| |
| |||||||
Log-Analyse und Auswertung: GVU TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.09.2012, 12:07
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  GVU Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
FF - user.js - File not found
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.1.4
[2012/07/20 07:54:16 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\*****\APPDATA\ROAMING\13001.027
[2012/06/30 21:59:57 | 000,578,962 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\3gccsvky.default\extensions\toolbar@web.de.xpi
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-1072828290-3828818215-1948454868-1000..\Run: [SkypePM] C:\Users\*****\AppData\Local\Skype\SkypePM.exe File not found
O4 - HKU\S-1-5-21-1072828290-3828818215-1948454868-1000..\Run: [UpgradeChecker] C:\Users\*****\AppData\Roaming\Google Inc.\{D8756C5C-6652-42AB-B739-287A61B733EA}\UpgradeChecker.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C9633DEB
:Files
C:\Program Files\BabylonToolbar\BabylonToolbar
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\*****\AppData\Roaming\*.dll
C:\USERS\*****\APPDATA\ROAMING\13001.*
C:\ProgramData\*.pad
C:\Users\*****\AppData\Roaming\.#
C:\Users\*****\AppData\Roaming\kock
C:\Users\*****\AppData\Roaming\xmldm
C:\Users\*****\AppData\Roaming\uas
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.09.2012, 06:22
| #17 |
 | GVU Trojaner Hallo cosinus
__________________es hat soweit alles geklappt, der Rechner ist neu gestartet, hier ist das Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: toolbar@web.de:2.1.4 removed from extensions.enabledAddons
C:\USERS\*****\APPDATA\ROAMING\13001.027\components folder moved successfully.
C:\USERS\*****\APPDATA\ROAMING\13001.027 folder moved successfully.
C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\3gccsvky.default\extensions\toolbar@web.de.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1072828290-3828818215-1948454868-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1072828290-3828818215-1948454868-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UpgradeChecker deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
ADS C:\ProgramData\Temp:C9633DEB deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\BabylonToolbar\BabylonToolbar not found.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\*****\AppData\Roaming\BAcroIEHelpe.dll moved successfully.
File\Folder C:\USERS\*****\APPDATA\ROAMING\13001.* not found.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
C:\Users\*****\AppData\Roaming\.# folder moved successfully.
C:\Users\*****\AppData\Roaming\kock folder moved successfully.
C:\Users\*****\AppData\Roaming\xmldm folder moved successfully.
C:\Users\*****\AppData\Roaming\UAs folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\*****\Desktop\cmd.bat deleted successfully.
C:\Users\*****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: *****
->Temp folder emptied: 2385729196 bytes
->Temporary Internet Files folder emptied: 529090368 bytes
->FireFox cache emptied: 351428076 bytes
->Flash cache emptied: 5333 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Samsung
->Temp folder emptied: 40253 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 596457330 bytes
RecycleBin emptied: 600064 bytes
Total Files Cleaned = 3,684.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.5 log created on 09182012_070813
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Geändert von bauerben (18.09.2012 um 06:53 Uhr) |
|
19.09.2012, 11:14
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
19.09.2012, 18:59
| #19 |
| | GVU Trojaner Hier die TDSS-Killer Log-Datei Code:
ATTFilter 9:48:32.0460 2264 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:48:32.0657 2264 ============================================================
19:48:32.0657 2264 Current date / time: 2012/09/19 19:48:32.0657
19:48:32.0657 2264 SystemInfo:
19:48:32.0657 2264
19:48:32.0658 2264 OS Version: 6.1.7601 ServicePack: 1.0
19:48:32.0658 2264 Product type: Workstation
19:48:32.0658 2264 ComputerName: *****-PC
19:48:32.0658 2264 UserName: *****
19:48:32.0658 2264 Windows directory: C:\Windows
19:48:32.0658 2264 System windows directory: C:\Windows
19:48:32.0658 2264 Processor architecture: Intel x86
19:48:32.0658 2264 Number of processors: 2
19:48:32.0658 2264 Page size: 0x1000
19:48:32.0658 2264 Boot type: Normal boot
19:48:32.0658 2264 ============================================================
19:48:33.0250 2264 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:48:33.0252 2264 ============================================================
19:48:33.0252 2264 \Device\Harddisk0\DR0:
19:48:33.0252 2264 MBR partitions:
19:48:33.0252 2264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xA422000
19:48:33.0252 2264 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC254800, BlocksNum 0x191D9000
19:48:33.0252 2264 ============================================================
19:48:33.0276 2264 C: <-> \Device\Harddisk0\DR0\Partition1
19:48:33.0319 2264 D: <-> \Device\Harddisk0\DR0\Partition2
19:48:33.0319 2264 ============================================================
19:48:33.0319 2264 Initialize success
19:48:33.0319 2264 ============================================================
19:49:03.0435 3992 ============================================================
19:49:03.0435 3992 Scan started
19:49:03.0435 3992 Mode: Manual; SigCheck; TDLFS;
19:49:03.0435 3992 ============================================================
19:49:03.0806 3992 ================ Scan system memory ========================
19:49:03.0806 3992 System memory - ok
19:49:03.0807 3992 ================ Scan services =============================
19:49:04.0077 3992 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:49:04.0212 3992 1394ohci - ok
19:49:04.0266 3992 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:49:04.0283 3992 ACPI - ok
19:49:04.0332 3992 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:49:04.0413 3992 AcpiPmi - ok
19:49:04.0542 3992 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:49:04.0569 3992 AdobeFlashPlayerUpdateSvc - ok
19:49:04.0630 3992 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:49:04.0664 3992 adp94xx - ok
19:49:04.0690 3992 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:49:04.0708 3992 adpahci - ok
19:49:04.0733 3992 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:49:04.0748 3992 adpu320 - ok
19:49:04.0779 3992 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:49:04.0860 3992 AeLookupSvc - ok
19:49:04.0921 3992 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:49:04.0985 3992 AFD - ok
19:49:05.0045 3992 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:49:05.0064 3992 agp440 - ok
19:49:05.0111 3992 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:49:05.0129 3992 aic78xx - ok
19:49:05.0176 3992 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:49:05.0220 3992 ALG - ok
19:49:05.0239 3992 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:49:05.0251 3992 aliide - ok
19:49:05.0285 3992 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:49:05.0299 3992 amdagp - ok
19:49:05.0344 3992 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:49:05.0357 3992 amdide - ok
19:49:05.0400 3992 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:49:05.0441 3992 AmdK8 - ok
19:49:05.0471 3992 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:49:05.0501 3992 AmdPPM - ok
19:49:05.0554 3992 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:49:05.0568 3992 amdsata - ok
19:49:05.0613 3992 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:49:05.0630 3992 amdsbs - ok
19:49:05.0656 3992 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:49:05.0668 3992 amdxata - ok
19:49:05.0713 3992 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:49:05.0841 3992 AppID - ok
19:49:05.0873 3992 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:49:05.0910 3992 AppIDSvc - ok
19:49:05.0949 3992 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:49:06.0028 3992 Appinfo - ok
19:49:06.0154 3992 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:49:06.0174 3992 Apple Mobile Device - ok
19:49:06.0215 3992 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:49:06.0239 3992 arc - ok
19:49:06.0259 3992 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:49:06.0274 3992 arcsas - ok
19:49:06.0567 3992 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:49:06.0588 3992 aspnet_state - ok
19:49:06.0619 3992 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:49:06.0743 3992 AsyncMac - ok
19:49:06.0791 3992 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:49:06.0812 3992 atapi - ok
19:49:06.0914 3992 [ 235056492F54268883CE3DEA3ACB9997 ] athr C:\Windows\system32\DRIVERS\athr.sys
19:49:07.0064 3992 athr - ok
19:49:07.0113 3992 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:49:07.0152 3992 AudioEndpointBuilder - ok
19:49:07.0180 3992 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:49:07.0210 3992 Audiosrv - ok
19:49:07.0287 3992 [ 728C4A6C722535C16D1025F51AA31E22 ] avmaudio C:\Windows\system32\DRIVERS\avmaudio.sys
19:49:07.0497 3992 avmaudio - ok
19:49:07.0522 3992 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:49:07.0574 3992 AxInstSV - ok
