| |
| |||||||
Log-Analyse und Auswertung: weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR]Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
06.04.2012, 16:09
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ![weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] - Standard](images/icons/icon1.gif){kind=icon} weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-3247758644-606999269-3021145746-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3247758644-606999269-3021145746-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-3247758644-606999269-3021145746-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3247758644-606999269-3021145746-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3247758644-606999269-3021145746-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3247758644-606999269-3021145746-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O20 - HKU\S-1-5-21-3247758644-606999269-3021145746-1001 Winlogon: UserInit - (C:\Users\***\AppData\Roaming\flint4ytw.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{84af8862-b2af-11e0-9559-806e6f6e6963}\Shell - "" = AutoRun
[2012.03.08 19:20:22 | 000,000,000 | ---D | M] -- C:\Users\Lena.***-PC\AppData\Roaming\Upvy
[2011.12.18 21:18:58 | 000,000,000 | ---D | M] -- C:\Users\Lena.***-PC\AppData\Roaming\Yttuyq
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.04.2012, 21:11
| #17 |
 | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] habe deinen Rat befolgt, hier nun das log
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3247758644-606999269-3021145746-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3247758644-606999269-3021145746-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3247758644-606999269-3021145746-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3247758644-606999269-3021145746-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3247758644-606999269-3021145746-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3247758644-606999269-3021145746-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3247758644-606999269-3021145746-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\***\AppData\Roaming\flint4ytw.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84af8862-b2af-11e0-9559-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84af8862-b2af-11e0-9559-806e6f6e6963}\ not found.
C:\Users\Lena.***-PC\AppData\Roaming\Upvy folder moved successfully.
C:\Users\Lena.***-PC\AppData\Roaming\Yttuyq folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: ***
->Temp folder emptied: 117344486 bytes
->Temporary Internet Files folder emptied: 68254341 bytes
->Java cache emptied: 209784 bytes
->Flash cache emptied: 56958 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Kolja.***-PC
->Temp folder emptied: 12231357 bytes
->Temporary Internet Files folder emptied: 184638333 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 135732701 bytes
->Opera cache emptied: 4402566 bytes
->Flash cache emptied: 66825 bytes
User: Lena.***-PC
->Temp folder emptied: 20888304 bytes
->Temporary Internet Files folder emptied: 479309363 bytes
->Java cache emptied: 17681 bytes
->FireFox cache emptied: 1090911643 bytes
->Flash cache emptied: 163572 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1235101 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 2253703291 bytes
Total Files Cleaned = 4.167,00 mb
[EMPTYFLASH]
User: Administrator
User: ***
->Flash cache emptied: 0 bytes
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Kolja.***-PC
->Flash cache emptied: 0 bytes
User: Lena.***-PC
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04062012_202651
Files\Folders moved on Reboot...
File\Folder C:\Users\Lena.***-PC\AppData\Local\Temp\OICE_B1E72905-0331-4E45-A7E4-BEFD1318BAC1.0\80F50AA1. not found!
File\Folder C:\Users\Lena.***-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\N0QLA5ZD\=75;fc2wx=2;fc2hi=100;fc2lo=80;fc3wx=3;fc3hi=100;fc3lo=75;ixpollen=1;vabeachtemp=80;vabeachwx=6;ixc=10101;pos=bottom;sz=728x90,728x91;tile=4;ord=486266371416082600[1].js not found!
File\Folder C:\Users\Lena.***-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\N0QLA5ZD\wx=2;fc2hi=100;fc2lo=80;fc3wx=3;fc3hi=100;fc3lo=75;ixpollen=1;vabeachtemp=80;vabeachwx=6;ixc=10101;pos=top;sz=300x250,300x600,336x280;tile=2;ord=486266371416082600[1].js not found!
File\Folder C:\Users\Lena.***-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\HB0WLCPM\5;fc2wx=2;fc2hi=100;fc2lo=80;fc3wx=3;fc3hi=100;fc3lo=75;ixpollen=1;vabeachtemp=80;vabeachwx=6;ixc=10101;pos=bottom;sz=300x250,300x251;tile=3;ord=486266371416082600[1].js not found!
