| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € ZahlungsaufforderungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
28.02.2012, 13:17
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung Wie gesagt, einfach in Zukunft sein lassen. Daher hast du diesen Blockiermüll wohl auch her. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.02.2012, 15:12
| #2 |
 | Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung Ok, der TDSS-Killer ist auch durch. Etwas komisch war nur, dass er einen Threat gefunden hat, nach dem Scan stand im Fenster aber groß oben drüber "No threats found" (in der Auflistung darunter allerdings dann doch wieder "Found: 1 threat). Das ganze ging auch ziemlich schnell, etwas mehr als 3 Minuten. Ist das normal?
__________________Hier das Log: Code:
ATTFilter 14:46:56.0841 4868 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
14:46:56.0935 4868 ============================================================
14:46:56.0935 4868 Current date / time: 2012/02/28 14:46:56.0935
14:46:56.0935 4868 SystemInfo:
14:46:56.0935 4868
14:46:56.0936 4868 OS Version: 6.0.6002 ServicePack: 2.0
14:46:56.0936 4868 Product type: Workstation
14:46:56.0936 4868 ComputerName: HOME-PC
14:46:56.0936 4868 UserName: Freddy
14:46:56.0936 4868 Windows directory: C:\Windows
14:46:56.0936 4868 System windows directory: C:\Windows
14:46:56.0936 4868 Processor architecture: Intel x86
14:46:56.0936 4868 Number of processors: 2
14:46:56.0937 4868 Page size: 0x1000
14:46:56.0937 4868 Boot type: Normal boot
14:46:56.0937 4868 ============================================================
14:46:58.0091 4868 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x209CD, SectorsPerTrack: 0x1A, TracksPerCylinder: 0x5A, Type 'K0', Flags 0x00000050
14:46:58.0095 4868 \Device\Harddisk0\DR0:
14:46:58.0095 4868 MBR used
14:46:58.0095 4868 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x950C800
14:46:58.0096 4868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x97FB000, BlocksNum 0x921E000
14:46:58.0183 4868 Initialize success
14:46:58.0183 4868 ============================================================
14:47:51.0432 3320 ============================================================
14:47:51.0432 3320 Scan started
14:47:51.0432 3320 Mode: Manual; SigCheck; TDLFS;
14:47:51.0432 3320 ============================================================
14:47:53.0417 3320 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:47:53.0666 3320 ACPI - ok
14:47:54.0056 3320 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:47:54.0119 3320 adp94xx - ok
14:47:54.0431 3320 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:47:54.0478 3320 adpahci - ok
14:47:54.0836 3320 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:47:54.0852 3320 adpu160m - ok
14:47:55.0164 3320 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:47:55.0195 3320 adpu320 - ok
14:47:55.0429 3320 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:47:55.0507 3320 AFD - ok
14:47:56.0006 3320 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
14:47:56.0178 3320 AgereSoftModem - ok
14:47:56.0365 3320 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:47:56.0381 3320 agp440 - ok
14:47:56.0599 3320 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:47:56.0615 3320 aic78xx - ok
14:47:56.0677 3320 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:47:56.0708 3320 aliide - ok
14:47:56.0849 3320 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:47:56.0864 3320 amdagp - ok
14:47:56.0911 3320 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:47:56.0927 3320 amdide - ok
14:47:57.0036 3320 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:47:57.0192 3320 AmdK7 - ok
14:47:57.0379 3320 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:47:57.0504 3320 AmdK8 - ok
14:47:57.0832 3320 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:47:57.0863 3320 arc - ok
14:47:57.0941 3320 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:47:57.0956 3320 arcsas - ok
14:47:58.0268 3320 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:47:58.0424 3320 AsyncMac - ok
14:47:58.0658 3320 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:47:58.0674 3320 atapi - ok
14:47:58.0846 3320 athr (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys
14:47:58.0939 3320 athr - ok
14:47:59.0126 3320 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:47:59.0251 3320 AVGIDSDriver - ok
14:47:59.0376 3320 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:47:59.0423 3320 AVGIDSEH - ok
14:47:59.0454 3320 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:47:59.0485 3320 AVGIDSFilter - ok
14:47:59.0532 3320 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
14:47:59.0563 3320 AVGIDSShim - ok
14:47:59.0719 3320 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
14:47:59.0750 3320 Avgldx86 - ok
14:48:00.0296 3320 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
14:48:00.0328 3320 Avgmfx86 - ok
14:48:00.0452 3320 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
14:48:00.0484 3320 Avgrkx86 - ok
14:48:00.0530 3320 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
14:48:00.0577 3320 Avgtdix - ok
14:48:00.0733 3320 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:48:00.0827 3320 Beep - ok
