hab das als Admin ausgeführt ^^ Ich habs schon deinstalliert. Mache den Spaß nochmal.

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/16/2012 at 06:39 PM

Application Version : 5.6.1010

Core Rules Database Version : 9412
Trace Rules Database Version: 7224

Scan type       : Complete Scan
Total Scan Time : 01:11:51

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 758
Memory threats detected   : 0
Registry items scanned    : 73080
Registry threats detected : 0
File items scanned        : 133219
File threats detected     : 162

Adware.Tracking Cookie
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\I9Y7XYS5.txt [ /ad.yieldmanager.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\VYYJPCFX.txt [ /fastclick.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\EZSOOTYL.txt [ /zanox-affiliate.de ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\ZK894VZK.txt [ /apmebf.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\OI0CWFTF.txt [ /tracking.quisma.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\GYCO3LQ5.txt [ /ad.dyntracker.de ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\3RNQT3BD.txt [ /invitemedia.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\5SOAMLI2.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\UQYYTIT9.txt [ /questionmarket.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\GTKWWDV2.txt [ /adform.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\CR0UDPRZ.txt [ /zanox.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\O9SQSGHA.txt [ /server.adform.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\8S6AFMYP.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\LQ8IA5IN.txt [ /serving-sys.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\IWWFN7UY.txt [ /tradedoubler.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\RDYB53SA.txt [ /c.atdmt.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\G6LG0R4E.txt [ /bs.serving-sys.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\4RNFNQOL.txt [ /adfarm1.adition.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\0IJMYT2V.txt [ /unitymedia.de ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\9ZSP31TA.txt [ /adformdsp.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\ROBY7AQE.txt [ /doubleclick.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\Q4K3ZC0X.txt [ /imrworldwide.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\4P3YE6S7.txt [ /adtech.de ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\GD4NDTOQ.txt [ /track.adform.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\DDYPUN5F.txt [ /mediaplex.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\MSW65PDZ.txt [ /revsci.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\2QLT3K29.txt [ /smartadserver.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\ECS49GLK.txt [ /atdmt.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\VPBZ21MH.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\52TV7BK7.txt [ /ad4.adfarm1.adition.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\9V54HZTR.txt [ /ad.360yield.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\A25QXD4P.txt [ /ads.creative-serving.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\CQJTWXJV.txt [ /ad.zanox.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\PZEW62GO.txt [ /server.adformdsp.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\77SIYJTW.txt [ /www.zanox-affiliate.de ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\92T28U03.txt [ Cookie:*@fastclick.net/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3BGHJX7.txt [ Cookie:*@ad.yieldmanager.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\SWXV0TKB.txt [ Cookie:*@fl01.ct2.comclick.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@invitemedia[1].txt [ Cookie:*@invitemedia.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@zanox[1].txt [ Cookie:*@zanox.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ad2.adfarm1.adition[1].txt [ Cookie:*@ad2.adfarm1.adition.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@statse.webtrendslive[1].txt [ Cookie:*@statse.webtrendslive.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5HO8FRM.txt [ Cookie:*@adfarm1.adition.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@doubleclick[2].txt [ Cookie:*@doubleclick.net/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ad.zanox[1].txt [ Cookie:*@ad.zanox.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@2o7[1].txt [ Cookie:*@2o7.net/ ]
	C:\USERS\*\Cookies\I9Y7XYS5.txt [ Cookie:*@ad.yieldmanager.com/ ]
	C:\USERS\*\Cookies\VYYJPCFX.txt [ Cookie:*@fastclick.net/ ]
	C:\USERS\*\Cookies\EZSOOTYL.txt [ Cookie:*@zanox-affiliate.de/ ]
	C:\USERS\*\Cookies\OI0CWFTF.txt [ Cookie:*@tracking.quisma.com/ ]
	C:\USERS\*\Cookies\3RNQT3BD.txt [ Cookie:*@invitemedia.com/ ]
	C:\USERS\*\Cookies\5SOAMLI2.txt [ Cookie:*@ad1.adfarm1.adition.com/ ]
	C:\USERS\*\Cookies\GTKWWDV2.txt [ Cookie:*@adform.net/ ]
	C:\USERS\*\Cookies\CR0UDPRZ.txt [ Cookie:*@zanox.com/ ]
	C:\USERS\*\Cookies\8S6AFMYP.txt [ Cookie:*@ad2.adfarm1.adition.com/ ]
	C:\USERS\*\Cookies\LQ8IA5IN.txt [ Cookie:*@serving-sys.com/ ]
	C:\USERS\*\Cookies\IWWFN7UY.txt [ Cookie:*@tradedoubler.com/ ]
	C:\USERS\*\Cookies\G6LG0R4E.txt [ Cookie:*@bs.serving-sys.com/ ]
	C:\USERS\*\Cookies\4RNFNQOL.txt [ Cookie:*@adfarm1.adition.com/ ]
	C:\USERS\*\Cookies\ROBY7AQE.txt [ Cookie:*@doubleclick.net/ ]
	C:\USERS\*\Cookies\4P3YE6S7.txt [ Cookie:*@adtech.de/ ]
	C:\USERS\*\Cookies\GD4NDTOQ.txt [ Cookie:*@track.adform.net/ ]
	C:\USERS\*\Cookies\MSW65PDZ.txt [ Cookie:*@revsci.net/ ]
	C:\USERS\*\Cookies\2QLT3K29.txt [ Cookie:*@smartadserver.com/ ]
	C:\USERS\*\Cookies\VPBZ21MH.txt [ Cookie:*@ad3.adfarm1.adition.com/ ]
	C:\USERS\*\Cookies\52TV7BK7.txt [ Cookie:*@ad4.adfarm1.adition.com/ ]
	C:\USERS\*\Cookies\CQJTWXJV.txt [ Cookie:*@ad.zanox.com/ ]
	C:\USERS\*\Cookies\PZEW62GO.txt [ Cookie:*@server.adformdsp.net/ ]
	C:\USERS\*\Cookies\77SIYJTW.txt [ Cookie:*@www.zanox-affiliate.de/ ]
	oddcast.com [ C:\USERS\*\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\67QKZ28A ]
	s0.2mdn.net [ C:\USERS\*\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\67QKZ28A ]
	C:\USERS\*\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\*@GOOGLEADS.G.DOUBLECLICK[1].TXT [ /GOOGLEADS.G.DOUBLECLICK ]
	C:\USERS\*\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\*@ADX.CHIP[2].TXT [ /ADX.CHIP ]
	.rambler.ru [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.bwincom.122.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	topmedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	topmedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.topmedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.topmedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.topmedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.rambler.ru [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.estat.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.lengow.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.lengow.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.lengow.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.lengow.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.lengow.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.lengow.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.thomascookag.122.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.tchibo.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.mobile.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.4stats.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.4stats.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.4stats.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.hrs.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.hrs.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	tracking.hrs.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.*.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.*.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.*.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.tuiinteractive.122.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.3dstats.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.*.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.*.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.*.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.comvelgmbh.112.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	uk.sitestat.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	track.zalando.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wgkyghdpclp.stats.esomniture.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	counters.gigya.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wjmiuhdzsbq.stats.esomniture.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	media-manager.ksk-koeln.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	partners.webmasterplan.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	media-manager.ksk-koeln.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	media-manager.ksk-koeln.de [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.msnportal.112.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]
	.parship.122.2o7.net [ C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYPKMPG5.DEFAULT\COOKIES.SQLITE ]