File\Folder C:\Users\Lena.***-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\80NLTWSF\1lo=75;fc2wx=2;fc2hi=100;fc2lo=80;fc3wx=3;fc3hi=100;fc3lo=75;ixpollen=1;vabeachtemp=80;vabeachwx=6;ixc=10101;pos=top;sz=980x30,728x90;tile=1;ord=486266371416082600[1].js not found!
File move failed. C:\Users\Lena.***-PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Alex |
|
06.04.2012, 21:22
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
06.04.2012, 22:05
| #19 |
| | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] habe TDSS ausgeführt hier der report Code:
ATTFilter 22:58:14.0117 5196 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
22:58:15.0755 5196 ============================================================
22:58:15.0755 5196 Current date / time: 2012/04/06 22:58:15.0755
22:58:15.0755 5196 SystemInfo:
22:58:15.0755 5196
22:58:15.0755 5196 OS Version: 6.1.7601 ServicePack: 1.0
22:58:15.0755 5196 Product type: Workstation
22:58:15.0755 5196 ComputerName: ***-PC
22:58:15.0755 5196 UserName: ***
22:58:15.0755 5196 Windows directory: C:\windows
22:58:15.0755 5196 System windows directory: C:\windows
22:58:15.0755 5196 Running under WOW64
22:58:15.0755 5196 Processor architecture: Intel x64
22:58:15.0755 5196 Number of processors: 4
22:58:15.0755 5196 Page size: 0x1000
22:58:15.0755 5196 Boot type: Normal boot
22:58:15.0755 5196 ============================================================
22:58:16.0488 5196 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:58:16.0488 5196 \Device\Harddisk0\DR0:
22:58:16.0488 5196 MBR used
22:58:16.0488 5196 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
22:58:16.0488 5196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
22:58:16.0503 5196 Initialize success
22:58:16.0503 5196 ============================================================
22:58:40.0231 3624 ============================================================
22:58:40.0231 3624 Scan started
22:58:40.0231 3624 Mode: Manual; SigCheck; TDLFS;
22:58:40.0231 3624 ============================================================
22:58:40.0668 3624 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
22:58:40.0808 3624 1394ohci - ok
22:58:40.0886 3624 acedrv09 (d8ca98e813d08e267e7e140bd22e073e) C:\windows\system32\drivers\acedrv09.sys
22:58:41.0136 3624 acedrv09 - ok
22:58:41.0198 3624 acehlp09 (f535d9cf9ab68df08d92aeb6d697ebdb) C:\windows\system32\drivers\acehlp09.sys
22:58:41.0276 3624 acehlp09 - ok
22:58:41.0339 3624 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
22:58:41.0354 3624 ACPI - ok
22:58:41.0385 3624 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
22:58:41.0541 3624 AcpiPmi - ok
22:58:41.0557 3624 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
22:58:41.0588 3624 adp94xx - ok
22:58:41.0604 3624 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
22:58:41.0635 3624 adpahci - ok
22:58:41.0635 3624 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
22:58:41.0666 3624 adpu320 - ok
22:58:41.0682 3624 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
22:58:41.0791 3624 AeLookupSvc - ok
22:58:41.0869 3624 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
22:58:42.0025 3624 AESTFilters - ok
22:58:42.0087 3624 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
22:58:42.0212 3624 AFD - ok
22:58:42.0243 3624 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
22:58:42.0275 3624 agp440 - ok
22:58:42.0290 3624 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
22:58:42.0353 3624 ALG - ok
22:58:42.0368 3624 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
22:58:42.0384 3624 aliide - ok
22:58:42.0384 3624 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
22:58:42.0399 3624 amdide - ok
22:58:42.0415 3624 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
22:58:42.0446 3624 AmdK8 - ok
22:58:42.0446 3624 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
22:58:42.0509 3624 AmdPPM - ok
22:58:42.0524 3624 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
22:58:42.0602 3624 amdsata - ok
22:58:42.0618 3624 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
22:58:42.0633 3624 amdsbs - ok
22:58:42.0649 3624 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
22:58:42.0711 3624 amdxata - ok
22:58:42.0774 3624 AnyDVD (2c4a05fcef72ef614dcd11d0872498c9) C:\windows\system32\Drivers\AnyDVD.sys
22:58:42.0867 3624 AnyDVD - ok
22:58:42.0914 3624 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
22:58:43.0008 3624 ApfiltrService - ok
22:58:43.0023 3624 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
22:58:43.0211 3624 AppID - ok
22:58:43.0242 3624 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
22:58:43.0304 3624 AppIDSvc - ok
22:58:43.0320 3624 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
