| |
| |||||||
Log-Analyse und Auswertung: Trojaner Searchnu - http://www.searchnu.com/413?tag=newtabWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.08.2012, 17:15
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-722066157-1209004584-819911206-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-722066157-1209004584-819911206-1000\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-722066157-1209004584-819911206-1000\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-722066157-1209004584-819911206-1000\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-722066157-1209004584-819911206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-722066157-1209004584-819911206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0564190b-3e3f-11df-844a-00269ea1672c}\Shell - "" = AutoRun
O33 - MountPoints2\{0564190b-3e3f-11df-844a-00269ea1672c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{31da5220-fbe6-11e0-865a-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{31da5220-fbe6-11e0-865a-001e101fa1f5}\Shell\AutoRun\command - "" = H:\Installer.exe
O33 - MountPoints2\{3b36dcac-aca4-11e0-8dad-00269ea1672c}\Shell - "" = AutoRun
O33 - MountPoints2\{3b36dcac-aca4-11e0-8dad-00269ea1672c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3b36dcbc-aca4-11e0-8dad-00269ea1672c}\Shell - "" = AutoRun
O33 - MountPoints2\{3b36dcbc-aca4-11e0-8dad-00269ea1672c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{430025b9-1671-11e1-83b4-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{430025b9-1671-11e1-83b4-001e101f2c0e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{713b3552-fce9-11e0-8632-00269ea1672c}\Shell - "" = AutoRun
O33 - MountPoints2\{713b3552-fce9-11e0-8632-00269ea1672c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98698422-2b2d-11e1-8ff5-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{98698422-2b2d-11e1-8ff5-001e101fa1f5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9
:Files
C:\Program Files (x86)\Windows Searchqu Toolbar
C:\Users\Ninchen\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Ninchen\Downloads\Setup74_FreeFlvConverter.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.08.2012, 23:08
| #17 |
 | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtabCode:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ not found.
HKU\S-1-5-21-722066157-1209004584-819911206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-722066157-1209004584-819911206-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ not found.
Registry key HKEY_USERS\S-1-5-21-722066157-1209004584-819911206-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ not found.
Registry key HKEY_USERS\S-1-5-21-722066157-1209004584-819911206-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle not found.
Registry value HKEY_USERS\S-1-5-21-722066157-1209004584-819911206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-722066157-1209004584-819911206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0564190b-3e3f-11df-844a-00269ea1672c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0564190b-3e3f-11df-844a-00269ea1672c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0564190b-3e3f-11df-844a-00269ea1672c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0564190b-3e3f-11df-844a-00269ea1672c}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31da5220-fbe6-11e0-865a-001e101fa1f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31da5220-fbe6-11e0-865a-001e101fa1f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31da5220-fbe6-11e0-865a-001e101fa1f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31da5220-fbe6-11e0-865a-001e101fa1f5}\ not found.
File H:\Installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b36dcac-aca4-11e0-8dad-00269ea1672c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b36dcac-aca4-11e0-8dad-00269ea1672c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b36dcac-aca4-11e0-8dad-00269ea1672c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b36dcac-aca4-11e0-8dad-00269ea1672c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b36dcbc-aca4-11e0-8dad-00269ea1672c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b36dcbc-aca4-11e0-8dad-00269ea1672c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b36dcbc-aca4-11e0-8dad-00269ea1672c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b36dcbc-aca4-11e0-8dad-00269ea1672c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{430025b9-1671-11e1-83b4-001e101f2c0e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{430025b9-1671-11e1-83b4-001e101f2c0e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{430025b9-1671-11e1-83b4-001e101f2c0e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{430025b9-1671-11e1-83b4-001e101f2c0e}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{713b3552-fce9-11e0-8632-00269ea1672c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{713b3552-fce9-11e0-8632-00269ea1672c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{713b3552-fce9-11e0-8632-00269ea1672c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{713b3552-fce9-11e0-8632-00269ea1672c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98698422-2b2d-11e1-8ff5-001e101fa1f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98698422-2b2d-11e1-8ff5-001e101fa1f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98698422-2b2d-11e1-8ff5-001e101fa1f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98698422-2b2d-11e1-8ff5-001e101fa1f5}\ not found.
File F:\AutoRun.exe not found.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\Windows Searchqu Toolbar not found.
File\Folder C:\Users\Ninchen\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
C:\Users\Ninchen\Downloads\Setup74_FreeFlvConverter.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ninchen
->Temp folder emptied: 1317162984 bytes
->Temporary Internet Files folder emptied: 34404132 bytes
->Java cache emptied: 32676636 bytes
->FireFox cache emptied: 773015380 bytes
->Flash cache emptied: 3086240 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 348614457 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045802 bytes
RecycleBin emptied: 283807457 bytes
Total Files Cleaned = 2.698,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Ninchen
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.57.0 log created on 08132012_235801
Files\Folders moved on Reboot...
C:\Users\Ninchen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Ninchen\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
14.08.2012, 15:23
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
14.08.2012, 21:52
| #19 |
| | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtabCode:
ATTFilter 22:49:10.0447 2996 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
22:49:10.0806 2996 ============================================================
22:49:10.0806 2996 Current date / time: 2012/08/14 22:49:10.0806
22:49:10.0806 2996 SystemInfo:
22:49:10.0806 2996
22:49:10.0806 2996 OS Version: 6.1.7601 ServicePack: 1.0
22:49:10.0806 2996 Product type: Workstation
22:49:10.0806 2996 ComputerName: NINCHEN-PC
22:49:10.0806 2996 UserName: Ninchen
22:49:10.0806 2996 Windows directory: C:\Windows
22:49:10.0806 2996 System windows directory: C:\Windows
22:49:10.0806 2996 Running under WOW64
22:49:10.0806 2996 Processor architecture: Intel x64
22:49:10.0806 2996 Number of processors: 2
22:49:10.0806 2996 Page size: 0x1000
22:49:10.0806 2996 Boot type: Normal boot
22:49:10.0806 2996 ============================================================
22:49:12.0738 2996 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:49:12.0738 2996 ============================================================
22:49:12.0738 2996 \Device\Harddisk0\DR0:
22:49:12.0738 2996 MBR partitions:
22:49:12.0738 2996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:49:12.0738 2996 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23921000
22:49:12.0738 2996 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23985000, BlocksNum 0x1A75800
22:49:12.0738 2996 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
22:49:12.0738 2996 ============================================================
22:49:12.0798 2996 C: <-> \Device\Harddisk0\DR0\Partition2
22:49:12.0888 2996 D: <-> \Device\Harddisk0\DR0\Partition3
22:49:12.0888 2996 ============================================================
22:49:12.0888 2996 Initialize success
22:49:12.0888 2996 ============================================================
22:49:33.0920 3068 ============================================================
22:49:33.0920 3068 Scan started
22:49:33.0920 3068 Mode: Manual; SigCheck; TDLFS;
22:49:33.0920 3068 ============================================================
22:49:34.0270 3068 ================ Scan services =============================
22:49:34.0410 3068 [ 7d9d615201a483d6fa99491c2e655a5a ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:49:34.0552 3068 !SASCORE - ok
22:49:34.0692 3068 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:49:34.0752 3068 1394ohci - ok
22:49:34.0792 3068 [ 1cffe9c06e66a57dae1452e449a58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
22:49:35.0252 3068 Accelerometer - ok
22:49:35.0292 3068 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:49:35.0342 3068 ACPI - ok
22:49:35.0362 3068 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:49:35.0422 3068 AcpiPmi - ok
22:49:35.0572 3068 [ f19c98ad81d2c0e1bbfd8153d2c80ee8 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:49:35.0612 3068 AdobeFlashPlayerUpdateSvc - ok
22:49:35.0662 3068 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:49:35.0702 3068 adp94xx - ok
22:49:35.0742 3068 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:49:35.0772 3068 adpahci - ok
22:49:35.0792 3068 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:49:35.0812 3068 adpu320 - ok
22:49:35.0842 3068 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:49:35.0892 3068 AeLookupSvc - ok
22:49:35.0982 3068 [ a6fb9db8f1a86861d955fd6975977ae0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
22:49:36.0052 3068 AESTFilters - ok
22:49:36.0104 3068 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:49:36.0184 3068 AFD - ok