19:49:07.0629 3992 [ 0A5E8178EFF1D8F109A95235AEB7D76F ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys
19:49:07.0660 3992 azvusb - ok
19:49:07.0706 3992 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:49:07.0768 3992 b06bdrv - ok
19:49:07.0808 3992 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:49:07.0838 3992 b57nd60x - ok
19:49:07.0917 3992 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:49:07.0960 3992 BDESVC - ok
19:49:07.0982 3992 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:49:08.0022 3992 Beep - ok
19:49:08.0094 3992 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:49:08.0143 3992 BFE - ok
19:49:08.0218 3992 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:49:08.0297 3992 BITS - ok
19:49:08.0312 3992 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:49:08.0339 3992 blbdrive - ok
19:49:08.0411 3992 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:49:08.0429 3992 Bonjour Service - ok
19:49:08.0471 3992 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:49:08.0500 3992 bowser - ok
19:49:08.0563 3992 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:49:08.0641 3992 BrFiltLo - ok
19:49:08.0660 3992 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:49:08.0705 3992 BrFiltUp - ok
19:49:08.0740 3992 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:49:08.0786 3992 Browser - ok
19:49:08.0809 3992 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:49:08.0857 3992 Brserid - ok
19:49:08.0877 3992 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:49:08.0894 3992 BrSerWdm - ok
19:49:08.0900 3992 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:49:08.0933 3992 BrUsbMdm - ok
19:49:08.0938 3992 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:49:08.0975 3992 BrUsbSer - ok
19:49:09.0022 3992 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:49:09.0072 3992 BthEnum - ok
19:49:09.0092 3992 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:49:09.0151 3992 BTHMODEM - ok
19:49:09.0190 3992 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:49:09.0244 3992 BthPan - ok
19:49:09.0300 3992 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:49:09.0366 3992 BTHPORT - ok
19:49:09.0400 3992 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:49:09.0456 3992 bthserv - ok
19:49:09.0488 3992 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:49:09.0518 3992 BTHUSB - ok
19:49:09.0543 3992 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:49:09.0571 3992 cdfs - ok
19:49:09.0617 3992 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:49:09.0648 3992 cdrom - ok
19:49:09.0693 3992 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:49:09.0727 3992 CertPropSvc - ok
19:49:09.0755 3992 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:49:09.0787 3992 circlass - ok
19:49:09.0825 3992 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:49:09.0852 3992 CLFS - ok
19:49:09.0901 3992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:49:09.0913 3992 clr_optimization_v2.0.50727_32 - ok
19:49:09.0967 3992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:49:09.0994 3992 clr_optimization_v4.0.30319_32 - ok
19:49:10.0011 3992 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:49:10.0035 3992 CmBatt - ok
19:49:10.0091 3992 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:49:10.0113 3992 cmdide - ok
19:49:10.0146 3992 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:49:10.0171 3992 CNG - ok
19:49:10.0210 3992 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:49:10.0223 3992 Compbatt - ok
19:49:10.0262 3992 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:49:10.0295 3992 CompositeBus - ok
19:49:10.0310 3992 COMSysApp - ok
19:49:10.0327 3992 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:49:10.0339 3992 crcdisk - ok
19:49:10.0398 3992 [ C914D18AB66B132E9C73F19F8F805F1F ] CryptOSD C:\Windows\system32\DRIVERS\CryptOSD.sys
19:49:10.0448 3992 CryptOSD - ok
19:49:10.0493 3992 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:49:10.0520 3992 CryptSvc - ok
19:49:10.0586 3992 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:49:10.0645 3992 DcomLaunch - ok
19:49:10.0672 3992 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:49:10.0717 3992 defragsvc - ok
19:49:10.0749 3992 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:49:10.0792 3992 DfsC - ok
19:49:10.0835 3992 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:49:10.0874 3992 Dhcp - ok
19:49:10.0895 3992 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:49:10.0938 3992 discache - ok
19:49:10.0968 3992 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:49:10.0980 3992 Disk - ok
19:49:11.0006 3992 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:49:11.0043 3992 Dnscache - ok
19:49:11.0083 3992 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:49:11.0146 3992 dot3svc - ok
19:49:11.0200 3992 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:49:11.0263 3992 DPS - ok
19:49:11.0296 3992 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:49:11.0322 3992 drmkaud - ok
19:49:11.0371 3992 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:49:11.0393 3992 DXGKrnl - ok
19:49:11.0418 3992 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:49:11.0457 3992 EapHost - ok
19:49:11.0552 3992 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:49:11.0706 3992 ebdrv - ok
19:49:11.0740 3992 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:49:11.0754 3992 EFS - ok
19:49:11.0821 3992 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:49:11.0893 3992 ehRecvr - ok
19:49:11.0918 3992 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:49:11.0974 3992 ehSched - ok
19:49:12.0032 3992 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:49:12.0054 3992 elxstor - ok
19:49:12.0080 3992 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:49:12.0108 3992 ErrDev - ok
19:49:12.0142 3992 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:49:12.0197 3992 EventSystem - ok
19:49:12.0217 3992 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:49:12.0258 3992 exfat - ok
19:49:12.0287 3992 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:49:12.0327 3992 fastfat - ok
19:49:12.0368 3992 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:49:12.0424 3992 Fax - ok
19:49:12.0437 3992 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:49:12.0467 3992 fdc - ok
19:49:12.0488 3992 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:49:12.0517 3992 fdPHost - ok
19:49:12.0531 3992 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:49:12.0570 3992 FDResPub - ok
19:49:12.0602 3992 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:49:12.0614 3992 FileInfo - ok
19:49:12.0662 3992 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:49:12.0713 3992 Filetrace - ok
19:49:12.0758 3992 [ 5575EE5823DE1558F8486EB4E33FFA99 ] FlashUSB C:\Windows\system32\DRIVERS\FlashUSB.sys
19:49:12.0801 3992 FlashUSB - ok
19:49:12.0821 3992 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:49:12.0845 3992 flpydisk - ok
19:49:12.0873 3992 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:49:12.0889 3992 FltMgr - ok
19:49:12.0931 3992 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:49:13.0000 3992 FontCache - ok
19:49:13.0055 3992 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:49:13.0069 3992 FontCache3.0.0.0 - ok
19:49:13.0096 3992 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:49:13.0114 3992 FsDepends - ok
19:49:13.0153 3992 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:49:13.0166 3992 fssfltr - ok
19:49:13.0220 3992 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:49:13.0263 3992 fsssvc - ok
19:49:13.0307 3992 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:49:13.0328 3992 Fs_Rec - ok
19:49:13.0378 3992 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:49:13.0410 3992 fvevol - ok
19:49:13.0470 3992 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:49:13.0493 3992 gagp30kx - ok
19:49:13.0544 3992 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:49:13.0560 3992 GEARAspiWDM - ok
19:49:13.0606 3992 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:49:13.0689 3992 gpsvc - ok
19:49:13.0750 3992 [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
19:49:13.0762 3992 grmnusb - ok
19:49:13.0920 3992 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:49:13.0938 3992 gupdate - ok
19:49:13.0998 3992 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:49:14.0015 3992 gupdatem - ok
19:49:14.0097 3992 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:49:14.0174 3992 hcw85cir - ok
19:49:14.0224 3992 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:49:14.0275 3992 HdAudAddService - ok
19:49:14.0312 3992 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:49:14.0351 3992 HDAudBus - ok
19:49:14.0359 3992 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:49:14.0386 3992 HidBatt - ok
19:49:14.0398 3992 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:49:14.0426 3992 HidBth - ok
19:49:14.0437 3992 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:49:14.0462 3992 HidIr - ok
19:49:14.0481 3992 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:49:14.0523 3992 hidserv - ok
19:49:14.0572 3992 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:49:14.0603 3992 HidUsb - ok