22:58:43.0429 3624 Appinfo - ok
22:58:43.0445 3624 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
22:58:43.0460 3624 arc - ok
22:58:43.0476 3624 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
22:58:43.0491 3624 arcsas - ok
22:58:43.0554 3624 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:58:43.0647 3624 aspnet_state - ok
22:58:43.0679 3624 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:58:43.0741 3624 AsyncMac - ok
22:58:43.0772 3624 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
22:58:43.0788 3624 atapi - ok
22:58:43.0819 3624 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:58:43.0928 3624 AudioEndpointBuilder - ok
22:58:43.0959 3624 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:58:44.0006 3624 AudioSrv - ok
22:58:44.0022 3624 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
22:58:44.0131 3624 AxInstSV - ok
22:58:44.0162 3624 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
22:58:44.0240 3624 b06bdrv - ok
22:58:44.0256 3624 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:58:44.0287 3624 b57nd60a - ok
22:58:44.0318 3624 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
22:58:44.0365 3624 BDESVC - ok
22:58:44.0396 3624 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:58:44.0474 3624 Beep - ok
22:58:44.0505 3624 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
22:58:44.0615 3624 BFE - ok
22:58:44.0661 3624 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
22:58:44.0849 3624 BITS - ok
22:58:44.0864 3624 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
22:58:44.0895 3624 blbdrive - ok
22:58:45.0005 3624 Bluetooth Device Monitor (093b1b419ef25b15d3a1ca6953f41afb) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
22:58:46.0377 3624 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
22:58:46.0377 3624 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
22:58:46.0409 3624 Bluetooth Media Service (03a7341e94acd92e0831336d4f3ace92) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
22:58:47.0859 3624 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
22:58:47.0859 3624 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
22:58:47.0891 3624 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
22:58:48.0000 3624 bowser - ok
22:58:48.0031 3624 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
22:58:48.0062 3624 BrFiltLo - ok
22:58:48.0078 3624 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
22:58:48.0093 3624 BrFiltUp - ok
22:58:48.0125 3624 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
22:58:48.0234 3624 Browser - ok
22:58:48.0234 3624 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:58:48.0312 3624 Brserid - ok
22:58:48.0312 3624 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:58:48.0343 3624 BrSerWdm - ok
22:58:48.0343 3624 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:58:48.0374 3624 BrUsbMdm - ok
22:58:48.0374 3624 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:58:48.0405 3624 BrUsbSer - ok
22:58:48.0437 3624 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
22:58:48.0483 3624 BthEnum - ok
22:58:48.0499 3624 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
22:58:48.0546 3624 BTHMODEM - ok
22:58:48.0561 3624 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
22:58:48.0608 3624 BthPan - ok
22:58:48.0639 3624 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
22:58:48.0702 3624 BTHPORT - ok
22:58:48.0749 3624 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:58:48.0795 3624 bthserv - ok
22:58:48.0827 3624 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
22:58:48.0905 3624 BTHUSB - ok
22:58:48.0920 3624 btmaux (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\windows\system32\DRIVERS\btmaux.sys
22:58:48.0967 3624 btmaux - ok
22:58:48.0998 3624 btmhsf (0c468d8da95be16bfdd380bb9de88259) C:\windows\system32\DRIVERS\btmhsf.sys
22:58:49.0092 3624 btmhsf - ok
22:58:49.0107 3624 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:58:49.0154 3624 cdfs - ok
22:58:49.0170 3624 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
22:58:49.0232 3624 cdrom - ok
22:58:49.0310 3624 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:58:49.0419 3624 CertPropSvc - ok
22:58:49.0435 3624 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\windows\system32\drivers\cfwids.sys
22:58:49.0497 3624 cfwids - ok
22:58:49.0513 3624 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
22:58:49.0544 3624 circlass - ok
22:58:49.0560 3624 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:58:49.0591 3624 CLFS - ok
22:58:49.0638 3624 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:58:49.0669 3624 clr_optimization_v2.0.50727_32 - ok