22:49:36.0234 3068 [ 98022774d9930ecbb292e70db7601df6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
22:49:36.0304 3068 AgereSoftModem - ok
22:49:36.0344 3068 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:49:36.0364 3068 agp440 - ok
22:49:36.0394 3068 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
22:49:36.0424 3068 ALG - ok
22:49:36.0454 3068 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:49:36.0474 3068 aliide - ok
22:49:36.0534 3068 [ d0d8877969011d1b0ed9c3c55a9a9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:49:36.0604 3068 AMD External Events Utility - ok
22:49:36.0634 3068 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
22:49:36.0664 3068 amdide - ok
22:49:36.0704 3068 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:49:36.0764 3068 AmdK8 - ok
22:49:36.0784 3068 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:49:36.0814 3068 AmdPPM - ok
22:49:36.0844 3068 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:49:36.0854 3068 amdsata - ok
22:49:36.0884 3068 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:49:36.0904 3068 amdsbs - ok
22:49:36.0914 3068 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:49:36.0924 3068 amdxata - ok
22:49:37.0014 3068 [ 466a0d95960dad3222c896d2cea99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:49:37.0044 3068 AntiVirSchedulerService - ok
22:49:37.0096 3068 [ a489be6bb0aa1ff406b488b60542314b ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:49:37.0106 3068 AntiVirService - ok
22:49:37.0166 3068 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
22:49:37.0286 3068 AppID - ok
22:49:37.0316 3068 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:49:37.0406 3068 AppIDSvc - ok
22:49:37.0436 3068 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:49:37.0526 3068 Appinfo - ok
22:49:37.0626 3068 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:49:37.0646 3068 Apple Mobile Device - ok
22:49:37.0706 3068 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
22:49:37.0736 3068 arc - ok
22:49:37.0746 3068 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:49:37.0776 3068 arcsas - ok
22:49:37.0806 3068 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:49:37.0896 3068 AsyncMac - ok
22:49:37.0926 3068 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
22:49:37.0946 3068 atapi - ok
22:49:38.0016 3068 [ 38562a6a9cb10844759eaf2b01a7fcd3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:49:38.0088 3068 athr - ok
22:49:38.0178 3068 [ 38467ff83c2b4265d51f418812a91e3c ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
22:49:38.0208 3068 AtiHdmiService - ok
22:49:38.0358 3068 [ c5758bf1dfd762a5b17041ff061b7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:49:38.0498 3068 atikmdag - ok
22:49:38.0548 3068 [ 7c5d273e29dcc5505469b299c6f29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:49:38.0558 3068 AtiPcie - ok
22:49:38.0618 3068 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:49:38.0708 3068 AudioEndpointBuilder - ok
22:49:38.0718 3068 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:49:38.0758 3068 AudioSrv - ok
22:49:38.0808 3068 [ 26e38b5a58c6c55fafbc563eeddb0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:49:38.0838 3068 avgntflt - ok
22:49:38.0878 3068 [ 9d1f00beff84cbbf46d7f052bc7e0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:49:38.0908 3068 avipbb - ok
22:49:38.0928 3068 [ 248db59fc86de44d2779f4c7fb1a567d ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:49:38.0958 3068 avkmgr - ok
22:49:38.0998 3068 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:49:39.0058 3068 AxInstSV - ok
22:49:39.0090 3068 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:49:39.0130 3068 b06bdrv - ok
22:49:39.0170 3068 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:49:39.0190 3068 b57nd60a - ok
22:49:39.0230 3068 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:49:39.0240 3068 BDESVC - ok
22:49:39.0260 3068 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:49:39.0320 3068 Beep - ok
22:49:39.0400 3068 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
22:49:39.0470 3068 BFE - ok
22:49:39.0540 3068 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll
22:49:39.0660 3068 BITS - ok
22:49:39.0700 3068 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:49:39.0720 3068 blbdrive - ok
22:49:39.0790 3068 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:49:39.0820 3068 Bonjour Service - ok
22:49:39.0860 3068 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:49:39.0880 3068 bowser - ok
22:49:39.0910 3068 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:49:39.0980 3068 BrFiltLo - ok
22:49:39.0990 3068 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:49:40.0040 3068 BrFiltUp - ok
22:49:40.0080 3068 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
22:49:40.0132 3068 Browser - ok
22:49:40.0152 3068 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:49:40.0162 3068 Brserid - ok
22:49:40.0182 3068 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:49:40.0192 3068 BrSerWdm - ok
22:49:40.0202 3068 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:49:40.0252 3068 BrUsbMdm - ok
22:49:40.0282 3068 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:49:40.0352 3068 BrUsbSer - ok
22:49:40.0472 3068 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:49:40.0512 3068 BTHMODEM - ok
22:49:40.0542 3068 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
22:49:40.0612 3068 bthserv - ok
22:49:40.0642 3068 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:49:40.0702 3068 cdfs - ok
22:49:40.0752 3068 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:49:40.0802 3068 cdrom - ok
22:49:40.0862 3068 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
22:49:40.0952 3068 CertPropSvc - ok
22:49:40.0992 3068 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:49:41.0032 3068 circlass - ok
22:49:41.0062 3068 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
22:49:41.0092 3068 CLFS - ok
22:49:41.0152 3068 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:49:41.0172 3068 clr_optimization_v2.0.50727_32 - ok
22:49:41.0232 3068 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:49:41.0262 3068 clr_optimization_v2.0.50727_64 - ok
22:49:41.0362 3068 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:49:41.0412 3068 clr_optimization_v4.0.30319_32 - ok
22:49:41.0442 3068 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:49:41.0472 3068 clr_optimization_v4.0.30319_64 - ok
22:49:41.0492 3068 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:49:41.0522 3068 CmBatt - ok
22:49:41.0552 3068 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:49:41.0582 3068 cmdide - ok
22:49:41.0632 3068 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
22:49:41.0692 3068 CNG - ok
22:49:41.0792 3068 [ f9a79c5b27037821112c50a9c8fb367a ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:49:41.0822 3068 Com4QLBEx - ok
22:49:41.0842 3068 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:49:41.0872 3068 Compbatt - ok
22:49:41.0902 3068 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:49:41.0962 3068 CompositeBus - ok
22:49:41.0982 3068 COMSysApp - ok
22:49:42.0022 3068 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:49:42.0032 3068 crcdisk - ok
22:49:42.0082 3068 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:49:42.0122 3068 CryptSvc - ok
22:49:42.0172 3068 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:49:42.0282 3068 DcomLaunch - ok
22:49:42.0392 3068 [ cc8b5c964b777f4ec3e89f13b4b5ff0f ] DCService.exe C:\ProgramData\DatacardService\DCService.exe
22:49:42.0422 3068 DCService.exe ( UnsignedFile.Multi.Generic ) - warning
22:49:42.0422 3068 DCService.exe - detected UnsignedFile.Multi.Generic (1)
22:49:42.0452 3068 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
22:49:42.0562 3068 defragsvc - ok
22:49:42.0622 3068 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:49:42.0722 3068 DfsC - ok
22:49:42.0782 3068 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
22:49:42.0902 3068 Dhcp - ok
22:49:42.0932 3068 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
22:49:42.0992 3068 discache - ok
22:49:43.0012 3068 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:49:43.0032 3068 Disk - ok
22:49:43.0072 3068 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:49:43.0122 3068 Dnscache - ok
22:49:43.0172 3068 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:49:43.0272 3068 dot3svc - ok
22:49:43.0332 3068 [ b42ed0320c6e41102fde0005154849bb ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:49:43.0382 3068 Dot4 - ok
22:49:43.0412 3068 [ e9f5969233c5d89f3c35e3a66a52a361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
22:49:43.0482 3068 Dot4Print - ok
22:49:43.0512 3068 [ fd05a02b0370bc3000f402e543ca5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:49:43.0532 3068 dot4usb - ok
22:49:43.0572 3068 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
22:49:43.0642 3068 DPS - ok
22:49:43.0672 3068 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:49:43.0702 3068 drmkaud - ok
22:49:43.0762 3068 [ fb9bef3401ee5ecc2603311b9c64f44a ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:49:43.0802 3068 dtsoftbus01 - ok
22:49:43.0852 3068 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:49:43.0902 3068 DXGKrnl - ok
22:49:43.0932 3068 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:49:43.0992 3068 EapHost - ok
22:49:44.0072 3068 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:49:44.0182 3068 ebdrv - ok
22:49:44.0212 3068 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
22:49:44.0232 3068 EFS - ok
22:49:44.0312 3068 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:49:44.0372 3068 ehRecvr - ok
22:49:44.0402 3068 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
22:49:44.0452 3068 ehSched - ok
22:49:44.0492 3068 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:49:44.0532 3068 elxstor - ok
22:49:44.0562 3068 [ 524c79054636d2e5751169005006460b ] enecir C:\Windows\system32\DRIVERS\enecir.sys
22:49:44.0592 3068 enecir - ok
22:49:44.0612 3068 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:49:44.0662 3068 ErrDev - ok