19:49:14.0658 3992 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:49:14.0698 3992 hkmsvc - ok
19:49:14.0742 3992 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:49:14.0815 3992 HomeGroupListener - ok
19:49:14.0850 3992 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:49:14.0932 3992 HomeGroupProvider - ok
19:49:14.0986 3992 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:49:15.0010 3992 HpSAMD - ok
19:49:15.0069 3992 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:49:15.0130 3992 HTTP - ok
19:49:15.0162 3992 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:49:15.0177 3992 hwpolicy - ok
19:49:15.0240 3992 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:49:15.0256 3992 i8042prt - ok
19:49:15.0295 3992 [ 0BAA4115DFFFD6A6D809A89D65E1281A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:49:15.0309 3992 iaStor - ok
19:49:15.0354 3992 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:49:15.0374 3992 iaStorV - ok
19:49:15.0444 3992 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:49:15.0506 3992 idsvc - ok
19:49:15.0676 3992 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:49:15.0850 3992 igfx - ok
19:49:15.0882 3992 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:49:15.0895 3992 iirsp - ok
19:49:15.0945 3992 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:49:16.0019 3992 IKEEXT - ok
19:49:16.0123 3992 [ 3202E26501E5E18C35DC2CC74709A704 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:49:16.0188 3992 IntcAzAudAddService - ok
19:49:16.0209 3992 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:49:16.0223 3992 intelide - ok
19:49:16.0278 3992 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:49:16.0291 3992 intelppm - ok
19:49:16.0332 3992 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:49:16.0371 3992 IPBusEnum - ok
19:49:16.0392 3992 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:49:16.0428 3992 IpFilterDriver - ok
19:49:16.0471 3992 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:49:16.0506 3992 iphlpsvc - ok
19:49:16.0537 3992 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:49:16.0552 3992 IPMIDRV - ok
19:49:16.0568 3992 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:49:16.0604 3992 IPNAT - ok
19:49:16.0671 3992 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:49:16.0699 3992 iPod Service - ok
19:49:16.0728 3992 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:49:16.0754 3992 IRENUM - ok
19:49:16.0788 3992 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:49:16.0800 3992 isapnp - ok
19:49:16.0860 3992 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:49:16.0883 3992 iScsiPrt - ok
19:49:16.0920 3992 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:49:16.0937 3992 kbdclass - ok
19:49:16.0977 3992 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:49:17.0030 3992 kbdhid - ok
19:49:17.0043 3992 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:49:17.0059 3992 KeyIso - ok
19:49:17.0084 3992 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:49:17.0097 3992 KSecDD - ok
19:49:17.0127 3992 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:49:17.0141 3992 KSecPkg - ok
19:49:17.0182 3992 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:49:17.0226 3992 KtmRm - ok
19:49:17.0268 3992 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:49:17.0314 3992 LanmanServer - ok
19:49:17.0345 3992 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:49:17.0382 3992 LanmanWorkstation - ok
19:49:17.0422 3992 [ 4DD47B5AF0B24871EBB9EFC012A7474E ] LgBttPort C:\Windows\system32\DRIVERS\lgbtport.sys
19:49:17.0454 3992 LgBttPort - ok
19:49:17.0496 3992 [ 1D038CA6C529203087A990E5E97887B4 ] lgbusenum C:\Windows\system32\DRIVERS\lgbtbus.sys
19:49:17.0509 3992 lgbusenum - ok
19:49:17.0536 3992 [ 26F1976A330195D62A6224C76968CF0D ] LGVMODEM C:\Windows\system32\DRIVERS\lgvmodem.sys
19:49:17.0554 3992 LGVMODEM - ok
19:49:17.0591 3992 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:49:17.0635 3992 lltdio - ok
19:49:17.0665 3992 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:49:17.0724 3992 lltdsvc - ok
19:49:17.0741 3992 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:49:17.0780 3992 lmhosts - ok
19:49:17.0804 3992 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:49:17.0818 3992 LSI_FC - ok
19:49:17.0829 3992 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:49:17.0844 3992 LSI_SAS - ok
19:49:17.0857 3992 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:49:17.0871 3992 LSI_SAS2 - ok
19:49:17.0887 3992 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:49:17.0901 3992 LSI_SCSI - ok
19:49:17.0932 3992 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:49:17.0979 3992 luafv - ok
19:49:18.0034 3992 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:49:18.0045 3992 MBAMProtector - ok
19:49:18.0132 3992 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:49:18.0160 3992 MBAMScheduler - ok
19:49:18.0226 3992 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:49:18.0291 3992 MBAMService - ok
19:49:18.0347 3992 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:49:18.0364 3992 Mcx2Svc - ok
19:49:18.0422 3992 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:49:18.0444 3992 megasas - ok
19:49:18.0482 3992 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:49:18.0511 3992 MegaSR - ok
19:49:18.0580 3992 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:49:18.0606 3992 Microsoft Office Groove Audit Service - ok
19:49:18.0649 3992 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:49:18.0711 3992 MMCSS - ok
19:49:18.0786 3992 [ D8E559F4CDDBF7BB5A10C373843D8D25 ] Mobiola Wave Service C:\Program Files\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe
19:49:18.0801 3992 Mobiola Wave Service - ok
19:49:18.0832 3992 [ 9CC6C97D0C37C646AC7973C38B13DAB9 ] mobiolavs C:\Windows\system32\DRIVERS\mobiolavs.sys
19:49:18.0845 3992 mobiolavs - ok
19:49:18.0871 3992 [ CDD79F08AA876B5F296950AA37972596 ] MOBIOLA_Wave C:\Windows\system32\drivers\mobiolawave.sys
19:49:18.0882 3992 MOBIOLA_Wave - ok
19:49:18.0924 3992 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:49:18.0969 3992 Modem - ok
19:49:18.0995 3992 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:49:19.0026 3992 monitor - ok
19:49:19.0049 3992 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:49:19.0061 3992 mouclass - ok
19:49:19.0094 3992 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:49:19.0126 3992 mouhid - ok
19:49:19.0159 3992 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:49:19.0172 3992 mountmgr - ok
19:49:19.0243 3992 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:49:19.0266 3992 MozillaMaintenance - ok
19:49:19.0283 3992 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:49:19.0298 3992 mpio - ok
19:49:19.0311 3992 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:49:19.0354 3992 mpsdrv - ok
19:49:19.0431 3992 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:49:19.0534 3992 MpsSvc - ok
19:49:19.0573 3992 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:49:19.0631 3992 MRxDAV - ok
19:49:19.0670 3992 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:49:19.0715 3992 mrxsmb - ok
19:49:19.0756 3992 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:49:19.0803 3992 mrxsmb10 - ok
19:49:19.0826 3992 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:49:19.0888 3992 mrxsmb20 - ok
19:49:19.0917 3992 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:49:19.0929 3992 msahci - ok
19:49:19.0959 3992 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:49:19.0974 3992 msdsm - ok
19:49:19.0994 3992 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:49:20.0027 3992 MSDTC - ok
19:49:20.0060 3992 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:49:20.0097 3992 Msfs - ok
19:49:20.0108 3992 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:49:20.0149 3992 mshidkmdf - ok
19:49:20.0178 3992 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:49:20.0190 3992 msisadrv - ok
19:49:20.0231 3992 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:49:20.0265 3992 MSiSCSI - ok
19:49:20.0270 3992 msiserver - ok
19:49:20.0291 3992 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:49:20.0329 3992 MSKSSRV - ok
19:49:20.0345 3992 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:49:20.0390 3992 MSPCLOCK - ok
19:49:20.0409 3992 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:49:20.0449 3992 MSPQM - ok
19:49:20.0463 3992 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:49:20.0478 3992 MsRPC - ok
19:49:20.0507 3992 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:49:20.0519 3992 mssmbios - ok
19:49:20.0535 3992 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:49:20.0562 3992 MSTEE - ok
19:49:20.0579 3992 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:49:20.0610 3992 MTConfig - ok
19:49:20.0622 3992 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:49:20.0635 3992 Mup - ok
19:49:20.0718 3992 [ 07B2740CF3294B98380B9E1BF8AB05B8 ] NanoServiceMain C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
19:49:20.0737 3992 NanoServiceMain - ok
19:49:20.0790 3992 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:49:20.0835 3992 napagent - ok
19:49:20.0865 3992 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:49:20.0886 3992 NativeWifiP - ok