14:48:00.0967 3320 blbdrive - ok
14:48:01.0279 3320 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:48:01.0342 3320 bowser - ok
14:48:01.0576 3320 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:48:01.0685 3320 BrFiltLo - ok
14:48:01.0919 3320 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:48:01.0981 3320 BrFiltUp - ok
14:48:02.0153 3320 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:48:02.0278 3320 Brserid - ok
14:48:02.0480 3320 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:48:02.0652 3320 BrSerWdm - ok
14:48:02.0870 3320 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:48:03.0011 3320 BrUsbMdm - ok
14:48:03.0276 3320 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:48:03.0416 3320 BrUsbSer - ok
14:48:03.0588 3320 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:48:03.0713 3320 BTHMODEM - ok
14:48:03.0853 3320 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:48:03.0947 3320 cdfs - ok
14:48:03.0994 3320 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:48:04.0056 3320 cdrom - ok
14:48:04.0196 3320 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:48:04.0306 3320 circlass - ok
14:48:04.0524 3320 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:48:04.0571 3320 CLFS - ok
14:48:04.0711 3320 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:48:04.0836 3320 CmBatt - ok
14:48:04.0898 3320 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:48:04.0930 3320 cmdide - ok
14:48:05.0132 3320 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:48:05.0164 3320 Compbatt - ok
14:48:05.0538 3320 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:48:05.0554 3320 crcdisk - ok
14:48:05.0678 3320 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:48:05.0803 3320 Crusoe - ok
14:48:05.0975 3320 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
14:48:06.0006 3320 CVirtA - ok
14:48:06.0068 3320 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:48:06.0131 3320 DfsC - ok
14:48:06.0334 3320 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:48:06.0365 3320 disk - ok
14:48:06.0443 3320 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:48:06.0505 3320 drmkaud - ok
14:48:06.0630 3320 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
14:48:06.0677 3320 dsNcAdpt - ok
14:48:06.0770 3320 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:48:06.0848 3320 DXGKrnl - ok
14:48:07.0098 3320 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:48:07.0238 3320 E1G60 - ok
14:48:07.0457 3320 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:48:07.0488 3320 Ecache - ok
14:48:07.0722 3320 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:48:07.0753 3320 elxstor - ok
14:48:08.0065 3320 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:48:08.0143 3320 exfat - ok
14:48:08.0377 3320 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:48:08.0440 3320 fastfat - ok
14:48:08.0627 3320 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:48:08.0736 3320 fdc - ok
14:48:08.0939 3320 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:48:08.0970 3320 FileInfo - ok
14:48:09.0064 3320 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:48:09.0142 3320 Filetrace - ok
14:48:09.0235 3320 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:48:09.0360 3320 flpydisk - ok
14:48:09.0641 3320 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:48:09.0672 3320 FltMgr - ok
14:48:09.0984 3320 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:48:10.0062 3320 Fs_Rec - ok
14:48:10.0280 3320 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:48:10.0312 3320 gagp30kx - ok
14:48:10.0421 3320 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:48:10.0436 3320 GEARAspiWDM - ok
14:48:10.0748 3320 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:48:10.0889 3320 HdAudAddService - ok
14:48:11.0170 3320 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:48:11.0279 3320 HDAudBus - ok
14:48:11.0497 3320 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:48:11.0622 3320 HidBth - ok
14:48:11.0825 3320 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:48:11.0950 3320 HidIr - ok
14:48:12.0137 3320 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:48:12.0215 3320 HidUsb - ok
14:48:12.0433 3320 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:48:12.0464 3320 HpCISSs - ok
14:48:12.0823 3320 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:48:12.0901 3320 HTTP - ok
14:48:13.0166 3320 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:48:13.0198 3320 i2omp - ok
14:48:13.0400 3320 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:48:13.0463 3320 i8042prt - ok
14:48:13.0744 3320 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
14:48:13.0790 3320 iaStor - ok
14:48:14.0102 3320 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:48:14.0134 3320 iaStorV - ok
14:48:14.0664 3320 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:48:14.0836 3320 igfx - ok
14:48:15.0163 3320 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:48:15.0194 3320 iirsp - ok
14:48:15.0694 3320 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
14:48:15.0865 3320 IntcAzAudAddService - ok
14:48:16.0084 3320 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:48:16.0115 3320 intelide - ok