22:49:44.0712 3068 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
22:49:44.0792 3068 EventSystem - ok
22:49:44.0852 3068 [ 23b79b19f49a037eba4a9a3bb03ed91d ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
22:49:44.0892 3068 ewusbnet - ok
22:49:44.0942 3068 [ e2cbb821c7cae0ef8b56de28ed85c740 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
22:49:45.0002 3068 ew_hwusbdev - ok
22:49:45.0043 3068 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
22:49:45.0143 3068 exfat - ok
22:49:45.0173 3068 ezSharedSvc - ok
22:49:45.0193 3068 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:49:45.0253 3068 fastfat - ok
22:49:45.0333 3068 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
22:49:45.0393 3068 Fax - ok
22:49:45.0423 3068 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:49:45.0453 3068 fdc - ok
22:49:45.0523 3068 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:49:45.0613 3068 fdPHost - ok
22:49:45.0623 3068 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:49:45.0693 3068 FDResPub - ok
22:49:45.0713 3068 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:49:45.0733 3068 FileInfo - ok
22:49:45.0753 3068 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:49:45.0803 3068 Filetrace - ok
22:49:45.0823 3068 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:49:45.0843 3068 flpydisk - ok
22:49:45.0893 3068 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:49:45.0933 3068 FltMgr - ok
22:49:45.0993 3068 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
22:49:46.0073 3068 FontCache - ok
22:49:46.0135 3068 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:49:46.0165 3068 FontCache3.0.0.0 - ok
22:49:46.0195 3068 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:49:46.0215 3068 FsDepends - ok
22:49:46.0255 3068 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:49:46.0285 3068 Fs_Rec - ok
22:49:46.0335 3068 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:49:46.0385 3068 fvevol - ok
22:49:46.0415 3068 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:49:46.0435 3068 gagp30kx - ok
22:49:46.0485 3068 [ c44d560e441f091ea3b72f778ec60de2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
22:49:46.0515 3068 GameConsoleService - ok
22:49:46.0575 3068 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:49:46.0605 3068 GEARAspiWDM - ok
22:49:46.0645 3068 [ a4198f2bd8aa592cb90476277a81b5e1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
22:49:46.0675 3068 ggflt - ok
22:49:46.0725 3068 [ d266350bdaab9eb6c1aec370eeaaff3a ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
22:49:46.0755 3068 ggsemc - ok
22:49:46.0805 3068 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
22:49:46.0895 3068 gpsvc - ok
22:49:46.0925 3068 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:49:46.0955 3068 hcw85cir - ok
22:49:47.0005 3068 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:49:47.0035 3068 HdAudAddService - ok
22:49:47.0065 3068 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:49:47.0105 3068 HDAudBus - ok
22:49:47.0105 3068 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:49:47.0125 3068 HidBatt - ok
22:49:47.0155 3068 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:49:47.0185 3068 HidBth - ok
22:49:47.0215 3068 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:49:47.0255 3068 HidIr - ok
22:49:47.0295 3068 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
22:49:47.0365 3068 hidserv - ok
22:49:47.0415 3068 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:49:47.0455 3068 HidUsb - ok
22:49:47.0495 3068 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:49:47.0595 3068 hkmsvc - ok
22:49:47.0635 3068 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:49:47.0695 3068 HomeGroupListener - ok
22:49:47.0745 3068 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:49:47.0785 3068 HomeGroupProvider - ok
22:49:47.0845 3068 [ 13bb1114451c63bfb41ba7daa4d70a29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:49:47.0875 3068 HP Support Assistant Service - ok
22:49:47.0925 3068 [ bcc4a8b2e2e902f52e7f2e7d8e125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:49:47.0955 3068 HPDrvMntSvc.exe - ok
22:49:47.0985 3068 [ 05712fddbd45a5864eb326faabc6a4e3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
22:49:48.0015 3068 hpdskflt - ok
22:49:48.0145 3068 [ 0a3c6aa4a9fc38c20ba4eac2c3351c05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:49:48.0165 3068 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:49:48.0165 3068 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:49:48.0205 3068 [ f3f72a2a86c22610bca5439fa789dd52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:49:48.0225 3068 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:49:48.0225 3068 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:49:48.0245 3068 [ 9af482d058be59cc28bce52e7c4b747c ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:49:48.0275 3068 HpqKbFiltr - ok
22:49:48.0345 3068 [ ec9739a46f1f83c6e52a7a4697f44a65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
22:49:48.0395 3068 hpqwmiex - ok
22:49:48.0425 3068 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:49:48.0445 3068 HpSAMD - ok
22:49:48.0535 3068 [ d972f48d0ce396759b788693cd665926 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:49:48.0575 3068 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:49:48.0575 3068 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:49:48.0615 3068 [ aa036cc5f5221d9b915f4d4dce74ba9a ] hpsrv C:\Windows\system32\Hpservice.exe
22:49:48.0645 3068 hpsrv - ok
22:49:48.0705 3068 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:49:48.0785 3068 HTTP - ok
22:49:48.0835 3068 [ 08b1a06a55f068a17a51ba26618cf50f ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
22:49:48.0885 3068 huawei_enumerator - ok
22:49:48.0935 3068 [ 6e5cd3984742a922d0c183c7e82c3c94 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:49:48.0995 3068 hwdatacard - ok
22:49:49.0026 3068 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:49:49.0066 3068 hwpolicy - ok
22:49:49.0106 3068 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:49:49.0126 3068 i8042prt - ok
22:49:49.0166 3068 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:49:49.0196 3068 iaStorV - ok
22:49:49.0256 3068 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:49:49.0306 3068 idsvc - ok
22:49:49.0496 3068 [ a87261ef1546325b559374f5689cf5bc ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:49:49.0628 3068 igfx - ok
22:49:49.0648 3068 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:49:49.0668 3068 iirsp - ok
22:49:49.0730 3068 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
22:49:49.0802 3068 IKEEXT - ok
22:49:49.0832 3068 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
22:49:49.0852 3068 intelide - ok
22:49:49.0872 3068 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:49:49.0882 3068 intelppm - ok
22:49:49.0912 3068 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:49:49.0952 3068 IPBusEnum - ok
22:49:49.0990 3068 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:49:50.0024 3068 IpFilterDriver - ok
22:49:50.0059 3068 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:49:50.0108 3068 iphlpsvc - ok
22:49:50.0128 3068 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:49:50.0148 3068 IPMIDRV - ok
22:49:50.0178 3068 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:49:50.0248 3068 IPNAT - ok
22:49:50.0420 3068 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:49:50.0460 3068 iPod Service - ok
22:49:50.0512 3068 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:49:50.0552 3068 IRENUM - ok
22:49:50.0582 3068 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:49:50.0602 3068 isapnp - ok
22:49:50.0632 3068 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:49:50.0652 3068 iScsiPrt - ok
22:49:50.0702 3068 [ f8844b00c10e386c704c610e95a9847d ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
22:49:50.0732 3068 JMCR - ok
22:49:50.0762 3068 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:49:50.0782 3068 kbdclass - ok
22:49:50.0792 3068 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:49:50.0832 3068 kbdhid - ok
22:49:50.0852 3068 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
22:49:50.0862 3068 KeyIso - ok
22:49:50.0902 3068 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:49:50.0922 3068 KSecDD - ok
22:49:50.0952 3068 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:49:50.0972 3068 KSecPkg - ok
22:49:51.0002 3068 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:49:51.0090 3068 ksthunk - ok
22:49:51.0124 3068 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
22:49:51.0174 3068 KtmRm - ok
22:49:51.0214 3068 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:49:51.0314 3068 LanmanServer - ok
22:49:51.0364 3068 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:49:51.0484 3068 LanmanWorkstation - ok
22:49:51.0574 3068 [ 83d8be94e1cbcbe2ea8372db1a95a159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:49:51.0604 3068 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:49:51.0604 3068 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:49:51.0624 3068 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:49:51.0734 3068 lltdio - ok
22:49:51.0764 3068 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:49:51.0884 3068 lltdsvc - ok
22:49:51.0904 3068 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:49:51.0964 3068 lmhosts - ok
22:49:51.0984 3068 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:49:52.0014 3068 LSI_FC - ok
22:49:52.0034 3068 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:49:52.0065 3068 LSI_SAS - ok
22:49:52.0075 3068 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:49:52.0095 3068 LSI_SAS2 - ok
22:49:52.0105 3068 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:49:52.0125 3068 LSI_SCSI - ok
22:49:52.0165 3068 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
22:49:52.0255 3068 luafv - ok
22:49:52.0325 3068 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:49:52.0365 3068 MBAMProtector - ok
22:49:52.0465 3068 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:49:52.0515 3068 MBAMService - ok