22:58:49.0700 3624 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:58:49.0716 3624 clr_optimization_v2.0.50727_64 - ok
22:58:49.0763 3624 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:58:49.0903 3624 clr_optimization_v4.0.30319_32 - ok
22:58:49.0950 3624 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:58:50.0028 3624 clr_optimization_v4.0.30319_64 - ok
22:58:50.0043 3624 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:58:50.0075 3624 CmBatt - ok
22:58:50.0090 3624 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
22:58:50.0106 3624 cmdide - ok
22:58:50.0137 3624 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
22:58:50.0231 3624 CNG - ok
22:58:50.0262 3624 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
22:58:50.0293 3624 Compbatt - ok
22:58:50.0324 3624 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
22:58:50.0418 3624 CompositeBus - ok
22:58:50.0418 3624 COMSysApp - ok
22:58:50.0434 3624 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
22:58:50.0449 3624 crcdisk - ok
22:58:50.0480 3624 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
22:58:50.0558 3624 CryptSvc - ok
22:58:50.0605 3624 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
22:58:50.0714 3624 CtClsFlt - ok
22:58:50.0746 3624 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:58:50.0824 3624 DcomLaunch - ok
22:58:50.0839 3624 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:58:50.0917 3624 defragsvc - ok
22:58:50.0933 3624 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
22:58:51.0042 3624 DfsC - ok
22:58:51.0073 3624 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
22:58:51.0151 3624 Dhcp - ok
22:58:51.0182 3624 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:58:51.0260 3624 discache - ok
22:58:51.0260 3624 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
22:58:51.0276 3624 Disk - ok
22:58:51.0307 3624 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
22:58:51.0385 3624 Dnscache - ok
22:58:51.0401 3624 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
22:58:51.0479 3624 dot3svc - ok
22:58:51.0494 3624 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
22:58:51.0604 3624 DPS - ok
22:58:51.0619 3624 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:58:51.0650 3624 drmkaud - ok
22:58:51.0682 3624 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
22:58:51.0760 3624 DXGKrnl - ok
22:58:51.0775 3624 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:58:51.0838 3624 EapHost - ok
22:58:51.0900 3624 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
22:58:52.0025 3624 ebdrv - ok
22:58:52.0056 3624 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
22:58:52.0150 3624 EFS - ok
22:58:52.0196 3624 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
22:58:52.0337 3624 ehRecvr - ok
22:58:52.0352 3624 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:58:52.0368 3624 ehSched - ok
22:58:52.0430 3624 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\windows\system32\Drivers\ElbyCDIO.sys
22:58:52.0508 3624 ElbyCDIO - ok
22:58:52.0524 3624 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
22:58:52.0555 3624 elxstor - ok
22:58:52.0571 3624 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
22:58:52.0633 3624 ErrDev - ok
22:58:52.0664 3624 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:58:52.0711 3624 EventSystem - ok
22:58:52.0836 3624 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:58:52.0930 3624 EvtEng - ok
22:58:52.0945 3624 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:58:52.0992 3624 exfat - ok
22:58:53.0023 3624 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:58:53.0070 3624 fastfat - ok
22:58:53.0101 3624 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
22:58:53.0179 3624 Fax - ok
22:58:53.0195 3624 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
22:58:53.0242 3624 fdc - ok
22:58:53.0257 3624 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:58:53.0351 3624 fdPHost - ok
22:58:53.0382 3624 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:58:53.0429 3624 FDResPub - ok
22:58:53.0444 3624 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:58:53.0460 3624 FileInfo - ok
22:58:53.0476 3624 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:58:53.0538 3624 Filetrace - ok
22:58:53.0538 3624 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
22:58:53.0554 3624 flpydisk - ok
22:58:53.0585 3624 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
22:58:53.0632 3624 FltMgr - ok
22:58:53.0694 3624 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
22:58:53.0788 3624 FontCache - ok
22:58:53.0850 3624 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:58:53.0928 3624 FontCache3.0.0.0 - ok
22:58:53.0944 3624 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:58:53.0959 3624 FsDepends - ok