19:49:20.0930 3992 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:49:20.0963 3992 NDIS - ok
19:49:20.0985 3992 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:49:21.0023 3992 NdisCap - ok
19:49:21.0044 3992 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:49:21.0082 3992 NdisTapi - ok
19:49:21.0114 3992 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:49:21.0146 3992 Ndisuio - ok
19:49:21.0190 3992 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:49:21.0247 3992 NdisWan - ok
19:49:21.0289 3992 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:49:21.0320 3992 NDProxy - ok
19:49:21.0351 3992 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:49:21.0387 3992 NetBIOS - ok
19:49:21.0425 3992 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:49:21.0477 3992 NetBT - ok
19:49:21.0491 3992 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:49:21.0505 3992 Netlogon - ok
19:49:21.0536 3992 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:49:21.0583 3992 Netman - ok
19:49:21.0625 3992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:49:21.0639 3992 NetMsmqActivator - ok
19:49:21.0659 3992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:49:21.0670 3992 NetPipeActivator - ok
19:49:21.0679 3992 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:49:21.0748 3992 netprofm - ok
19:49:21.0754 3992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:49:21.0765 3992 NetTcpActivator - ok
19:49:21.0772 3992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:49:21.0785 3992 NetTcpPortSharing - ok
19:49:21.0819 3992 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:49:21.0832 3992 nfrd960 - ok
19:49:21.0861 3992 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:49:21.0898 3992 NlaSvc - ok
19:49:21.0935 3992 [ CFEE15A88280D369672DA0E378BBC702 ] NNSALPC C:\Windows\system32\DRIVERS\NNSAlpc.sys
19:49:21.0944 3992 NNSALPC - ok
19:49:21.0991 3992 [ 2708799ADC223C4412341F0C68D032E3 ] NNSHTTP C:\Windows\system32\DRIVERS\NNSHttp.sys
19:49:22.0002 3992 NNSHTTP - ok
19:49:22.0019 3992 [ 533F19056B98D9CCE466B64186905BC1 ] NNSIDS C:\Windows\system32\DRIVERS\NNSIds.sys
19:49:22.0030 3992 NNSIDS - ok
19:49:22.0064 3992 [ BF5295EC6F9E4737F891F58FEA879B31 ] NNSNAHSL C:\Windows\system32\DRIVERS\NNSNAHSL.sys
19:49:22.0073 3992 NNSNAHSL - ok
19:49:22.0103 3992 [ 1F054C5CA627FCD3983538D74574016B ] NNSPICC C:\Windows\system32\DRIVERS\NNSPicc.sys
19:49:22.0112 3992 NNSPICC - ok
19:49:22.0157 3992 [ A15B00ECD15DACFB9DD33F0CE26EE60D ] NNSPIHSW C:\Windows\system32\DRIVERS\NNSPihsw.sys
19:49:22.0167 3992 NNSPIHSW - ok
19:49:22.0183 3992 [ 5F8C023775B8F4A0A8FFC93DD0A27285 ] NNSPOP3 C:\Windows\system32\DRIVERS\NNSPop3.sys
19:49:22.0194 3992 NNSPOP3 - ok
19:49:22.0228 3992 [ CA541CE4A1FC034EEC8CFD6C155B9D30 ] NNSPROT C:\Windows\system32\DRIVERS\NNSProt.sys
19:49:22.0267 3992 NNSPROT - ok
19:49:22.0305 3992 [ 938E8CCC7AC5922F2E3DBDF3E7A3035C ] NNSPRV C:\Windows\system32\DRIVERS\NNSPrv.sys
19:49:22.0315 3992 NNSPRV - ok
19:49:22.0361 3992 [ 2458E950F0A0DD9AD08385209B5E1702 ] NNSSMTP C:\Windows\system32\DRIVERS\NNSSmtp.sys
19:49:22.0378 3992 NNSSMTP - ok
19:49:22.0407 3992 [ 75D990651236A570C4C80ED56BFB4009 ] NNSSTRM C:\Windows\system32\DRIVERS\NNSStrm.sys
19:49:22.0418 3992 NNSSTRM - ok
19:49:22.0447 3992 [ 9D526B79E7D438056ED7D382AB94019A ] NNSTLSC C:\Windows\system32\DRIVERS\NNSTlsc.sys
19:49:22.0457 3992 NNSTLSC - ok
19:49:22.0473 3992 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:49:22.0517 3992 Npfs - ok
19:49:22.0544 3992 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:49:22.0583 3992 nsi - ok
19:49:22.0604 3992 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:49:22.0636 3992 nsiproxy - ok
19:49:22.0708 3992 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:49:22.0783 3992 Ntfs - ok
19:49:22.0807 3992 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:49:22.0835 3992 Null - ok
19:49:22.0879 3992 [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
19:49:22.0889 3992 NVHDA - ok
19:49:23.0162 3992 [ 104C0FE08DD64965CF788D91CCBB2CC6 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:49:23.0318 3992 nvlddmkm - ok
19:49:23.0393 3992 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:49:23.0417 3992 nvraid - ok
19:49:23.0438 3992 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:49:23.0455 3992 nvstor - ok
19:49:23.0510 3992 [ 63A9CACE87C31A46BDF4AD448D9A033A ] nvsvc C:\windows\system32\nvvsvc.exe
19:49:23.0524 3992 nvsvc - ok
19:49:23.0550 3992 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:49:23.0565 3992 nv_agp - ok
19:49:23.0648 3992 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:49:23.0679 3992 odserv - ok
19:49:23.0709 3992 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:49:23.0737 3992 ohci1394 - ok
19:49:23.0774 3992 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:49:23.0788 3992 ose - ok
19:49:23.0834 3992 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:49:23.0888 3992 p2pimsvc - ok
19:49:23.0950 3992 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:49:23.0982 3992 p2psvc - ok
19:49:24.0012 3992 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:49:24.0036 3992 Parport - ok
19:49:24.0060 3992 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:49:24.0072 3992 partmgr - ok
19:49:24.0095 3992 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:49:24.0120 3992 Parvdm - ok
19:49:24.0146 3992 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:49:24.0165 3992 PcaSvc - ok
19:49:24.0187 3992 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:49:24.0202 3992 pci - ok
19:49:24.0254 3992 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:49:24.0275 3992 pciide - ok
19:49:24.0302 3992 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:49:24.0318 3992 pcmcia - ok
19:49:24.0333 3992 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:49:24.0345 3992 pcw - ok
19:49:24.0380 3992 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:49:24.0446 3992 PEAUTH - ok
19:49:24.0516 3992 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:49:24.0620 3992 pla - ok
19:49:24.0671 3992 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:49:24.0744 3992 PlugPlay - ok
19:49:24.0778 3992 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:49:24.0807 3992 PNRPAutoReg - ok
19:49:24.0834 3992 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:49:24.0852 3992 PNRPsvc - ok
19:49:24.0881 3992 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:49:24.0945 3992 PolicyAgent - ok
19:49:24.0974 3992 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:49:25.0016 3992 Power - ok
19:49:25.0059 3992 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:49:25.0138 3992 PptpMiniport - ok
19:49:25.0154 3992 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:49:25.0169 3992 Processor - ok
19:49:25.0204 3992 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:49:25.0254 3992 ProfSvc - ok
19:49:25.0271 3992 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:49:25.0285 3992 ProtectedStorage - ok
19:49:25.0355 3992 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\windows\system32\PSIService.exe
19:49:25.0366 3992 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
19:49:25.0367 3992 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
19:49:25.0403 3992 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:49:25.0447 3992 Psched - ok
19:49:25.0500 3992 [ 389D8CC1F8D7C5EC736BDED9D1A98C4C ] PSINAflt C:\Windows\system32\DRIVERS\PSINAflt.sys
19:49:25.0522 3992 PSINAflt - ok
19:49:25.0584 3992 [ 04E2992C67AB310409531BE99E66DD1F ] PSINFile C:\Windows\system32\DRIVERS\PSINFile.sys
19:49:25.0600 3992 PSINFile - ok
19:49:25.0651 3992 [ 5292037B8839D9DE8ACE23EBA1268A34 ] PSINKNC C:\Windows\system32\DRIVERS\psinknc.sys
19:49:25.0670 3992 PSINKNC - ok
19:49:25.0712 3992 [ B10D97FF830F677A1295F3B9E5E6F8FB ] PSINProc C:\Windows\system32\DRIVERS\PSINProc.sys
19:49:25.0729 3992 PSINProc - ok
19:49:25.0764 3992 [ 49DD888C415611DA5654CE895B9F37D9 ] PSINProt C:\Windows\system32\DRIVERS\PSINProt.sys
19:49:25.0781 3992 PSINProt - ok
19:49:25.0834 3992 [ 476769481841007583875023F7ECC4CA ] PSKMAD C:\Windows\system32\DRIVERS\PSKMAD.sys
19:49:25.0851 3992 PSKMAD - ok
19:49:25.0897 3992 [ 98A9D3236C6301503571DE79B86E8538 ] PSUAService C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
19:49:25.0912 3992 PSUAService - ok
19:49:25.0963 3992 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:49:26.0035 3992 ql2300 - ok
19:49:26.0072 3992 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:49:26.0087 3992 ql40xx - ok
19:49:26.0120 3992 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:49:26.0153 3992 QWAVE - ok
19:49:26.0174 3992 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:49:26.0198 3992 QWAVEdrv - ok
19:49:26.0214 3992 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:49:26.0255 3992 RasAcd - ok
19:49:26.0296 3992 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:49:26.0335 3992 RasAgileVpn - ok
19:49:26.0349 3992 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:49:26.0380 3992 RasAuto - ok
19:49:26.0402 3992 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:49:26.0438 3992 Rasl2tp - ok
19:49:26.0487 3992 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:49:26.0520 3992 RasMan - ok