22:49:52.0575 3068 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:49:52.0625 3068 Mcx2Svc - ok
22:49:52.0705 3068 [ 7cf1b716372b89568ae4c0fe769f5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
22:49:52.0755 3068 MDM ( UnsignedFile.Multi.Generic ) - warning
22:49:52.0755 3068 MDM - detected UnsignedFile.Multi.Generic (1)
22:49:52.0805 3068 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:49:52.0835 3068 megasas - ok
22:49:52.0865 3068 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:49:52.0895 3068 MegaSR - ok
22:49:52.0925 3068 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
22:49:53.0005 3068 MMCSS - ok
22:49:53.0045 3068 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:49:53.0095 3068 Modem - ok
22:49:53.0115 3068 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:49:53.0135 3068 monitor - ok
22:49:53.0165 3068 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:49:53.0185 3068 mouclass - ok
22:49:53.0205 3068 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:49:53.0225 3068 mouhid - ok
22:49:53.0265 3068 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:49:53.0305 3068 mountmgr - ok
22:49:53.0395 3068 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:49:53.0425 3068 MozillaMaintenance - ok
22:49:53.0445 3068 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:49:53.0475 3068 mpio - ok
22:49:53.0495 3068 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:49:53.0565 3068 mpsdrv - ok
22:49:53.0625 3068 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:49:53.0715 3068 MpsSvc - ok
22:49:53.0755 3068 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:49:53.0805 3068 MRxDAV - ok
22:49:53.0845 3068 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:49:53.0895 3068 mrxsmb - ok
22:49:53.0945 3068 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:49:54.0005 3068 mrxsmb10 - ok
22:49:54.0035 3068 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:49:54.0075 3068 mrxsmb20 - ok
22:49:54.0104 3068 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:49:54.0117 3068 msahci - ok
22:49:54.0147 3068 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:49:54.0167 3068 msdsm - ok
22:49:54.0187 3068 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
22:49:54.0227 3068 MSDTC - ok
22:49:54.0267 3068 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:49:54.0317 3068 Msfs - ok
22:49:54.0327 3068 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:49:54.0377 3068 mshidkmdf - ok
22:49:54.0397 3068 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:49:54.0417 3068 msisadrv - ok
22:49:54.0447 3068 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:49:54.0497 3068 MSiSCSI - ok
22:49:54.0497 3068 msiserver - ok
22:49:54.0527 3068 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:49:54.0607 3068 MSKSSRV - ok
22:49:54.0617 3068 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:49:54.0697 3068 MSPCLOCK - ok
22:49:54.0717 3068 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:49:54.0767 3068 MSPQM - ok
22:49:54.0807 3068 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:49:54.0847 3068 MsRPC - ok
22:49:54.0867 3068 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:49:54.0887 3068 mssmbios - ok
22:49:54.0917 3068 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:49:54.0987 3068 MSTEE - ok
22:49:55.0017 3068 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:49:55.0037 3068 MTConfig - ok
22:49:55.0047 3068 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:49:55.0067 3068 Mup - ok
22:49:55.0117 3068 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
22:49:55.0207 3068 napagent - ok
22:49:55.0257 3068 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:49:55.0287 3068 NativeWifiP - ok
22:49:55.0347 3068 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
22:49:55.0407 3068 NDIS - ok
22:49:55.0417 3068 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:49:55.0477 3068 NdisCap - ok
22:49:55.0507 3068 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:49:55.0557 3068 NdisTapi - ok
22:49:55.0587 3068 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:49:55.0647 3068 Ndisuio - ok
22:49:55.0687 3068 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:49:55.0747 3068 NdisWan - ok
22:49:55.0777 3068 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:49:55.0897 3068 NDProxy - ok
22:49:55.0977 3068 [ d5ac41ae382738483faffbd7e373d49a ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:49:55.0997 3068 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:49:55.0997 3068 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:49:56.0037 3068 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:49:56.0109 3068 NetBIOS - ok
22:49:56.0149 3068 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:49:56.0219 3068 NetBT - ok
22:49:56.0239 3068 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
22:49:56.0259 3068 Netlogon - ok
22:49:56.0289 3068 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
22:49:56.0359 3068 Netman - ok
22:49:56.0379 3068 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
22:49:56.0459 3068 netprofm - ok
22:49:56.0489 3068 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:49:56.0509 3068 NetTcpPortSharing - ok
22:49:56.0679 3068 [ 64428dfdaf6e88366cb51f45a79c5f69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
22:49:56.0829 3068 netw5v64 - ok
22:49:56.0859 3068 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:49:56.0879 3068 nfrd960 - ok
22:49:56.0919 3068 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:49:57.0039 3068 NlaSvc - ok
22:49:57.0089 3068 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:49:57.0139 3068 Npfs - ok
22:49:57.0149 3068 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:49:57.0199 3068 nsi - ok
22:49:57.0219 3068 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:49:57.0259 3068 nsiproxy - ok
22:49:57.0339 3068 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:49:57.0419 3068 Ntfs - ok
22:49:57.0429 3068 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
22:49:57.0469 3068 Null - ok
22:49:57.0489 3068 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:49:57.0509 3068 nvraid - ok
22:49:57.0529 3068 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:49:57.0549 3068 nvstor - ok
22:49:57.0579 3068 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:49:57.0619 3068 nv_agp - ok
22:49:57.0699 3068 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:49:57.0749 3068 odserv - ok
22:49:57.0789 3068 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:49:57.0829 3068 ohci1394 - ok
22:49:57.0869 3068 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:49:57.0899 3068 ose - ok
22:49:57.0939 3068 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:49:57.0979 3068 p2pimsvc - ok
22:49:57.0999 3068 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:49:58.0029 3068 p2psvc - ok
22:49:58.0059 3068 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:49:58.0079 3068 Parport - ok
22:49:58.0119 3068 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:49:58.0139 3068 partmgr - ok
22:49:58.0149 3068 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:49:58.0179 3068 PcaSvc - ok
22:49:58.0209 3068 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
22:49:58.0229 3068 pci - ok
22:49:58.0239 3068 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
22:49:58.0259 3068 pciide - ok
22:49:58.0269 3068 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:49:58.0299 3068 pcmcia - ok
22:49:58.0319 3068 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:49:58.0339 3068 pcw - ok
22:49:58.0369 3068 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:49:58.0449 3068 PEAUTH - ok
22:49:58.0569 3068 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:49:58.0609 3068 PerfHost - ok
22:49:58.0699 3068 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
22:49:58.0799 3068 pla - ok
22:49:58.0839 3068 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:49:58.0879 3068 PlugPlay - ok
22:49:58.0959 3068 [ 37f6046cdc630442d7dc087501ff6fc6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:49:58.0979 3068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:49:58.0979 3068 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:49:58.0989 3068 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:49:59.0049 3068 PNRPAutoReg - ok
22:49:59.0081 3068 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:49:59.0101 3068 PNRPsvc - ok
22:49:59.0141 3068 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:49:59.0201 3068 PolicyAgent - ok
22:49:59.0231 3068 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
22:49:59.0321 3068 Power - ok
22:49:59.0361 3068 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:49:59.0441 3068 PptpMiniport - ok
22:49:59.0471 3068 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:49:59.0481 3068 Processor - ok
22:49:59.0531 3068 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:49:59.0571 3068 ProfSvc - ok
22:49:59.0581 3068 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:49:59.0621 3068 ProtectedStorage - ok
22:49:59.0671 3068 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:49:59.0751 3068 Psched - ok
22:49:59.0811 3068 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:49:59.0891 3068 ql2300 - ok
22:49:59.0901 3068 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:49:59.0921 3068 ql40xx - ok
22:49:59.0941 3068 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
22:49:59.0971 3068 QWAVE - ok
22:50:00.0001 3068 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:50:00.0041 3068 QWAVEdrv - ok
22:50:00.0071 3068 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:50:00.0111 3068 RasAcd - ok
22:50:00.0141 3068 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:50:00.0211 3068 RasAgileVpn - ok
22:50:00.0221 3068 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
22:50:00.0281 3068 RasAuto - ok
22:50:00.0321 3068 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:50:00.0421 3068 Rasl2tp - ok
22:50:00.0441 3068 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
22:50:00.0501 3068 RasMan - ok
22:50:00.0511 3068 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:50:00.0551 3068 RasPppoe - ok