14:48:16.0271 3320 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:48:16.0349 3320 intelppm - ok
14:48:16.0598 3320 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:48:16.0661 3320 IpFilterDriver - ok
14:48:16.0942 3320 IpInIp - ok
14:48:17.0144 3320 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:48:17.0269 3320 IPMIDRV - ok
14:48:17.0441 3320 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:48:17.0519 3320 IPNAT - ok
14:48:17.0784 3320 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:48:17.0862 3320 IRENUM - ok
14:48:18.0158 3320 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:48:18.0190 3320 isapnp - ok
14:48:18.0455 3320 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:48:18.0486 3320 iScsiPrt - ok
14:48:18.0704 3320 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:48:18.0736 3320 iteatapi - ok
14:48:18.0782 3320 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:48:18.0814 3320 iteraid - ok
14:48:18.0892 3320 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:48:18.0923 3320 kbdclass - ok
14:48:18.0985 3320 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
14:48:19.0079 3320 kbdhid - ok
14:48:19.0375 3320 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys
14:48:19.0422 3320 KR10I - ok
14:48:19.0594 3320 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys
14:48:19.0640 3320 KR10N - ok
14:48:19.0796 3320 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:48:19.0843 3320 KSecDD - ok
14:48:20.0202 3320 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:48:20.0296 3320 lltdio - ok
14:48:20.0608 3320 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:48:20.0639 3320 LSI_FC - ok
14:48:20.0888 3320 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:48:20.0920 3320 LSI_SAS - ok
14:48:20.0998 3320 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:48:21.0029 3320 LSI_SCSI - ok
14:48:21.0060 3320 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:48:21.0138 3320 luafv - ok
14:48:21.0310 3320 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:48:21.0341 3320 megasas - ok
14:48:21.0403 3320 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:48:21.0481 3320 Modem - ok
14:48:21.0637 3320 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:48:21.0715 3320 monitor - ok
14:48:22.0012 3320 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:48:22.0043 3320 mouclass - ok
14:48:22.0152 3320 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:48:22.0199 3320 mouhid - ok
14:48:22.0246 3320 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:48:22.0277 3320 MountMgr - ok
14:48:22.0464 3320 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:48:22.0480 3320 mpio - ok
14:48:22.0760 3320 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:48:22.0823 3320 mpsdrv - ok
14:48:23.0041 3320 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:48:23.0072 3320 Mraid35x - ok
14:48:23.0416 3320 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:48:23.0478 3320 MRxDAV - ok
14:48:23.0712 3320 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:48:23.0774 3320 mrxsmb - ok
14:48:24.0071 3320 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:48:24.0118 3320 mrxsmb10 - ok
14:48:24.0430 3320 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:48:24.0508 3320 mrxsmb20 - ok
14:48:24.0710 3320 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
14:48:24.0726 3320 msahci - ok
14:48:24.0882 3320 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:48:24.0898 3320 msdsm - ok
14:48:25.0085 3320 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:48:25.0163 3320 Msfs - ok
14:48:25.0381 3320 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:48:25.0412 3320 msisadrv - ok
14:48:25.0568 3320 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:48:25.0631 3320 MSKSSRV - ok
14:48:25.0849 3320 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:48:25.0912 3320 MSPCLOCK - ok
14:48:26.0161 3320 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:48:26.0239 3320 MSPQM - ok
14:48:26.0504 3320 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:48:26.0536 3320 MsRPC - ok
14:48:26.0707 3320 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:48:26.0723 3320 mssmbios - ok
14:48:26.0957 3320 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:48:27.0019 3320 MSTEE - ok
14:48:27.0160 3320 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
14:48:27.0206 3320 MTsensor - ok
14:48:27.0253 3320 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:48:27.0284 3320 Mup - ok
14:48:27.0456 3320 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:48:27.0487 3320 NativeWifiP - ok
14:48:27.0830 3320 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:48:27.0908 3320 NDIS - ok
14:48:28.0142 3320 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:48:28.0205 3320 NdisTapi - ok
14:48:28.0408 3320 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:48:28.0470 3320 Ndisuio - ok
14:48:28.0704 3320 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:48:28.0751 3320 NdisWan - ok
14:48:28.0876 3320 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:48:28.0938 3320 NDProxy - ok
14:48:29.0078 3320 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:48:29.0156 3320 NetBIOS - ok