Alt 17.10.2012, 12:44   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.10.2012, 08:45   #30
LaFilleUniqu
 
TR/Crypt.ULPM.Gen - Standard

TR/Crypt.ULPM.Gen


Vielen Dank!

Den Cookie Culler hab ich installiert, bin nur leider zu doof, um diese Einstellungen zu finden....Wenn ich unter "Add ons" suche, dann finde ich zwar unter "Erweiterungen" den Cookie Culler, kann aber nur eine Option wählen "Delete Unprotected Cookies on Startup". Aber wo kann ich Seiten schützen?

Das einzige Problem ist, dass ab und an der PC nicht komplet hoch fährt und ich dann wählen muss "Windows normal starten". Das ist auch erst seit diesem Trojaner.

Außerdem hab ich den Trojaner bei Avira noch immer vom ersten Suchlauf in der Quarantäne. Muss ich da noch irgendwas machen?

Antwort
Seite 2 von 3 1 2 3

Themen zu TR/Crypt.ULPM.Gen
adobe, antivir, autorun, avg, avira, bho, bingbar, document, entfernen, error, explorer, firefox, flash player, format, home, install.exe, logfile, mozilla, plug-in, realtek, registry, rundll, scan, searchscopes, security, senden, svchost.exe, udp, windows, wlan


« Computer gesperrt - Österr. Polizei | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner »


Ähnliche Themen: TR/Crypt.ULPM.Gen


  1. Windows 8.1: tr/crypt.ulpm.gen
    Log-Analyse und Auswertung - 19.06.2015 (7)
  2. TR/Crypt.ULPM.Gen
    Log-Analyse und Auswertung - 14.04.2013 (12)
  3. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  4. TR/Crypt.ULPM.Gen nur auf Ext-HDD?
    Plagegeister aller Art und deren Bekämpfung - 27.11.2011 (5)
  5. TR\crypt\ULPM.gen
    Plagegeister aller Art und deren Bekämpfung - 23.10.2011 (27)
  6. TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 24.05.2009 (0)
  7. TR/Crypt.ULPM.Gen
    Log-Analyse und Auswertung - 26.03.2009 (7)
  8. Problem mit TR/Crypt.ULPM.Gen
    Log-Analyse und Auswertung - 30.10.2008 (1)
  9. TR/Crypt.ULPM.Gen und .crypt.xpack.gen von antivir gemeldet
    Log-Analyse und Auswertung - 27.09.2008 (1)
  10. TR/Crypt.ULPM.Gen
    Mülltonne - 03.08.2008 (0)
  11. TR/Crypt.ULPM.Gen
    Mülltonne - 17.11.2007 (0)
  12. Virus TR/Crypt.ULPM.Gen'
    Plagegeister aller Art und deren Bekämpfung - 31.07.2007 (4)
  13. TR/Crypt.ULPM.Gen
    Log-Analyse und Auswertung - 14.07.2007 (9)
  14. tr/Crypt.ULPM.gen
    Log-Analyse und Auswertung - 01.07.2007 (6)
  15. Trojaner TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 01.07.2007 (1)
  16. TR/Crypt.ULPM.Gen
    Mülltonne - 01.07.2007 (1)
  17. TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 31.01.2007 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Crypt.ULPM.Gen - Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert - TR/Crypt.ULPM.Gen...
Archiv
Du betrachtest: TR/Crypt.ULPM.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55