22:50:00.0571 3068 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:50:00.0611 3068 RasSstp - ok
22:50:00.0651 3068 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:50:00.0691 3068 rdbss - ok
22:50:00.0701 3068 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:50:00.0721 3068 rdpbus - ok
22:50:00.0741 3068 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:50:00.0771 3068 RDPCDD - ok
22:50:00.0791 3068 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:50:00.0831 3068 RDPENCDD - ok
22:50:00.0841 3068 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:50:00.0881 3068 RDPREFMP - ok
22:50:00.0921 3068 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:50:00.0951 3068 RDPWD - ok
22:50:01.0011 3068 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:50:01.0051 3068 rdyboost - ok
22:50:01.0071 3068 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:50:01.0143 3068 RemoteAccess - ok
22:50:01.0173 3068 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:50:01.0213 3068 RemoteRegistry - ok
22:50:01.0263 3068 [ 498eb62a160674e793fa40fd65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:50:01.0303 3068 RichVideo - ok
22:50:01.0323 3068 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:50:01.0383 3068 RpcEptMapper - ok
22:50:01.0403 3068 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
22:50:01.0433 3068 RpcLocator - ok
22:50:01.0483 3068 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
22:50:01.0543 3068 RpcSs - ok
22:50:01.0573 3068 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:50:01.0673 3068 rspndr - ok
22:50:01.0723 3068 [ b49dc435ae3695bac5623dd94b05732d ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:50:01.0753 3068 RTL8167 - ok
22:50:01.0773 3068 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
22:50:01.0793 3068 SamSs - ok
22:50:01.0893 3068 [ 3289766038db2cb14d07dc84392138d5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:50:01.0923 3068 SASDIFSV - ok
22:50:01.0993 3068 [ 58a38e75f3316a83c23df6173d41f2b5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:50:02.0023 3068 SASKUTIL - ok
22:50:02.0083 3068 [ cdb954c736d51dc5fa712c039af4f683 ] SbFw C:\Windows\system32\drivers\SbFw.sys
22:50:02.0113 3068 SbFw - ok
22:50:02.0143 3068 [ 5de22e3cb6140213da2e0599b08d525c ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
22:50:02.0163 3068 SBFWIMCL - ok
22:50:02.0173 3068 [ 5de22e3cb6140213da2e0599b08d525c ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
22:50:02.0203 3068 SBFWIMCLMP - ok
22:50:02.0233 3068 [ a5bc45f8c2f30350e7566799c86b2f5d ] sbhips C:\Windows\system32\drivers\sbhips.sys
22:50:02.0283 3068 sbhips - ok
22:50:02.0313 3068 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:50:02.0403 3068 sbp2port - ok
22:50:02.0413 3068 SBRE - ok
22:50:02.0433 3068 [ f9955774a6bf0a5ca696f591c7b80a79 ] SbTis C:\Windows\system32\drivers\sbtis.sys
22:50:02.0473 3068 SbTis - ok
22:50:02.0503 3068 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:50:02.0603 3068 SCardSvr - ok
22:50:02.0633 3068 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:50:02.0733 3068 scfilter - ok
22:50:02.0783 3068 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
22:50:02.0893 3068 Schedule - ok
22:50:02.0923 3068 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
22:50:02.0993 3068 SCPolicySvc - ok
22:50:03.0023 3068 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
22:50:03.0083 3068 sdbus - ok
22:50:03.0123 3068 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:50:03.0193 3068 SDRSVC - ok
22:50:03.0223 3068 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:50:03.0333 3068 secdrv - ok
22:50:03.0363 3068 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
22:50:03.0513 3068 seclogon - ok
22:50:03.0593 3068 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
22:50:03.0693 3068 SENS - ok
22:50:03.0723 3068 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:50:03.0763 3068 SensrSvc - ok
22:50:03.0783 3068 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:50:03.0833 3068 Serenum - ok
22:50:03.0843 3068 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:50:03.0873 3068 Serial - ok
22:50:03.0913 3068 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:50:03.0953 3068 sermouse - ok
22:50:04.0003 3068 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:50:04.0073 3068 SessionEnv - ok
22:50:04.0104 3068 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:50:04.0174 3068 sffdisk - ok
22:50:04.0184 3068 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:50:04.0244 3068 sffp_mmc - ok
22:50:04.0254 3068 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:50:04.0304 3068 sffp_sd - ok
22:50:04.0314 3068 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:50:04.0394 3068 sfloppy - ok
22:50:04.0434 3068 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:50:04.0514 3068 SharedAccess - ok
22:50:04.0534 3068 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:50:04.0604 3068 ShellHWDetection - ok
22:50:04.0634 3068 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:50:04.0664 3068 SiSRaid2 - ok
22:50:04.0674 3068 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:50:04.0714 3068 SiSRaid4 - ok
22:50:04.0794 3068 [ ea396139541706b4b433641d62ea53ce ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:50:04.0864 3068 SkypeUpdate - ok
22:50:04.0904 3068 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:50:04.0984 3068 Smb - ok
22:50:05.0034 3068 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:50:05.0064 3068 SNMPTRAP - ok
22:50:05.0174 3068 [ 5177d14a78e60fd61dcfc6b388e7e971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
22:50:05.0224 3068 Sony PC Companion - ok
22:50:05.0234 3068 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:50:05.0294 3068 spldr - ok
22:50:05.0344 3068 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
22:50:05.0464 3068 Spooler - ok
22:50:05.0584 3068 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
22:50:05.0734 3068 sppsvc - ok
22:50:05.0754 3068 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:50:05.0834 3068 sppuinotify - ok
22:50:05.0874 3068 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
22:50:05.0954 3068 srv - ok
22:50:05.0974 3068 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:50:06.0044 3068 srv2 - ok
22:50:06.0084 3068 [ 0c4540311e11664b245a263e1154cef8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:50:06.0154 3068 SrvHsfHDA - ok
22:50:06.0204 3068 [ 02071d207a9858fbe3a48cbfd59c4a04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:50:06.0274 3068 SrvHsfV92 - ok
22:50:06.0304 3068 [ 18e40c245dbfaf36fd0134a7ef2df396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:50:06.0354 3068 SrvHsfWinac - ok
22:50:06.0384 3068 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:50:06.0474 3068 srvnet - ok
22:50:06.0564 3068 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:50:06.0674 3068 SSDPSRV - ok
22:50:06.0694 3068 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:50:06.0764 3068 SstpSvc - ok
22:50:06.0844 3068 [ 810199dcc3bdc38304d7d649992ea7bc ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
22:50:06.0904 3068 STacSV - ok
22:50:06.0924 3068 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:50:06.0964 3068 stexstor - ok
22:50:07.0014 3068 [ ed1722f43ce61409ef68340402d6267d ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
22:50:07.0054 3068 STHDA - ok
22:50:07.0104 3068 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
22:50:07.0184 3068 stisvc - ok
22:50:07.0204 3068 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:50:07.0244 3068 swenum - ok
22:50:07.0284 3068 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
22:50:07.0394 3068 swprv - ok
22:50:07.0464 3068 [ 929c9fa0b18ad2ebc8340591c4bf00ff ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:50:07.0534 3068 SynTP - ok
22:50:07.0614 3068 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
22:50:07.0704 3068 SysMain - ok
22:50:07.0744 3068 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:50:07.0834 3068 TabletInputService - ok
22:50:07.0854 3068 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:50:07.0924 3068 TapiSrv - ok
22:50:07.0944 3068 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
22:50:08.0004 3068 TBS - ok
22:50:08.0084 3068 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:50:08.0184 3068 Tcpip - ok
22:50:08.0224 3068 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:50:08.0284 3068 TCPIP6 - ok
22:50:08.0324 3068 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:50:08.0384 3068 tcpipreg - ok
22:50:08.0424 3068 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:50:08.0494 3068 TDPIPE - ok
22:50:08.0534 3068 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:50:08.0614 3068 TDTCP - ok
22:50:08.0664 3068 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:50:08.0744 3068 tdx - ok
22:50:08.0774 3068 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:50:08.0814 3068 TermDD - ok
22:50:08.0864 3068 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
22:50:09.0004 3068 TermService - ok
22:50:09.0034 3068 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
22:50:09.0087 3068 Themes - ok
22:50:09.0106 3068 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
22:50:09.0166 3068 THREADORDER - ok
22:50:09.0176 3068 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
22:50:09.0246 3068 TrkWks - ok
22:50:09.0296 3068 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:50:09.0426 3068 TrustedInstaller - ok
22:50:09.0466 3068 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:50:09.0526 3068 tssecsrv - ok
22:50:09.0586 3068 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:50:09.0696 3068 TsUsbFlt - ok
22:50:09.0746 3068 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:50:09.0826 3068 tunnel - ok
22:50:09.0846 3068 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:50:09.0886 3068 uagp35 - ok
22:50:09.0926 3068 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:50:10.0036 3068 udfs - ok
22:50:10.0084 3068 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:50:10.0168 3068 UI0Detect - ok