14:48:29.0219 3320 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:48:29.0281 3320 netbt - ok
14:48:29.0515 3320 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:48:29.0546 3320 nfrd960 - ok
14:48:29.0734 3320 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:48:29.0796 3320 Npfs - ok
14:48:29.0921 3320 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:48:30.0014 3320 nsiproxy - ok
14:48:30.0467 3320 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:48:30.0654 3320 Ntfs - ok
14:48:30.0888 3320 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:48:31.0013 3320 ntrigdigi - ok
14:48:31.0372 3320 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:48:31.0450 3320 Null - ok
14:48:31.0668 3320 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:48:31.0684 3320 nvraid - ok
14:48:31.0777 3320 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:48:31.0793 3320 nvstor - ok
14:48:31.0886 3320 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:48:31.0918 3320 nv_agp - ok
14:48:32.0089 3320 NwlnkFlt - ok
14:48:32.0120 3320 NwlnkFwd - ok
14:48:32.0245 3320 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:48:32.0370 3320 ohci1394 - ok
14:48:32.0698 3320 PAC207 (9482616a0f87384c5afb5f34a317bf6c) C:\Windows\system32\DRIVERS\PFC027.SYS
14:48:32.0900 3320 PAC207 - ok
14:48:33.0088 3320 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:48:33.0212 3320 Parport - ok
14:48:33.0431 3320 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:48:33.0462 3320 partmgr - ok
14:48:33.0805 3320 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:48:33.0930 3320 Parvdm - ok
14:48:34.0164 3320 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:48:34.0195 3320 pci - ok
14:48:34.0460 3320 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
14:48:34.0492 3320 pciide - ok
14:48:34.0648 3320 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
14:48:34.0679 3320 pcmcia - ok
14:48:35.0100 3320 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:48:35.0303 3320 PEAUTH - ok
14:48:35.0630 3320 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:48:35.0708 3320 PptpMiniport - ok
14:48:35.0896 3320 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:48:36.0036 3320 Processor - ok
14:48:36.0270 3320 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:48:36.0348 3320 PSched - ok
14:48:36.0644 3320 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:48:36.0722 3320 ql2300 - ok
14:48:36.0878 3320 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:48:36.0894 3320 ql40xx - ok
14:48:36.0956 3320 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:48:37.0003 3320 QWAVEdrv - ok
14:48:37.0144 3320 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:48:37.0222 3320 RasAcd - ok
14:48:37.0424 3320 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:48:37.0502 3320 Rasl2tp - ok
14:48:37.0752 3320 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:48:37.0814 3320 RasPppoe - ok
14:48:38.0048 3320 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:48:38.0126 3320 RasSstp - ok
14:48:38.0423 3320 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:48:38.0501 3320 rdbss - ok
14:48:38.0672 3320 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:48:38.0750 3320 RDPCDD - ok
14:48:38.0922 3320 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:48:39.0031 3320 rdpdr - ok
14:48:39.0218 3320 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:48:39.0328 3320 RDPENCDD - ok
14:48:39.0562 3320 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:48:39.0624 3320 RDPWD - ok
14:48:39.0842 3320 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
14:48:39.0889 3320 rimmptsk - ok
14:48:40.0014 3320 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
14:48:40.0061 3320 rimsptsk - ok
14:48:40.0201 3320 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
14:48:40.0232 3320 rismxdp - ok
14:48:40.0310 3320 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:48:40.0388 3320 rspndr - ok
14:48:40.0560 3320 RTL8023xp (5c5612756b380bcedbf566a780ff9afe) C:\Windows\system32\DRIVERS\Rtnicxp.sys
14:48:40.0622 3320 RTL8023xp - ok
14:48:40.0825 3320 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:48:40.0856 3320 sbp2port - ok
14:48:41.0184 3320 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
14:48:41.0246 3320 sdbus - ok
14:48:41.0418 3320 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:48:41.0558 3320 secdrv - ok
14:48:42.0011 3320 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:48:42.0151 3320 Serenum - ok
14:48:42.0338 3320 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:48:42.0463 3320 Serial - ok
14:48:42.0697 3320 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:48:42.0760 3320 sermouse - ok
14:48:42.0978 3320 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:48:43.0103 3320 sffdisk - ok
14:48:43.0337 3320 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:48:43.0462 3320 sffp_mmc - ok
14:48:43.0696 3320 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:48:43.0805 3320 sffp_sd - ok
14:48:43.0976 3320 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:48:44.0117 3320 sfloppy - ok
14:48:44.0288 3320 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:48:44.0320 3320 sisagp - ok