22:58:53.0975 3624 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
22:58:53.0990 3624 Fs_Rec - ok
22:58:54.0022 3624 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
22:58:54.0084 3624 fvevol - ok
22:58:54.0100 3624 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
22:58:54.0131 3624 gagp30kx - ok
22:58:54.0162 3624 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
22:58:54.0271 3624 gpsvc - ok
22:58:54.0380 3624 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:58:54.0474 3624 gupdate - ok
22:58:54.0505 3624 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:58:54.0521 3624 gupdatem - ok
22:58:54.0552 3624 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:58:54.0630 3624 gusvc - ok
22:58:54.0646 3624 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:58:54.0692 3624 hcw85cir - ok
22:58:54.0708 3624 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
22:58:54.0786 3624 HdAudAddService - ok
22:58:54.0802 3624 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
22:58:54.0833 3624 HDAudBus - ok
22:58:54.0833 3624 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
22:58:54.0864 3624 HidBatt - ok
22:58:54.0864 3624 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
22:58:54.0895 3624 HidBth - ok
22:58:54.0911 3624 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
22:58:54.0926 3624 HidIr - ok
22:58:54.0942 3624 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
22:58:55.0004 3624 hidserv - ok
22:58:55.0020 3624 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
22:58:55.0082 3624 HidUsb - ok
22:58:55.0098 3624 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
22:58:55.0176 3624 hkmsvc - ok
22:58:55.0192 3624 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
22:58:55.0254 3624 HomeGroupListener - ok
22:58:55.0285 3624 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
22:58:55.0348 3624 HomeGroupProvider - ok
22:58:55.0363 3624 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
22:58:55.0441 3624 HpSAMD - ok
22:58:55.0472 3624 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
22:58:55.0597 3624 HTTP - ok
22:58:55.0628 3624 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
22:58:55.0675 3624 hwpolicy - ok
22:58:55.0691 3624 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
22:58:55.0706 3624 i8042prt - ok
22:58:55.0738 3624 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
22:58:55.0753 3624 iaStor - ok
22:58:55.0847 3624 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:58:55.0894 3624 IAStorDataMgrSvc - ok
22:58:55.0925 3624 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
22:58:56.0003 3624 iaStorV - ok
22:58:56.0034 3624 iBtFltCoex (fc85972037815fa7b413e790b426acb2) C:\windows\system32\DRIVERS\iBtFltCoex.sys
22:58:56.0112 3624 iBtFltCoex - ok
22:58:56.0174 3624 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:58:56.0268 3624 idsvc - ok
22:58:56.0471 3624 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys
22:58:56.0876 3624 igfx - ok
22:58:56.0908 3624 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
22:58:56.0923 3624 iirsp - ok
22:58:56.0954 3624 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
22:58:57.0064 3624 IKEEXT - ok
22:58:57.0110 3624 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
22:58:57.0157 3624 intaud_WaveExtensible - ok
22:58:57.0204 3624 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
22:58:57.0282 3624 IntcDAud - ok
22:58:57.0282 3624 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
22:58:57.0298 3624 intelide - ok
22:58:57.0329 3624 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:58:57.0360 3624 intelppm - ok
22:58:57.0407 3624 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:58:57.0469 3624 IPBusEnum - ok
22:58:57.0485 3624 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:58:57.0578 3624 IpFilterDriver - ok
22:58:57.0610 3624 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
22:58:57.0703 3624 iphlpsvc - ok
22:58:57.0719 3624 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
22:58:57.0797 3624 IPMIDRV - ok
22:58:57.0812 3624 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:58:57.0859 3624 IPNAT - ok
22:58:57.0890 3624 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:58:57.0937 3624 IRENUM - ok
22:58:57.0937 3624 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
22:58:57.0953 3624 isapnp - ok
22:58:57.0968 3624 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
22:58:58.0031 3624 iScsiPrt - ok
22:58:58.0062 3624 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
22:58:58.0124 3624 iwdbus - ok
22:58:58.0124 3624 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:58:58.0156 3624 kbdclass - ok