22:50:10.0178 3068 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:50:10.0228 3068 uliagpkx - ok
22:50:10.0258 3068 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:50:10.0328 3068 umbus - ok
22:50:10.0348 3068 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:50:10.0398 3068 UmPass - ok
22:50:10.0418 3068 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
22:50:10.0488 3068 upnphost - ok
22:50:10.0528 3068 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:50:10.0598 3068 USBAAPL64 - ok
22:50:10.0628 3068 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:50:10.0688 3068 usbccgp - ok
22:50:10.0718 3068 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:50:10.0778 3068 usbcir - ok
22:50:10.0788 3068 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:50:10.0828 3068 usbehci - ok
22:50:10.0858 3068 [ 44d9c773febff10593b50ddfc2d6bc27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
22:50:10.0918 3068 usbfilter - ok
22:50:10.0948 3068 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:50:11.0008 3068 usbhub - ok
22:50:11.0018 3068 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:50:11.0058 3068 usbohci - ok
22:50:11.0088 3068 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:50:11.0138 3068 usbprint - ok
22:50:11.0148 3068 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:50:11.0199 3068 usbscan - ok
22:50:11.0209 3068 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:50:11.0249 3068 USBSTOR - ok
22:50:11.0279 3068 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:50:11.0319 3068 usbuhci - ok
22:50:11.0349 3068 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:50:11.0439 3068 usbvideo - ok
22:50:11.0459 3068 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
22:50:11.0529 3068 UxSms - ok
22:50:11.0549 3068 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
22:50:11.0589 3068 VaultSvc - ok
22:50:11.0609 3068 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:50:11.0639 3068 vdrvroot - ok
22:50:11.0689 3068 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
22:50:11.0789 3068 vds - ok
22:50:11.0819 3068 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:50:11.0869 3068 vga - ok
22:50:11.0879 3068 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
22:50:11.0959 3068 VgaSave - ok
22:50:11.0989 3068 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:50:12.0039 3068 vhdmp - ok
22:50:12.0069 3068 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:50:12.0109 3068 viaide - ok
22:50:12.0119 3068 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:50:12.0159 3068 volmgr - ok
22:50:12.0199 3068 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:50:12.0289 3068 volmgrx - ok
22:50:12.0329 3068 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:50:12.0389 3068 volsnap - ok
22:50:12.0419 3068 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:50:12.0459 3068 vsmraid - ok
22:50:12.0509 3068 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
22:50:12.0609 3068 VSS - ok
22:50:12.0629 3068 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:50:12.0679 3068 vwifibus - ok
22:50:12.0709 3068 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:50:12.0789 3068 vwififlt - ok
22:50:12.0829 3068 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
22:50:12.0909 3068 W32Time - ok
22:50:12.0939 3068 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:50:12.0979 3068 WacomPen - ok
22:50:13.0039 3068 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:50:13.0119 3068 WANARP - ok
22:50:13.0129 3068 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:50:13.0189 3068 Wanarpv6 - ok
22:50:13.0279 3068 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:50:13.0349 3068 WatAdminSvc - ok
22:50:13.0419 3068 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
22:50:13.0509 3068 wbengine - ok
22:50:13.0539 3068 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:50:13.0579 3068 WbioSrvc - ok
22:50:13.0629 3068 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:50:13.0739 3068 wcncsvc - ok
22:50:13.0759 3068 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:50:13.0799 3068 WcsPlugInService - ok
22:50:13.0809 3068 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:50:13.0849 3068 Wd - ok
22:50:13.0889 3068 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:50:13.0939 3068 Wdf01000 - ok
22:50:13.0959 3068 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:50:14.0029 3068 WdiServiceHost - ok
22:50:14.0029 3068 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:50:14.0059 3068 WdiSystemHost - ok
22:50:14.0099 3068 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:50:14.0169 3068 WebClient - ok
22:50:14.0189 3068 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:50:14.0259 3068 Wecsvc - ok
22:50:14.0279 3068 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:50:14.0359 3068 wercplsupport - ok
22:50:14.0389 3068 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:50:14.0459 3068 WerSvc - ok
22:50:14.0479 3068 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:50:14.0539 3068 WfpLwf - ok
22:50:14.0569 3068 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:50:14.0609 3068 WIMMount - ok
22:50:14.0639 3068 WinDefend - ok
22:50:14.0659 3068 WinHttpAutoProxySvc - ok
22:50:14.0709 3068 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:50:14.0829 3068 Winmgmt - ok
22:50:14.0909 3068 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
22:50:15.0079 3068 WinRM - ok
22:50:15.0119 3068 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:50:15.0189 3068 WinUsb - ok
22:50:15.0229 3068 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
22:50:15.0309 3068 Wlansvc - ok
22:50:15.0319 3068 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:50:15.0369 3068 WmiAcpi - ok
22:50:15.0409 3068 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:50:15.0449 3068 wmiApSrv - ok
22:50:15.0469 3068 WMPNetworkSvc - ok
22:50:15.0489 3068 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:50:15.0529 3068 WPCSvc - ok
22:50:15.0559 3068 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:50:15.0609 3068 WPDBusEnum - ok
22:50:15.0619 3068 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:50:15.0699 3068 ws2ifsl - ok
22:50:15.0719 3068 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
22:50:15.0769 3068 wscsvc - ok
22:50:15.0769 3068 WSearch - ok
22:50:15.0859 3068 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:50:15.0979 3068 wuauserv - ok
22:50:15.0989 3068 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:50:16.0059 3068 WudfPf - ok
22:50:16.0109 3068 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:50:16.0179 3068 WUDFRd - ok
22:50:16.0209 3068 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:50:16.0279 3068 wudfsvc - ok
22:50:16.0299 3068 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
22:50:16.0349 3068 WwanSvc - ok
22:50:16.0389 3068 [ b3eeacf62445e24fbb2cd4b0fb4db026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:50:16.0449 3068 yukonw7 - ok
22:50:16.0499 3068 ================ Scan global ===============================
22:50:16.0549 3068 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
22:50:16.0599 3068 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
22:50:16.0609 3068 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
22:50:16.0669 3068 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
22:50:16.0719 3068 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
22:50:16.0729 3068 [Global] - ok
22:50:16.0729 3068 ================ Scan MBR ==================================
22:50:16.0749 3068 MBR (0x1B8) (80063a27f44478b1a9b3e74c2f4343c7) \Device\Harddisk0\DR0
22:50:17.0101 3068 \Device\Harddisk0\DR0 - ok
22:50:17.0101 3068 ================ Scan VBR ==================================
22:50:17.0111 3068 Boot (0x1200) (b25c5f47238077865f90685f55d45d66) \Device\Harddisk0\DR0\Partition1
22:50:17.0111 3068 \Device\Harddisk0\DR0\Partition1 - ok
22:50:17.0141 3068 Boot (0x1200) (746a4f7787adf6bde2496981a7e4dcf4) \Device\Harddisk0\DR0\Partition2
22:50:17.0141 3068 \Device\Harddisk0\DR0\Partition2 - ok
22:50:17.0171 3068 Boot (0x1200) (13cab8d7ece1b8bdc6a399f6ade725fa) \Device\Harddisk0\DR0\Partition3
22:50:17.0171 3068 \Device\Harddisk0\DR0\Partition3 - ok
22:50:17.0191 3068 Boot (0x1200) (e2e138b3f09dc35ac85e51f0d73cbeb7) \Device\Harddisk0\DR0\Partition4
22:50:17.0191 3068 \Device\Harddisk0\DR0\Partition4 - ok
22:50:17.0201 3068 ============================================================
22:50:17.0201 3068 Scan finished
22:50:17.0201 3068 ============================================================
22:50:17.0221 6136 Detected object count: 8
22:50:17.0221 6136 Actual detected object count: 8
22:51:03.0660 6136 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:03.0660 6136 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:03.0660 6136 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:03.0660 6136 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:03.0660 6136 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:03.0660 6136 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:03.0670 6136 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:03.0670 6136 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:03.0670 6136 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:03.0670 6136 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:03.0680 6136 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:03.0680 6136 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:03.0680 6136 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:03.0680 6136 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:03.0690 6136 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:03.0690 6136 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
15.08.2012, 19:26
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 00:04
| #21 |
| | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab Combofix Logfile: Code:
ATTFilter ComboFix 12-08-15.01 - Ninchen 16.08.2012 0:33.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4092.2514 [GMT 2:00]
ausgeführt von:: c:\users\Ninchen\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-15 bis 2012-08-15 ))))))))))))))))))))))))))))))
.
.