14:48:44.0382 3320 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:48:44.0413 3320 SiSRaid2 - ok
14:48:44.0460 3320 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:48:44.0476 3320 SiSRaid4 - ok
14:48:44.0554 3320 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:48:44.0600 3320 Smb - ok
14:48:45.0084 3320 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:48:45.0100 3320 spldr - ok
14:48:45.0880 3320 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:48:45.0942 3320 srv - ok
14:48:46.0441 3320 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:48:46.0519 3320 srv2 - ok
14:48:47.0081 3320 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:48:47.0143 3320 srvnet - ok
14:48:47.0330 3320 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
14:48:47.0393 3320 StillCam - ok
14:48:47.0783 3320 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:48:47.0798 3320 swenum - ok
14:48:48.0360 3320 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:48:48.0376 3320 Symc8xx - ok
14:48:48.0859 3320 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:48:48.0875 3320 Sym_hi - ok
14:48:49.0405 3320 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:48:49.0421 3320 Sym_u3 - ok
14:48:49.0686 3320 SynTP (baa29028e7db52837198465c5c53a2f0) C:\Windows\system32\DRIVERS\SynTP.sys
14:48:49.0717 3320 SynTP - ok
14:48:50.0560 3320 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:48:50.0684 3320 Tcpip - ok
14:48:51.0761 3320 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:48:51.0886 3320 Tcpip6 - ok
14:48:52.0151 3320 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:48:52.0198 3320 tcpipreg - ok
14:48:52.0322 3320 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
14:48:52.0369 3320 tdcmdpst - ok
14:48:52.0447 3320 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:48:52.0525 3320 TDPIPE - ok
14:48:52.0837 3320 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:48:52.0915 3320 TDTCP - ok
14:48:53.0586 3320 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:48:53.0664 3320 tdx - ok
14:48:53.0992 3320 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:48:54.0023 3320 TermDD - ok
14:48:54.0444 3320 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
14:48:54.0475 3320 tos_sps32 - ok
14:48:54.0803 3320 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:48:54.0881 3320 tssecsrv - ok
14:48:55.0052 3320 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:48:55.0084 3320 tunmp - ok
14:48:55.0130 3320 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:48:55.0193 3320 tunnel - ok
14:48:56.0004 3320 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:48:56.0020 3320 uagp35 - ok
14:48:56.0332 3320 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:48:56.0410 3320 udfs - ok
14:48:56.0924 3320 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:48:56.0956 3320 uliagpkx - ok
14:48:57.0361 3320 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:48:57.0392 3320 uliahci - ok
14:48:57.0673 3320 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:48:57.0689 3320 UlSata - ok
14:48:58.0016 3320 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:48:58.0048 3320 ulsata2 - ok
14:48:58.0750 3320 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:48:58.0812 3320 umbus - ok
14:48:59.0249 3320 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
14:48:59.0296 3320 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
14:48:59.0296 3320 USBAAPL - detected UnsignedFile.Multi.Generic (1)
14:48:59.0639 3320 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
14:48:59.0748 3320 usbccgp - ok
14:49:00.0700 3320 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:49:00.0871 3320 usbcir - ok
14:49:01.0168 3320 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:49:01.0292 3320 usbehci - ok
14:49:01.0792 3320 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:49:01.0870 3320 usbhub - ok
14:49:02.0260 3320 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:49:02.0416 3320 usbohci - ok
14:49:02.0743 3320 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:49:02.0821 3320 usbprint - ok
14:49:03.0742 3320 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:49:03.0820 3320 USBSTOR - ok
14:49:04.0100 3320 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:49:04.0163 3320 usbuhci - ok
14:49:04.0756 3320 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:49:04.0880 3320 vga - ok
14:49:06.0019 3320 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:49:06.0082 3320 VgaSave - ok
14:49:06.0378 3320 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:49:06.0394 3320 viaagp - ok
14:49:06.0550 3320 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:49:06.0674 3320 ViaC7 - ok
14:49:07.0064 3320 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
14:49:07.0080 3320 viaide - ok
14:49:07.0595 3320 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:49:07.0610 3320 volmgr - ok
14:49:08.0016 3320 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:49:08.0063 3320 volmgrx - ok
14:49:08.0437 3320 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:49:08.0468 3320 volsnap - ok
14:49:09.0186 3320 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:49:09.0217 3320 vsmraid - ok
14:49:10.0028 3320 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:49:10.0184 3320 WacomPen - ok