19:49:26.0525 3992 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:49:26.0562 3992 RasPppoe - ok
19:49:26.0569 3992 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:49:26.0601 3992 RasSstp - ok
19:49:26.0632 3992 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:49:26.0662 3992 rdbss - ok
19:49:26.0674 3992 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:49:26.0690 3992 rdpbus - ok
19:49:26.0719 3992 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:49:26.0760 3992 RDPCDD - ok
19:49:26.0791 3992 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:49:26.0828 3992 RDPENCDD - ok
19:49:26.0850 3992 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:49:26.0876 3992 RDPREFMP - ok
19:49:26.0909 3992 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:49:26.0963 3992 RDPWD - ok
19:49:27.0024 3992 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:49:27.0051 3992 rdyboost - ok
19:49:27.0078 3992 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:49:27.0139 3992 RemoteAccess - ok
19:49:27.0169 3992 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:49:27.0239 3992 RemoteRegistry - ok
19:49:27.0276 3992 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:49:27.0313 3992 RFCOMM - ok
19:49:27.0388 3992 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
19:49:27.0409 3992 RichVideo - ok
19:49:27.0443 3992 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:49:27.0510 3992 RpcEptMapper - ok
19:49:27.0539 3992 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:49:27.0562 3992 RpcLocator - ok
19:49:27.0586 3992 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:49:27.0617 3992 RpcSs - ok
19:49:27.0650 3992 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:49:27.0692 3992 rspndr - ok
19:49:27.0716 3992 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
19:49:27.0742 3992 RTL8167 - ok
19:49:27.0773 3992 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\windows\system32\Drivers\SABI.sys
19:49:27.0808 3992 SABI - ok
19:49:27.0829 3992 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:49:27.0843 3992 SamSs - ok
19:49:27.0905 3992 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:49:27.0927 3992 sbp2port - ok
19:49:27.0959 3992 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:49:28.0045 3992 SCardSvr - ok
19:49:28.0068 3992 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:49:28.0095 3992 scfilter - ok
19:49:28.0137 3992 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:49:28.0195 3992 Schedule - ok
19:49:28.0239 3992 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:49:28.0278 3992 SCPolicySvc - ok
19:49:28.0354 3992 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:49:28.0422 3992 SDRSVC - ok
19:49:28.0459 3992 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:49:28.0514 3992 secdrv - ok
19:49:28.0540 3992 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:49:28.0582 3992 seclogon - ok
19:49:28.0605 3992 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:49:28.0635 3992 SENS - ok
19:49:28.0655 3992 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:49:28.0706 3992 SensrSvc - ok
19:49:28.0749 3992 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:49:28.0798 3992 Serenum - ok
19:49:28.0827 3992 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:49:28.0847 3992 Serial - ok
19:49:28.0877 3992 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:49:28.0930 3992 sermouse - ok
19:49:28.0973 3992 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:49:29.0012 3992 SessionEnv - ok
19:49:29.0046 3992 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:49:29.0071 3992 sffdisk - ok
19:49:29.0085 3992 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:49:29.0116 3992 sffp_mmc - ok
19:49:29.0131 3992 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:49:29.0147 3992 sffp_sd - ok
19:49:29.0172 3992 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:49:29.0224 3992 sfloppy - ok
19:49:29.0257 3992 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:49:29.0324 3992 SharedAccess - ok
19:49:29.0362 3992 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:49:29.0410 3992 ShellHWDetection - ok
19:49:29.0436 3992 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:49:29.0450 3992 sisagp - ok
19:49:29.0477 3992 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:49:29.0490 3992 SiSRaid2 - ok
19:49:29.0511 3992 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:49:29.0525 3992 SiSRaid4 - ok
19:49:29.0551 3992 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:49:29.0581 3992 Smb - ok
19:49:29.0628 3992 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:49:29.0644 3992 SNMPTRAP - ok
19:49:29.0665 3992 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:49:29.0678 3992 spldr - ok
19:49:29.0747 3992 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:49:29.0832 3992 Spooler - ok
19:49:29.0948 3992 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:49:30.0011 3992 sppsvc - ok
19:49:30.0169 3992 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:49:30.0238 3992 sppuinotify - ok
19:49:30.0287 3992 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:49:30.0339 3992 srv - ok
19:49:30.0374 3992 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:49:30.0409 3992 srv2 - ok
19:49:30.0428 3992 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:49:30.0459 3992 srvnet - ok
19:49:30.0484 3992 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:49:30.0569 3992 SSDPSRV - ok
19:49:30.0589 3992 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:49:30.0618 3992 SstpSvc - ok
19:49:30.0651 3992 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:49:30.0664 3992 stexstor - ok
19:49:30.0720 3992 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:49:30.0757 3992 StiSvc - ok
19:49:30.0799 3992 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:49:30.0820 3992 swenum - ok
19:49:30.0845 3992 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:49:30.0889 3992 swprv - ok
19:49:30.0995 3992 [ 215A45246C6E2D0A9C263CE1786C8D8A ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:49:31.0007 3992 SynTP - ok
19:49:31.0069 3992 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:49:31.0163 3992 SysMain - ok
19:49:31.0238 3992 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:49:31.0304 3992 TabletInputService - ok
19:49:31.0338 3992 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:49:31.0395 3992 TapiSrv - ok
19:49:31.0426 3992 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:49:31.0498 3992 TBS - ok
19:49:31.0575 3992 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:49:31.0634 3992 Tcpip - ok
19:49:31.0679 3992 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:49:31.0710 3992 TCPIP6 - ok
19:49:31.0741 3992 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:49:31.0780 3992 tcpipreg - ok
19:49:31.0812 3992 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:49:31.0852 3992 TDPIPE - ok
19:49:31.0889 3992 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:49:31.0921 3992 TDTCP - ok
19:49:31.0974 3992 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:49:32.0024 3992 tdx - ok
19:49:32.0160 3992 [ 12EB792F908D263381162D9BB304B520 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
19:49:32.0209 3992 TeamViewer6 - ok
19:49:32.0257 3992 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
19:49:32.0292 3992 teamviewervpn - ok
19:49:32.0378 3992 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:49:32.0398 3992 TermDD - ok
19:49:32.0447 3992 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:49:32.0495 3992 TermService - ok
19:49:32.0520 3992 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:49:32.0548 3992 Themes - ok
19:49:32.0581 3992 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:49:32.0611 3992 THREADORDER - ok
19:49:32.0645 3992 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:49:32.0685 3992 TrkWks - ok
19:49:32.0746 3992 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:49:32.0803 3992 TrustedInstaller - ok
19:49:32.0822 3992 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:49:32.0862 3992 tssecsrv - ok
19:49:32.0915 3992 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:49:32.0941 3992 TsUsbFlt - ok
19:49:32.0987 3992 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:49:33.0015 3992 tunnel - ok
19:49:33.0045 3992 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:49:33.0058 3992 uagp35 - ok
19:49:33.0091 3992 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:49:33.0164 3992 udfs - ok
19:49:33.0201 3992 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:49:33.0230 3992 UI0Detect - ok
19:49:33.0273 3992 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:49:33.0287 3992 uliagpkx - ok
19:49:33.0312 3992 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:49:33.0326 3992 umbus - ok
19:49:33.0358 3992 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:49:33.0377 3992 UmPass - ok
19:49:33.0397 3992 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:49:33.0442 3992 upnphost - ok
19:49:33.0487 3992 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:49:33.0548 3992 USBAAPL - ok
19:49:33.0592 3992 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:49:33.0649 3992 usbaudio - ok