2012-08-15 22:43 . 2012-08-15 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 15:34 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{218F788D-8E9D-4EAC-B712-FF58FE5173CB}\mpengine.dll
2012-08-13 21:58 . 2012-08-13 21:58 -------- d-----w- C:\_OTL
2012-08-09 01:42 . 2012-08-09 01:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-09 01:38 . 2012-08-09 01:38 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-07 02:59 . 2012-08-07 02:59 -------- d-----w- c:\program files (x86)\ESET
2012-08-07 00:31 . 2012-08-07 00:31 -------- d-----w- c:\users\Ninchen\AppData\Roaming\Malwarebytes
2012-08-07 00:30 . 2012-08-07 00:30 -------- d-----w- c:\programdata\Malwarebytes
2012-08-07 00:30 . 2012-08-07 00:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-07 00:30 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 16:05 . 2012-08-02 16:05 -------- d-----w- c:\program files (x86)\7-Zip
2012-08-02 02:29 . 2012-08-02 02:29 -------- d-----w- c:\users\Ninchen\AppData\Roaming\SUPERAntiSpyware.com
2012-08-02 02:29 . 2012-08-02 02:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-02 02:29 . 2012-08-02 02:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-02 02:08 . 2003-02-02 17:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-08-02 02:08 . 2002-03-05 22:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-08-02 02:08 . 2012-08-02 02:08 -------- d-----w- c:\users\Ninchen\AppData\Roaming\Simply Super Software
2012-08-02 02:08 . 2012-08-02 02:08 -------- d-----w- c:\programdata\Simply Super Software
2012-08-02 02:08 . 2012-08-02 02:18 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-07-28 23:17 . 2012-07-30 19:48 -------- d-----w- c:\programdata\Freemake
2012-07-28 23:17 . 2012-07-30 19:48 -------- d-----w- c:\program files (x86)\Freemake
2012-07-28 22:39 . 2012-07-28 22:39 -------- d-----w- c:\users\Ninchen\AppData\Local\Video Converter
2012-07-28 22:39 . 2012-07-29 17:35 -------- d-----w- c:\program files (x86)\Free Video Converter
2012-07-28 22:38 . 2012-07-28 22:38 -------- d-----w- c:\programdata\VideoConverter
2012-07-28 22:31 . 2012-02-15 12:51 360448 ----a-w- c:\windows\SysWow64\TubeFinder.exe
2012-07-28 22:31 . 2011-09-28 07:18 9728 ----a-w- c:\windows\SysWow64\PCCLPFR.DLL
2012-07-28 22:31 . 2011-09-28 07:18 84512 ----a-w- c:\windows\SysWow64\PICCLP32.OCX
2012-07-28 22:31 . 2011-09-28 07:18 364544 ----a-w- c:\windows\SysWow64\PropertyGrid.ocx
2012-07-28 22:31 . 2011-09-28 07:18 24576 ----a-w- c:\windows\SysWow64\ControlSubX.ocx
2012-07-28 22:31 . 2011-09-28 07:18 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL
2012-07-28 22:31 . 2011-09-28 07:18 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL
2012-07-28 22:31 . 2011-09-28 07:18 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL
2012-07-28 22:31 . 2012-07-28 23:13 -------- d-----w- c:\program files (x86)\Free FLV Converter
2012-07-28 22:31 . 2012-07-28 22:31 -------- d-----w- c:\users\Ninchen\AppData\Roaming\FreeFLVConverter
2012-07-28 22:31 . 2011-09-28 07:18 32768 ----a-w- c:\windows\SysWow64\CMDLGFR.DLL
2012-07-28 22:09 . 2012-07-28 22:09 -------- d-----w- c:\users\Ninchen\AppData\Roaming\avidemux
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 02:12 . 2012-07-14 21:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 02:12 . 2011-06-07 13:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-09 01:38 . 2010-10-01 22:09 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-12 01:06 . 2012-04-08 11:42 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-22 14:32 . 2012-07-12 01:05 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-06-12 03:08 . 2012-07-12 01:13 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 10:47 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 10:47 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 10:47 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 10:47 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 10:47 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 10:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 10:47 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 15:28 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 15:28 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 15:28 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 15:28 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 15:28 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 15:28 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 15:28 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 15:27 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 15:27 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 01:03 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 01:03 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 01:03 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 01:03 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 01:03 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 01:03 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 01:03 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 01:03 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 01:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 01:03 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 01:03 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 01:03 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 01:03 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 01:03 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 01:03 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 01:03 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 01:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 10:47 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 10:47 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 10:47 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 10:47 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 10:47 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 10:47 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 10:47 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 10:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 10:47 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-03-29 19:00 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-15 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-08-02 1240848]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Ninchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 114560]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 250368]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-01-24 13352]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-14 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-21 254528]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-15 86224]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 76288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 02:12]
.
2012-08-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1ddbee62-2b5b-4452-b38a-abcaade39472.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d9daa13f-20d9-4414-8e1f-10430e1847dd.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-01 171520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: Free YouTube to MP3 Converter - c:\users\Ninchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{001356F1-282B-4474-A508-3CDE2CA5263C}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{21DB8336-6CDB-41BC-ABA8-AD59EEBD68BF}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{5ACF2B2B-E010-4008-89CC-AEB006EEB631}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{CF27DC44-C0C5-47FC-BB45-E8915C78496B}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Ninchen\AppData\Roaming\Mozilla\Firefox\Profiles\bx65q5dw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Sony PC Companion - c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-16 00:52:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-15 22:52
.
Vor Suchlauf: 10 Verzeichnis(se), 204.652.298.240 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 203.890.774.016 Bytes frei
.
- - End Of File - - BDDBC04FC68E75F7E4117BA4C9EE8E46
Noch eine Sache: Ich habe gerade eine Email verfasst, als sich plötzlich das Fenster geschlossen hat und der LapTop sich wie von geisterhand heruntergefahren und neu gestartet hat. Das ist neu...  Ca. 15 Minuten vorher hat sich schon einmal das Browserfenster selbstständig geschlossen, aber ohne Neustart. Beim Versuch mich im Email Postfach anzumelden, konnte ich zunächst nicht den gewünschten Button anklicken, da dabei der Cursor woanders hin "gesprungen" ist. (Das nur so am Rande als Info) Wie beurteilst du denn aktuell den Status meines PC's? Gibts da ein Zwischenfazit? Gruß, Ninchen Ich weiß nicht, ob es was bringt, aber ich habe mal einen HighJackThis Scan gemacht. Logfile dazu: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 04:16:05, on 16.08.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 Boot mode: Normal Running processes: C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Users\Ninchen\Downloads\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ninchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{001356F1-282B-4474-A508-3CDE2CA5263C}: NameServer = O17 - HKLM\System\CCS\Services\Tcpip\..\{21DB8336-6CDB-41BC-ABA8-AD59EEBD68BF}: NameServer = O17 - HKLM\System\CCS\Services\Tcpip\..\{5ACF2B2B-E010-4008-89CC-AEB006EEB631}: NameServer = O17 - HKLM\System\CCS\Services\Tcpip\..\{CF27DC44-C0C5-47FC-BB45-E8915C78496B}: NameServer = O17 - HKLM\System\CS1\Services\Tcpip\..\{001356F1-282B-4474-A508-3CDE2CA5263C}: NameServer = O17 - HKLM\System\CS2\Services\Tcpip\..\{001356F1-282B-4474-A508-3CDE2CA5263C}: NameServer = O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13281 bytes |
|
16.08.2012, 10:25
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab Bitte keine Hijackthis-Logfiles posten!!! Zitat:
Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 23:07
| #23 |
| | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab Also GMER Scan wurde ausgeführt, jedoch entstand dabei kein Eintrag bzw. Logfile. Es kam auch eine Meldung, dass nichts gefunden wurde. Hier OSAM.LoG: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:04:45 on 17.08.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "SUPERAntiSpyware Scheduled Task 1ddbee62-2b5b-4452-b38a-abcaade39472.job" - "SUPERAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASTask.exe "SUPERAntiSpyware Scheduled Task d9daa13f-20d9-4414-8e1f-10430e1847dd.job" - "SUPERAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASTask.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "HP 3D DriveGuard" - ? - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\hpaccelerometercp.CPL (File not found) "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS "SbFw" (SbFw) - "Sunbelt Software, Inc." - C:\Windows\System32\drivers\SbFw.sys "sbhips" (sbhips) - "Sunbelt Software, Inc." - C:\Windows\System32\drivers\sbhips.sys "SBRE" (SBRE) - ? - C:\Windows\system32\drivers\SBREdrv.sys (File not found) "SbTis" (SbTis) - "Sunbelt Software, Inc." - C:\Windows\System32\drivers\sbtis.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files (x86)\WinRAR\rarext.dll {B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Ninchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "HPADVISOR" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW "LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe "HPCam_Menu" - "CyberLink Corp." - "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" "iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "TrojanScanner" - "Simply Super Software" - C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot "UpdatePRCShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" "WirelessAssistant" - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe "DCService.exe" (DCService.exe) - ? - C:\ProgramData\DatacardService\DCService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Easybits Shared Services for Windows" (ezSharedSvc) - ? - C:\Windows\System32\ezsvc7.dll (File not found) "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL "HP Quick Synchronization Service" (HPDrvMntSvc.exe) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe "HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe "HP Support Assistant Service" (HP Support Assistant Service) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Sony PC Companion" (Sony PC Companion) - "Avanquest Software" - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-17 03:52:56
-----------------------------
03:52:56.077 OS Version: Windows x64 6.1.7601 Service Pack 1
03:52:56.077 Number of processors: 2 586 0x602
03:52:56.078 ComputerName: NINCHEN-PC UserName: Ninchen
03:52:56.963 Initialize success
03:53:09.239 AVAST engine defs: 12081600
03:53:37.641 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
03:53:37.651 Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OC70E Size: 305245MB BusType: 11
03:53:37.661 Disk 0 MBR read successfully
03:53:37.671 Disk 0 MBR scan
03:53:37.701 Disk 0 unknown MBR code
03:53:37.711 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
03:53:37.731 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291394 MB offset 409600
03:53:37.791 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13547 MB offset 597184512
03:53:37.841 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
03:53:37.971 Disk 0 scanning C:\Windows\system32\drivers
03:53:57.917 Service scanning
03:54:29.674 Modules scanning
03:54:29.684 Disk 0 trace - called modules:
03:54:30.054 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
03:54:30.054 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800433f060]
03:54:30.064 3 CLASSPNP.SYS[fffff8800109a43f] -> nt!IofCallDriver -> [0xfffffa800433e040]
03:54:30.064 5 hpdskflt.sys[fffff880021b7289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042bb060]
03:54:30.934 AVAST engine scan C:\Windows
03:54:34.834 AVAST engine scan C:\Windows\system32
04:00:09.762 AVAST engine scan C:\Windows\system32\drivers
04:00:31.378 AVAST engine scan C:\Users\Ninchen
04:17:18.228 AVAST engine scan C:\ProgramData
04:19:13.370 Scan finished successfully
04:25:36.843 Disk 0 MBR has been saved successfully to "C:\Users\Ninchen\Desktop\MBR.dat"
04:25:36.853 The log file has been saved successfully to "C:\Users\Ninchen\Desktop\aswMBR_log.txt"
 Ach und sry für den Hijackpost |
|
17.08.2012, 19:50
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2012, 05:19
| #25 |
| | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtabCode:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/18/2012 at 06:17 AM
Application Version : 5.5.1012
Core Rules Database Version : 9082
Trace Rules Database Version: 6894
Scan type : Complete Scan
Total Scan Time : 02:39:21
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 737
Memory threats detected : 0
Registry items scanned : 67558
Registry threats detected : 0
File items scanned : 236781
File threats detected : 233
Adware.Tracking Cookie
C:\Users\Ninchen\AppData\Roaming\Microsoft\Windows\Cookies\3CNZLM7W.txt [ /ads.pointroll.com ]
C:\Users\Ninchen\AppData\Roaming\Microsoft\Windows\Cookies\5JPJZZEL.txt [ /c.atdmt.com ]
C:\Users\Ninchen\AppData\Roaming\Microsoft\Windows\Cookies\AXN7UDFS.txt [ /pointroll.com ]
C:\Users\Ninchen\AppData\Roaming\Microsoft\Windows\Cookies\010K4ERY.txt [ /imrworldwide.com ]
C:\Users\Ninchen\AppData\Roaming\Microsoft\Windows\Cookies\ICT6VZF6.txt [ /atdmt.com ]
C:\USERS\NINCHEN\Cookies\3CNZLM7W.txt [ Cookie:ninchen@ads.pointroll.com/ ]
C:\USERS\NINCHEN\Cookies\5JPJZZEL.txt [ Cookie:ninchen@c.atdmt.com/ ]
C:\USERS\NINCHEN\Cookies\AXN7UDFS.txt [ Cookie:ninchen@pointroll.com/ ]
C:\USERS\NINCHEN\Cookies\ICT6VZF6.txt [ Cookie:ninchen@atdmt.com/ ]
cdn.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NFAVXZQA ]
ds.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NFAVXZQA ]
ec.atdmt.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NFAVXZQA ]
.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
7.rotator.trafficbee.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
7.rotator.trafficbee.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
7.rotator.trafficbee.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
rotator.hadj7.adjuggler.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.networldmedia.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.hotwire.db.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
a.intentmedia.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
a.intentmedia.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Yoddos
C:\PROGRAM FILES (X86)\WINRAR\DEFAULT.SFX
|
|
18.08.2012, 13:18
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtabCode:
ATTFilter UAC On - Limited User
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2012, 18:08
| #27 |
| |  Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab Ich kanns nicht mehr sagen. Eigentlich starte ich die Programme mit Rechtsklick als Admin. Ich wiederhole es jetzt nochmal mit AntiSpyware. Ist der Trojaner also evtl. nur ein Fehlalarm wegen evtl. Ausführung als "Limited User"?! Hier die Log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.17.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ninchen :: NINCHEN-PC [Administrator] Schutz: Aktiviert 18.08.2012 17:05:49 mbam-log-2012-08-18 (17-05-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 436289 Laufzeit: 1 Stunde(n), 42 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende)  Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/18/2012 at 10:05 PM
Application Version : 5.5.1012
Core Rules Database Version : 9083
Trace Rules Database Version: 6895
Scan type : Complete Scan
Total Scan Time : 02:36:00
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 732
Memory threats detected : 0
Registry items scanned : 67558
Registry threats detected : 0
File items scanned : 236930
File threats detected : 235
Adware.Tracking Cookie
C:\Users\Ninchen\AppData\Roaming\Microsoft\Windows\Cookies\3CNZLM7W.txt [ /ads.pointroll.com ]
C:\Users\Ninchen\AppData\Roaming\Microsoft\Windows\Cookies\5JPJZZEL.txt [ /c.atdmt.com ]
C:\Users\Ninchen\AppData\Roaming\Microsoft\Windows\Cookies\AXN7UDFS.txt [ /pointroll.com ]
C:\Users\Ninchen\AppData\Roaming\Microsoft\Windows\Cookies\010K4ERY.txt [ /imrworldwide.com ]
C:\Users\Ninchen\AppData\Roaming\Microsoft\Windows\Cookies\ICT6VZF6.txt [ /atdmt.com ]
C:\USERS\NINCHEN\Cookies\3CNZLM7W.txt [ Cookie:ninchen@ads.pointroll.com/ ]
C:\USERS\NINCHEN\Cookies\5JPJZZEL.txt [ Cookie:ninchen@c.atdmt.com/ ]
C:\USERS\NINCHEN\Cookies\AXN7UDFS.txt [ Cookie:ninchen@pointroll.com/ ]
C:\USERS\NINCHEN\Cookies\ICT6VZF6.txt [ Cookie:ninchen@atdmt.com/ ]
cdn.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NFAVXZQA ]
ds.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NFAVXZQA ]
ec.atdmt.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NFAVXZQA ]
.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
7.rotator.trafficbee.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
7.rotator.trafficbee.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
7.rotator.trafficbee.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
rotator.hadj7.adjuggler.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.networldmedia.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.hotwire.db.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
a.intentmedia.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
a.intentmedia.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NINCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX65Q5DW.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Yoddos
C:\PROGRAM FILES (X86)\WINRAR\DEFAULT.SFX
 |
|
20.08.2012, 16:24
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab Sieht ok aus, da wurden nur Cookies gefunden. Das mit WinRAR ist ein Fehlalarm Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.08.2012, 03:59
| #29 |
| | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab Also es scheint soweit in Ordnung zu sein!   Viiiiiiiiiiiiiiiiiiiielen vielen VIELEEEEEEN Dank für die schnelle und gründliche Hilfe!!!!!!!!  Ich weiß das sehr zu schätzen, dass du dir die Zeit dafür genommen hast!! Finde ich genial!!!!!!!!!! Danke nochmal!!! :-) |
|
30.08.2012, 12:55
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab |
| ad-aware, antivir, antivirus, autorun, avira, bandoo, bho, bonjour, converter, desktop, firefox, flash player, format, google, home, langs, logfile, mozilla, mp3, newtab, plug-in, problem, realtek, registry, searchqu toolbar, senden, software, trojaner, virus, windows |
Linear-Darstellung