14:49:10.0933 3320 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:49:10.0996 3320 Wanarp - ok
14:49:11.0027 3320 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:49:11.0074 3320 Wanarpv6 - ok
14:49:11.0760 3320 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:49:11.0776 3320 Wd - ok
14:49:12.0322 3320 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:49:12.0415 3320 Wdf01000 - ok
14:49:13.0180 3320 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:49:13.0289 3320 WmiAcpi - ok
14:49:13.0601 3320 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:49:13.0679 3320 WpdUsb - ok
14:49:13.0913 3320 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:49:13.0991 3320 ws2ifsl - ok
14:49:14.0303 3320 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:49:14.0350 3320 WSDPrintDevice - ok
14:49:14.0537 3320 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:49:14.0615 3320 WUDFRd - ok
14:49:14.0708 3320 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:49:15.0161 3320 \Device\Harddisk0\DR0 - ok
14:49:15.0208 3320 Boot (0x1200) (9f66481563f3e13e18297b6867a6de48) \Device\Harddisk0\DR0\Partition0
14:49:15.0208 3320 \Device\Harddisk0\DR0\Partition0 - ok
14:49:15.0254 3320 Boot (0x1200) (ed80cb87387bc837c59b31d2db9654d6) \Device\Harddisk0\DR0\Partition1
14:49:15.0254 3320 \Device\Harddisk0\DR0\Partition1 - ok
14:49:15.0254 3320 ============================================================
14:49:15.0254 3320 Scan finished
14:49:15.0254 3320 ============================================================
14:49:15.0270 3604 Detected object count: 1
14:49:15.0270 3604 Actual detected object count: 1
14:51:05.0156 3604 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
14:51:05.0156 3604 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
28.02.2012, 16:14
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
28.02.2012, 16:53
| #4 |
| | Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung ComboFix ist durch, hier der log: Combofix Logfile: Code:
ATTFilter ComboFix 12-02-27.02 - Freddy 28.02.2012 16:25:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.1173 [GMT 1:00]
ausgeführt von:: c:\users\Freddy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379}
c:\users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379}\chrome.manifest
c:\users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379}\chrome\content\_cfg.js
c:\users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379}\chrome\content\overlay.xul
c:\users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379}\install.rdf
c:\users\Freddy\AppData\Roaming\Adobe\plugs
c:\users\Freddy\AppData\Roaming\Adobe\shed
c:\users\Freddy\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Freddy\Favorites\mxfilerelatedcache.mxc2
c:\users\Freddy\ia_remove.sh0688.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-28 bis 2012-02-28 ))))))))))))))))))))))))))))))
.
.
2012-02-28 15:40 . 2012-02-28 15:41 -------- d-----w- c:\users\Freddy\AppData\Local\temp
2012-02-28 15:40 . 2012-02-28 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-27 22:55 . 2012-02-27 22:55 -------- d-----w- C:\_OTL
2012-02-26 17:58 . 2012-02-26 17:58 -------- d-----w- c:\program files\ESET
2012-02-15 10:39 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 10:39 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 10:39 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 00:12 . 2011-05-17 19:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-10 14:24 . 2009-03-28 01:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 09:09 . 2011-10-10 01:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-18 12:13 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-18 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Freddy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Freddy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Freddy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-03-30 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-22 894248]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-10-31 273528]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-18 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 38302606
*Deregistered* - 38302606
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-12 11:04]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-12 11:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Felder ausfüllen - file://c:\program files\DHL\DHL Bestellhelfer\fillFormContext.html
IE: Felder merken - file://c:\program files\DHL\DHL Bestellhelfer\assignContext.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file:///C:/Program%20Files/ProENGINEER%20Student%20Edition/i486_nt/obj/pvx_install.exe
FF - ProfilePath - c:\users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B91da1831-09e6-4d29-ac32-ad727a183e48%7D&mid=8bb2b9192f3047d69a413f2f749b8d4a-0cc5edd1b954af0b4f8681772ca507c2c2d2e203&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-05%2012%3A14%3A05&sap=ku&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-28 16:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-02-28 16:46:17
ComboFix-quarantined-files.txt 2012-02-28 15:46
.
Vor Suchlauf: 8.400.859.136 Bytes frei
Nach Suchlauf: 8.217.374.720 Bytes frei
.