19:49:33.0685 3992 [ B1503509D5E202C17DD78B3E1BF70049 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
19:49:33.0722 3992 usbbus - ok
19:49:33.0754 3992 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:49:33.0787 3992 usbccgp - ok
19:49:33.0844 3992 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:49:33.0878 3992 usbcir - ok
19:49:33.0906 3992 [ 456C04B39AA4066648C980E7042CD5F7 ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
19:49:33.0930 3992 UsbDiag - ok
19:49:33.0961 3992 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:49:33.0975 3992 usbehci - ok
19:49:34.0009 3992 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:49:34.0041 3992 usbhub - ok
19:49:34.0059 3992 [ 5318918FFBCDE39B1AB25FFAB2561F99 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
19:49:34.0071 3992 USBModem - ok
19:49:34.0094 3992 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:49:34.0124 3992 usbohci - ok
19:49:34.0157 3992 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:49:34.0172 3992 usbprint - ok
19:49:34.0204 3992 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:49:34.0228 3992 usbscan - ok
19:49:34.0243 3992 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:49:34.0277 3992 USBSTOR - ok
19:49:34.0302 3992 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:49:34.0330 3992 usbuhci - ok
19:49:34.0382 3992 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:49:34.0415 3992 usbvideo - ok
19:49:34.0447 3992 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:49:34.0488 3992 UxSms - ok
19:49:34.0511 3992 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:49:34.0525 3992 VaultSvc - ok
19:49:34.0560 3992 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:49:34.0574 3992 vdrvroot - ok
19:49:34.0622 3992 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:49:34.0680 3992 vds - ok
19:49:34.0708 3992 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:49:34.0724 3992 vga - ok
19:49:34.0746 3992 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:49:34.0774 3992 VgaSave - ok
19:49:34.0811 3992 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:49:34.0838 3992 vhdmp - ok
19:49:34.0883 3992 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:49:34.0897 3992 viaagp - ok
19:49:34.0918 3992 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:49:34.0933 3992 ViaC7 - ok
19:49:34.0956 3992 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:49:34.0969 3992 viaide - ok
19:49:34.0981 3992 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:49:34.0994 3992 volmgr - ok
19:49:35.0021 3992 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:49:35.0040 3992 volmgrx - ok
19:49:35.0054 3992 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:49:35.0071 3992 volsnap - ok
19:49:35.0110 3992 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:49:35.0126 3992 vsmraid - ok
19:49:35.0200 3992 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:49:35.0273 3992 VSS - ok
19:49:35.0289 3992 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:49:35.0337 3992 vwifibus - ok
19:49:35.0361 3992 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:49:35.0396 3992 vwififlt - ok
19:49:35.0430 3992 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:49:35.0446 3992 vwifimp - ok
19:49:35.0480 3992 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:49:35.0540 3992 W32Time - ok
19:49:35.0554 3992 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:49:35.0576 3992 WacomPen - ok
19:49:35.0610 3992 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:49:35.0646 3992 WANARP - ok
19:49:35.0651 3992 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:49:35.0678 3992 Wanarpv6 - ok
19:49:35.0746 3992 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:49:35.0817 3992 WatAdminSvc - ok
19:49:35.0858 3992 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:49:35.0948 3992 wbengine - ok
19:49:35.0985 3992 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:49:36.0007 3992 WbioSrvc - ok
19:49:36.0040 3992 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:49:36.0087 3992 wcncsvc - ok
19:49:36.0102 3992 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:49:36.0136 3992 WcsPlugInService - ok
19:49:36.0164 3992 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:49:36.0177 3992 Wd - ok
19:49:36.0202 3992 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:49:36.0226 3992 Wdf01000 - ok
19:49:36.0246 3992 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:49:36.0338 3992 WdiServiceHost - ok
19:49:36.0343 3992 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:49:36.0369 3992 WdiSystemHost - ok
19:49:36.0405 3992 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:49:36.0440 3992 WebClient - ok
19:49:36.0477 3992 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:49:36.0509 3992 Wecsvc - ok
19:49:36.0524 3992 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:49:36.0573 3992 wercplsupport - ok
19:49:36.0590 3992 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:49:36.0633 3992 WerSvc - ok
19:49:36.0659 3992 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:49:36.0687 3992 WfpLwf - ok
19:49:36.0715 3992 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:49:36.0730 3992 WIMMount - ok
19:49:36.0782 3992 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:49:36.0829 3992 WinDefend - ok
19:49:36.0846 3992 WinHttpAutoProxySvc - ok
19:49:36.0889 3992 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:49:36.0917 3992 Winmgmt - ok
19:49:36.0975 3992 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:49:37.0092 3992 WinRM - ok
19:49:37.0158 3992 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:49:37.0187 3992 WinUsb - ok
19:49:37.0221 3992 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:49:37.0292 3992 Wlansvc - ok
19:49:37.0321 3992 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:49:37.0352 3992 WmiAcpi - ok
19:49:37.0380 3992 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:49:37.0405 3992 wmiApSrv - ok
19:49:37.0498 3992 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:49:37.0571 3992 WMPNetworkSvc - ok
19:49:37.0598 3992 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:49:37.0629 3992 WPCSvc - ok
19:49:37.0664 3992 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:49:37.0689 3992 WPDBusEnum - ok
19:49:37.0705 3992 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:49:37.0741 3992 ws2ifsl - ok
19:49:37.0779 3992 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:49:37.0799 3992 wscsvc - ok
19:49:37.0804 3992 WSearch - ok
19:49:37.0899 3992 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
19:49:37.0955 3992 wuauserv - ok
19:49:38.0021 3992 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:49:38.0092 3992 WudfPf - ok
19:49:38.0144 3992 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:49:38.0173 3992 WUDFRd - ok
19:49:38.0199 3992 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:49:38.0231 3992 wudfsvc - ok
19:49:38.0278 3992 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:49:38.0300 3992 WwanSvc - ok
19:49:38.0352 3992 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
19:49:38.0401 3992 yukonw7 - ok
19:49:38.0441 3992 ================ Scan global ===============================
19:49:38.0477 3992 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:49:38.0506 3992 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:49:38.0528 3992 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:49:38.0554 3992 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:49:38.0620 3992 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:49:38.0631 3992 [Global] - ok
19:49:38.0631 3992 ================ Scan MBR ==================================
19:49:38.0651 3992 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:49:39.0206 3992 \Device\Harddisk0\DR0 - ok
19:49:39.0207 3992 ================ Scan VBR ==================================
19:49:39.0233 3992 [ 5B054C4344DC2412D436BFFEAFB900F7 ] \Device\Harddisk0\DR0\Partition1
19:49:39.0235 3992 \Device\Harddisk0\DR0\Partition1 - ok
19:49:39.0283 3992 [ 3060A4E068AAC1BDA84DA9694EE083A9 ] \Device\Harddisk0\DR0\Partition2
19:49:39.0284 3992 \Device\Harddisk0\DR0\Partition2 - ok
19:49:39.0285 3992 ============================================================
19:49:39.0285 3992 Scan finished
19:49:39.0285 3992 ============================================================
19:49:39.0305 2436 Detected object count: 1
19:49:39.0305 2436 Actual detected object count: 1
19:50:52.0022 2436 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:52.0022 2436 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
20.09.2012, 10:47
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.09.2012, 11:35
| #21 |
| | GVU Trojaner Ich glaube, hat alles soweit funktioniert. Hier die ComboFix-Logdatei: Combofix Logfile: Code:
ATTFilter ComboFix 12-09-18.07 - ***** 20.09.2012 12:18:51.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3037.2095 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\F7697B9EB9.sys
c:\programdata\FullRemove.exe
c:\users\*****\4.0
c:\users\*****\AppData\Local\assembly\tmp
c:\users\*****\AppData\Roaming\AcroIEHelpe.txt
c:\users\*****\AppData\Roaming\srvblck5.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-20 bis 2012-09-20 ))))))))))))))))))))))))))))))
.