- - End Of File - - F48FF893FE988ED4647E47766519A6AB
|
|
28.02.2012, 20:46
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.02.2012, 09:46
| #6 |
| | Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung Hi! Hier sind die logs von GMER und OSAM. Beim Scan mit aswMBR.exe wurde der Bildschirm plötzlich schwarz und es ging nichts mehr, war komplett abgestürzt glaube ich. Habe ich da was falsch gemacht? Sollte ich bei dem Scan auch die Maus nicht bewegen? Wenn du weißt, woran das liegen könnte wäre es super, wenn du mir nochmal bescheid sagen könntest. Sonst versuch ich das später einfach nochmal. GMER-log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-29 08:14:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL03
Running: cektkvxj.exe; Driver: C:\Users\Freddy\AppData\Local\Temp\kwtdipow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAA5137A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAA513848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAA5138E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAA513980]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 3F1 826F4B74 4 Bytes [A0, 37, 51, AA]
.text ntkrnlpa.exe!KeSetEvent + 621 826F4DA4 8 Bytes [48, 38, 51, AA, E4, 38, 51, ...] {DEC EAX; CMP [ECX-0x56], DL; IN AL, 0x38; PUSH ECX; STOSB }
.text ntkrnlpa.exe!KeSetEvent + 681 826F4E04 4 Bytes [80, 39, 51, AA] {CMP BYTE [ECX], 0x51; STOSB }
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8894C000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88995000, 0x510, 0x40000040]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1268] kernel32.dll!SetUnhandledExceptionFilter 7631A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
OSAM-log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 09:16:34 on 29.02.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe "BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "hpsctrlc.cpl" - "Hewlett-Packard" - C:\Windows\system32\hpsctrlc.cpl "TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys "AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgrkx86.sys "AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgldx86.sys "AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgmfx86.sys "AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgtdix.sys "AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys "AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSEH.Sys "AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys "AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSShim.Sys "catchme" (catchme) - ? - C:\Users\Freddy\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {B658800C-F66E-4EF3-AB85-6C0C227862A9} "ViProtocolOLE Class" - ? - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgpp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? - (File not found | COM-object registry key not found) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgse.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx / https://juniper.net/dana-cached/sc/JuniperSetupClient.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab {1ED48504-8834-11D5-AC75-0008C73FD642} "{1ED48504-8834-11D5-AC75-0008C73FD642}" - ? - (File not found | COM-object registry key not found) / file:///C:/Program%20Files/ProENGINEER%20Student%20Edition/i486_nt/obj/pvx_install.exe {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "AVG Security Toolbar" - ? - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgssie.dll {95B7759C-8C7F-4BF1-B163-73684A933233} "AVG Security Toolbar" - ? - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {ac38bd53-2101-4ec8-a4d7-d1e58c690e71} "{ac38bd53-2101-4ec8-a4d7-d1e58c690e71}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgtray.exe "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "NDSTray.exe" - ? - NDSTray.exe (File not found) "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "ROC_roc_dec12" - ? - "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 "TkBellExe" - "RealNetworks, Inc." - "c:\program files\real\realplayer\Update\realsched.exe" -osboot "topi" - "TOSHIBA" - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup "Toshiba Registration" - "Toshiba" - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe "vProt" - ? - "C:\Program Files\AVG Secure Search\vprot.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe "AVG Security Toolbar Service" (AVG Security Toolbar Service) - ? - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe "AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgwdsvc.exe "AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe "ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Juniper Network Connect Service" (dsNcService) - "Juniper Networks" - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe "vToolbarUpdater" (vToolbarUpdater) - ? - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Viele Grüße! |
|
29.02.2012, 14:45
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung Starte aswMBR neu, stell unten links auf (none) und klick dann nochmal auf Scan
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.03.2012, 14:20
| #8 |
| | Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung Das hat geklappt Das Log: Code:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-01 13:43:12
-----------------------------
13:43:12.272 OS Version: Windows 6.0.6002 Service Pack 2
13:43:12.273 Number of processors: 2 586 0xF0D
13:43:12.275 ComputerName: HOME-PC UserName: Freddy
13:43:12.891 Initialize success
13:43:22.901 AVAST engine defs: 12030100
13:43:27.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:43:27.674 Disk 0 Vendor: TOSHIBA_ DL03 Size: 152627MB BusType: 3
13:43:27.705 Disk 0 MBR read successfully
13:43:27.713 Disk 0 MBR scan
13:43:27.780 Disk 0 Windows VISTA default MBR code
13:43:27.804 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:43:27.825 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76313 MB offset 3074048
13:43:27.874 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 74812 MB offset 159363072
13:43:27.907 Disk 0 scanning sectors +312578048
13:43:28.018 Disk 0 scanning C:\Windows\system32\drivers
13:43:47.416 Service scanning
13:44:30.362 Modules scanning
13:44:40.376 Disk 0 trace - called modules:
13:44:40.414 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
13:44:40.430 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f7dac8]
13:44:40.447 3 CLASSPNP.SYS[887178b3] -> nt!IofCallDriver -> [0x85409020]
13:44:40.464 5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8541a030]
13:44:40.482 Scan finished successfully
14:18:15.866 Disk 0 MBR has been saved successfully to "C:\Users\Freddy\Desktop\MBR.dat"
14:18:15.883 The log file has been saved successfully to "C:\Users\Freddy\Desktop\aswMBR.txt"
|
|
01.03.2012, 18:13
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.03.2012, 13:35
| #10 |
| | Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung Hallo! Jetzt ist beides durchgelaufen: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.01.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Freddy :: HOME-PC [Administrator] 01.03.2012 20:04:11 mbam-log-2012-03-01 (20-04-11).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 346526 Laufzeit: 2 Stunde(n), 28 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/02/2012 at 01:27 PM
Application Version : 5.0.1144
Core Rules Database Version : 8297
Trace Rules Database Version: 6109
Scan type : Complete Scan
Total Scan Time : 02:50:17
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator
Memory items scanned : 710
Memory threats detected : 0
Registry items scanned : 33975
Registry threats detected : 0
File items scanned : 166081
File threats detected : 258
Rogue.Internet Antivirus
C:\Program Files\IA
Adware.Tracking Cookie
C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Cookies\5FNQM5R0.txt [ /atdmt.com ]
C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Cookies\BWYW05P9.txt [ /c.atdmt.com ]
C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Cookies\S4FE7PIH.txt [ /doubleclick.net ]
C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FWP8BSWK.txt [ Cookie:freddy@invitemedia.com/ ]
C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\PII5NN6J.txt [ Cookie:freddy@ad.yieldmanager.com/ ]
C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPLK4YWB.txt [ Cookie:freddy@atdmt.com/ ]
C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\83481DFI.txt [ Cookie:freddy@smartadserver.com/ ]
C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\1RH4Y1IC.txt [ Cookie:freddy@bs.serving-sys.com/ ]
C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\SWG6MNUY.txt [ Cookie:freddy@imrworldwide.com/cgi-bin ]
C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FEXD5N84.txt [ Cookie:freddy@avgtechnologies.112.2o7.net/ ]
C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJEXEGND.txt [ Cookie:freddy@c.atdmt.com/ ]
C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GZY69WRD.txt [ Cookie:freddy@adx.chip.de/ ]
C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GYF9T7ER.txt [ Cookie:freddy@revsci.net/ ]
C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\F01WM49N.txt [ Cookie:freddy@adfarm1.adition.com/ ]
C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\VPMI9Q59.txt [ Cookie:freddy@doubleclick.net/ ]
C:\USERS\FREDDY\Cookies\5FNQM5R0.txt [ Cookie:freddy@atdmt.com/ ]
C:\USERS\FREDDY\Cookies\BWYW05P9.txt [ Cookie:freddy@c.atdmt.com/ ]
C:\USERS\FREDDY\Cookies\S4FE7PIH.txt [ Cookie:freddy@doubleclick.net/ ]
delivery.ibanner.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KBG75CTX ]
secure-uk.imrworldwide.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KBG75CTX ]
.adtech.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
livestat.derstandard.at [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
www.elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
www.elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
www.elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
zbox.zanox.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
tracking.klicktel.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
tracking.klicktel.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
adserver.yopi.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.dyntracker.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
www.multimediaxis.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
www.multimediaxis.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.multimediaxis.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.multimediaxis.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.multimediaxis.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Malintent
C:\PROGRAM FILES\WINRAR\DEFAULT.SFX
|
|
02.03.2012, 14:06
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.03.2012, 16:30
| #12 |
| | Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung Der Code:
ATTFilter Rogue.Internet Antivirus
C:\Program Files\IA
Code:
ATTFilter Trojan.Agent/Gen-Malintent
C:\PROGRAM FILES\WINRAR\DEFAULT.SFX
Soweit ich das überblicken kann läuft alles wieder normal, AVG ist jetzt auch nochmal ohne Fund durchgelaufen. Vielen vielen Dank für die geduldige Beratung und deine ganze Mühe! Euer Forum ist wirklich eine große Hilfe!  |
|
02.03.2012, 17:55
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung Das 1. war nur ein Überrest das 2. ist von WinRAR und somit ein Fehalarm
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung |
| acrobat update, adobe, avg, avg secure search, avg security toolbar, beseitigung, bildschirm, blockiert, bonjour, cid, defender, euro, explorer, fehlermeldung, firefox, fontcache, google, google earth, home, mozilla, picasa, plug-in, problem, roc_roc_dec12, rundll, scan, schwarzer bildschirm, secure search, security, svchost.exe, system, usb, vista, vtoolbarupdater, windows |
Hybrid-Darstellung