.
2012-09-20 10:10 . 2011-03-10 16:04 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2012-09-19 17:47 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FFF8C5B-6199-4DCF-8207-68A58D283233}\mpengine.dll
2012-09-18 05:08 . 2012-09-18 05:08 -------- d-----w- C:\_OTL
2012-09-17 05:07 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-17 05:07 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-17 05:07 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-17 05:07 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-17 05:07 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-17 05:07 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 17:45 . 2012-09-12 17:45 -------- d-----w- c:\program files\ESET
2012-09-12 05:16 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-12 05:16 . 2012-09-12 05:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-11 10:10 . 2012-09-11 10:10 -------- d-----w- c:\users\*****\AppData\Roaming\Malwarebytes
2012-09-11 10:09 . 2012-09-11 10:09 -------- d-----w- c:\programdata\Malwarebytes
2012-08-26 11:02 . 2012-08-26 11:02 38872 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{E845F510-519B-E3C2-F7BD-7A2DC73D8A4C}-reader_sl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-18 17:21 . 2012-04-23 09:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-18 17:21 . 2011-08-09 07:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 17:16 . 2009-12-05 00:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-18 17:47 . 2012-08-16 08:35 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 05:02 . 2012-07-13 05:02 174632 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2012-07-13 05:02 . 2012-07-13 05:02 120872 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2012-07-13 05:02 . 2012-07-13 05:02 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2012-07-13 05:02 . 2012-07-13 05:02 148520 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2012-07-13 05:02 . 2012-07-13 05:02 103464 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2012-07-12 09:18 . 2012-07-12 09:18 206632 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2012-07-06 19:23 . 2012-08-16 09:15 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14 . 2012-08-16 08:35 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-16 08:35 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16 . 2012-08-16 09:15 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-16 09:15 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-16 09:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 09:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 09:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-27 13:51 . 2012-06-27 13:51 92840 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2012-06-27 13:51 . 2012-06-27 13:51 286376 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2012-06-27 13:51 . 2012-06-27 13:51 153000 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2012-06-27 13:51 . 2012-06-27 13:51 106536 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2012-06-27 13:51 . 2012-06-27 13:51 60968 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
2012-06-27 13:51 . 2012-06-27 13:51 104104 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2012-06-27 13:51 . 2012-06-27 13:51 93992 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2012-06-27 13:51 . 2012-06-27 13:51 28712 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
2012-06-27 13:51 . 2012-06-27 13:51 122664 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2012-06-27 13:51 . 2012-06-27 13:51 82472 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2012-06-27 13:51 . 2012-06-27 13:51 120744 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2012-07-21 18:49 . 2011-06-23 05:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LG LinkAir"="c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe" [2010-09-15 2440552]
"AVMUSBFernanschluss"="c:\users\*****\AppData\Local\Apps\2.0\98ENMTGN.3N9\7OJM292J.ME8\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-11-06 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-04 13830760]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-21 8092192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-09-27 391096]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-18 296096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Mobiola Wave Service;Mobiola Wave Service;c:\program files\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
S3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [x]
S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\DRIVERS\mobiolavs.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - PSKMAD
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 17:21]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 06:45]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 06:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3gccsvky.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
SafeBoot-MCODS
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-Topo Oesterreich_is1 - c:\garmin\FAMILY_706\unins000.exe
AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\program files\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-20 12:29:28
ComboFix-quarantined-files.txt 2012-09-20 10:29
.
Vor Suchlauf: 12 Verzeichnis(se), 15.790.051.328 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 15.545.339.904 Bytes frei
.
- - End Of File - - B441507911EC7AFED54E7C4207A8F956
|
|
20.09.2012, 15:44
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.09.2012, 08:13
| #23 |
| | GVU Trojaner Hallo cosinus, hier sind die nächsten Log-Dateien: GMER GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-21 07:25:29
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: bqyu6bx0.exe; Driver: C:\Users\*****\AppData\Local\Temp\uxliifog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 8347A989 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8349A4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000005b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:4320] 9F307F2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd508ac0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd508ac0@64995da57d70 0x43 0x3A 0x82 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 6609
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd508ac0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd508ac0@64995da57d70 0x43 0x3A 0x82 0xD0 ...
---- EOF - GMER 1.0.15 ----
osam OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 07:31:43 on 21.09.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\Users\*****\AppData\Local\Temp\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NNSAlpc" (NNSALPC) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\NNSAlpc.sys "NNSHttp" (NNSHTTP) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\NNSHttp.sys "NNSids" (NNSIDS) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\NNSIds.sys "NNSPicc" (NNSPICC) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\NNSPicc.sys "NNSPop3" (NNSPOP3) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\NNSPop3.sys "NNSProt" (NNSPROT) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\NNSProt.sys "NNSPrv" (NNSPRV) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\NNSPrv.sys "NNSSmtp" (NNSSMTP) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\NNSSmtp.sys "NNSStrm" (NNSSTRM) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\NNSStrm.sys "NNSTlsc" (NNSTLSC) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\NNSTlsc.sys "PSINAflt" (PSINAflt) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINAflt.sys "PSINFile" (PSINFile) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINFile.sys "PSINKNC" (PSINKNC) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\psinknc.sys "PSINProc" (PSINProc) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINProc.sys "PSINProt" (PSINProt) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINProt.sys "PSKMAD" (PSKMAD) - "Panda Security" - C:\Windows\System32\DRIVERS\PSKMAD.sys "uxliifog" (uxliifog) - ? - C:\Users\*****\AppData\Local\Temp\uxliifog.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - C:\windows\system32\wuaucpl.cpl (File not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\windows\system32\nvcpl.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {C080DC3F-9095-4E4B-95E6-D67D077130E8} "IconsHandlerNano Class" - ? - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL (File not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\windows\system32\nvcpl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {80AEF606-7FFA-4EF6-86C4-0B86FEF4E0CD} "SimpleShlExt extension" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {C345E174-3E87-4F41-A01C-B066A90A49B4} "WRC Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\wrc32.ocx / hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {21A88CB9-84D2-4020-A2D1-B25A21034884} "HistoryTriggerBHO Class" - "LG Electronics" - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AVMUSBFernanschluss" - "AVM Berlin" - "C:\Users\*****\AppData\Local\Apps\2.0\98ENMTGN.3N9\7OJM292J.ME8\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" "LG LinkAir" - ? - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "B2C_AGENT" - "LG Electronics" - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe "CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup "PDVD8LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" "PSUAMain" - "Panda Security, S.L." - "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "RemoteControl8" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "c:\program files\real\realplayer\Update\realsched.exe" -osboot "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" "UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" "UpdatePDRShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" "UpdatePPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" "UpdatePSTShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Mobiola Wave Service" (Mobiola Wave Service) - ? - C:\Program Files\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe (File found, but it contains no detailed information) "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Panda Cloud Antivirus Service" (NanoServiceMain) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe "Panda Product Service" (PSUAService) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe "ProtexisLicensing" (ProtexisLicensing) - ? - C:\windows\system32\PSIService.exe "TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] und aswMBR Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 07:34:16
-----------------------------
07:34:16.587 OS Version: Windows 6.1.7601 Service Pack 1
07:34:16.587 Number of processors: 2 586 0x170A
07:34:16.590 ComputerName: *****-PC UserName: *****
07:34:18.065 Initialize success
07:35:29.928 AVAST engine defs: 12092001
07:36:11.064 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:36:11.068 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
07:36:11.219 Disk 0 MBR read successfully
07:36:11.224 Disk 0 MBR scan
07:36:11.233 Disk 0 unknown MBR code
07:36:11.311 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
07:36:11.378 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 84036 MB offset 31664128
07:36:11.450 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 205746 MB offset 203769856
07:36:11.523 Disk 0 scanning sectors +625137664
07:36:11.884 Disk 0 scanning C:\Windows\system32\drivers
07:37:56.676 Service scanning
07:38:21.744 Modules scanning
07:40:40.426 Disk 0 trace - called modules:
07:40:40.815 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
07:40:40.825 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871a3170]
07:40:40.834 3 CLASSPNP.SYS[8c68059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86360028]
07:40:41.579 AVAST engine scan C:\Windows
07:41:26.785 AVAST engine scan C:\Windows\system32
07:56:13.437 AVAST engine scan C:\Windows\system32\drivers
07:58:02.133 AVAST engine scan C:\Users\*****
08:44:31.069 AVAST engine scan C:\ProgramData
09:00:05.001 Scan finished successfully
09:06:28.727 Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
09:06:28.735 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
|
|
21.09.2012, 18:58
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2012, 18:30
| #25 |
| | GVU Trojaner So, das hätten wir dann auch (hoffentlich!): Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-22 19:25:45
-----------------------------
19:25:45.202 OS Version: Windows 6.1.7601 Service Pack 1
19:25:45.202 Number of processors: 2 586 0x170A
19:25:45.206 ComputerName: *****-PC UserName: *****
19:25:46.086 Initialize success
19:25:53.177 AVAST engine defs: 12092200
19:27:27.717 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR1.txt"
|
|
22.09.2012, 20:49
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Das war kein neues Log - bitte so machen wie beim ersten Mal mit aswMBR
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.09.2012, 09:34
| #27 |
| | GVU Trojaner sorry, aber jetzt: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-23 09:55:35
-----------------------------
09:55:35.389 OS Version: Windows 6.1.7601 Service Pack 1
09:55:35.390 Number of processors: 2 586 0x170A
09:55:35.391 ComputerName: *****-PC UserName: *****
09:55:36.376 Initialize success
09:55:47.254 AVAST engine defs: 12092200
09:55:59.222 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:55:59.226 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
09:55:59.265 Disk 0 MBR read successfully
09:55:59.270 Disk 0 MBR scan
09:55:59.279 Disk 0 Windows 7 default MBR code
09:55:59.335 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
09:55:59.381 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 84036 MB offset 31664128
09:55:59.496 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 205746 MB offset 203769856
09:55:59.699 Disk 0 scanning sectors +625137664
09:56:00.273 Disk 0 scanning C:\Windows\system32\drivers
09:56:30.487 Service scanning
09:57:08.162 Modules scanning
09:57:26.148 Disk 0 trace - called modules:
09:57:26.191 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
09:57:26.200 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871aa030]
09:57:26.211 3 CLASSPNP.SYS[8c67259e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86365028]
09:57:27.095 AVAST engine scan C:\Windows
09:57:31.350 AVAST engine scan C:\Windows\system32
10:01:36.284 AVAST engine scan C:\Windows\system32\drivers
10:02:03.096 AVAST engine scan C:\Users\*****
10:21:06.562 AVAST engine scan C:\ProgramData
10:22:54.494 Scan finished successfully
10:32:24.400 Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
10:32:24.409 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR2.txt"
|
|
23.09.2012, 16:59
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2012, 11:29
| #29 |
| | GVU Trojaner Hier sind die Vollscan-Logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.23.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 ***** :: *****-PC [Administrator] Schutz: Aktiviert 23.09.2012 20:07:53 mbam-log-2012-09-23 (20-07-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 406787 Laufzeit: 1 Stunde(n), 22 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/24/2012 at 09:02 AM
Application Version : 5.5.1016
Core Rules Database Version : 9275
Trace Rules Database Version: 7087
Scan type : Complete Scan
Total Scan Time : 02:04:39
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 843
Memory threats detected : 0
Registry items scanned : 37311
Registry threats detected : 1
File items scanned : 177596
File threats detected : 178
Adware.IEPlugin
HKCR\Remove
Adware.Tracking Cookie
.xiti.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.122.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.twittercounter.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.libri.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
stat.novasol.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.conrad.122.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfl4gmdjgfp.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
dfb.stats.yum.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.deutschepostag.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfkiuidzwco.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.webstatschecker.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
weihnachtsmarkt-finder.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.findmysoft.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.tapeten-borten-discounter.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.promediamax.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.promediamax.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.promediamax.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.promediamax.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.netgear.122.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
toi-rvp-ticker-01.odmedia.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.awdgmbh.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.unitymediaforum.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.unitymediaforum.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.unitymediaforum.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.unitymediaforum.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.unitymediaforum.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.cisco.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjk4kjd5mbq.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
s2.trafficmaxx.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
clicks.maximumspeedfind.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
media4football.blogspot.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
media4football.blogspot.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
media4football.blogspot.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
media4football.blogspot.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
media4football.blogspot.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
media4football.blogspot.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
media4football.blogspot.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
media4football.blogspot.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
www9.addfreestats.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.lego.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
clicks.pangora.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.cewecolor.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
www7.addfreestats.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.freepornstv.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.nykredit.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.findvej.dk [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.ufindbook.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.topmedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.snapfish.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
www4.addfreestats.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
freemediaforyou.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
freemediaforyou.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
freemediaforyou.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.mediafire-files.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.mediafire-files.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
s07.flagcounter.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
s06.flagcounter.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.chartstats.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.chartstats.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjlochczekp.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wgkyekdpelo.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wbmiwjdpgep.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfkigpajadp.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfkiqhdpadp.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmkicmdpkkp.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjmicmc5skp.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
www.hxtrack.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.web-stat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.web-stat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.webstats4u.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
adsensefooty.blogspot.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
adsensefooty.blogspot.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
adsensefooty.blogspot.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
adsensefooty.blogspot.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
adsensefooty.blogspot.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
adsensefooty.blogspot.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
adsensefooty.blogspot.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
adsensefooty.blogspot.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
adsensefooty.blogspot.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjlogkajgdp.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.sonyeurope.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.ikea.122.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.bshg.122.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.e-2dj6afkysldpsep.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
www.digital-eliteboard.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
www.digital-eliteboard.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.digital-eliteboard.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.digital-eliteboard.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.digital-eliteboard.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
tracking.klicktel.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GCCSVKY.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Yoddos
C:\PROGRAM FILES\WINRAR\DEFAULT.SFX
|
|
24.09.2012, 18:12
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Sieht ok aus, da wurden nur Cookies gefunden, der angebliche Fund in der Reg und bei WinRAR sind mE nach Fehlalarme. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU Trojaner |
| .exe, 32bit, eingefangen, gefangen, geladen, gen, gvu 2.07 win7, gvu trojaner, laptop, nicht mehr, online, rechner, scan, troja, trojane, trojaner, trojaner eingefangen, win, win7 |
Linear-Darstellung