22:58:58.0156 3624 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
22:58:58.0234 3624 kbdhid - ok
22:58:58.0265 3624 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:58:58.0280 3624 KeyIso - ok
22:58:58.0296 3624 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
22:58:58.0343 3624 KSecDD - ok
22:58:58.0358 3624 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
22:58:58.0452 3624 KSecPkg - ok
22:58:58.0452 3624 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:58:58.0514 3624 ksthunk - ok
22:58:58.0546 3624 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:58:58.0592 3624 KtmRm - ok
22:58:58.0624 3624 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
22:58:58.0733 3624 LanmanServer - ok
22:58:58.0748 3624 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
22:58:58.0826 3624 LanmanWorkstation - ok
22:58:58.0842 3624 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:58:58.0904 3624 lltdio - ok
22:58:58.0936 3624 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:58:58.0982 3624 lltdsvc - ok
22:58:58.0998 3624 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:58:59.0045 3624 lmhosts - ok
22:58:59.0123 3624 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:58:59.0248 3624 LMS - ok
22:58:59.0279 3624 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
22:58:59.0294 3624 LSI_FC - ok
22:58:59.0310 3624 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
22:58:59.0326 3624 LSI_SAS - ok
22:58:59.0326 3624 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
22:58:59.0341 3624 LSI_SAS2 - ok
22:58:59.0357 3624 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
22:58:59.0372 3624 LSI_SCSI - ok
22:58:59.0404 3624 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:58:59.0450 3624 luafv - ok
22:58:59.0560 3624 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
22:58:59.0622 3624 MBAMProtector - ok
22:58:59.0716 3624 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:58:59.0825 3624 MBAMService - ok
22:58:59.0887 3624 McAWFwk (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
22:58:59.0965 3624 McAWFwk - ok
22:58:59.0996 3624 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:59:00.0059 3624 McMPFSvc - ok
22:59:00.0074 3624 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:59:00.0090 3624 mcmscsvc - ok
22:59:00.0090 3624 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:59:00.0106 3624 McNaiAnn - ok
22:59:00.0121 3624 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:59:00.0137 3624 McNASvc - ok
22:59:00.0168 3624 McODS (c6232488cdbf063ce077fc7f8f8c248c) C:\Program Files\mcafee\VirusScan\mcods.exe
22:59:00.0246 3624 McODS - ok
22:59:00.0262 3624 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:59:00.0277 3624 McOobeSv - ok
22:59:00.0277 3624 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:59:00.0293 3624 McProxy - ok
22:59:00.0308 3624 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:59:00.0402 3624 McShield - ok
22:59:00.0527 3624 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
22:59:00.0589 3624 Mcx2Svc - ok
22:59:00.0620 3624 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
22:59:00.0636 3624 megasas - ok
22:59:00.0652 3624 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
22:59:00.0683 3624 MegaSR - ok
22:59:00.0714 3624 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\windows\system32\DRIVERS\HECIx64.sys
22:59:00.0761 3624 MEIx64 - ok
22:59:00.0808 3624 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\windows\system32\drivers\mfeapfk.sys
22:59:00.0854 3624 mfeapfk - ok
22:59:00.0886 3624 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\windows\system32\drivers\mfeavfk.sys
22:59:00.0948 3624 mfeavfk - ok
22:59:00.0979 3624 mfeavfk01 - ok
22:59:01.0057 3624 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:59:01.0120 3624 mfefire - ok
22:59:01.0151 3624 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\windows\system32\drivers\mfefirek.sys
22:59:01.0213 3624 mfefirek - ok
22:59:01.0244 3624 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\windows\system32\drivers\mfehidk.sys
22:59:01.0322 3624 mfehidk - ok
22:59:01.0338 3624 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\windows\system32\DRIVERS\mfenlfk.sys
22:59:01.0385 3624 mfenlfk - ok
22:59:01.0416 3624 mferkdet (65776bd8029e409935b90de30bf99526) C:\windows\system32\drivers\mferkdet.sys
22:59:01.0463 3624 mferkdet - ok
22:59:01.0494 3624 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Windows\system32\mfevtps.exe
22:59:01.0556 3624 mfevtp - ok
22:59:01.0588 3624 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\windows\system32\drivers\mfewfpk.sys
22:59:01.0634 3624 mfewfpk - ok
22:59:01.0681 3624 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:59:01.0728 3624 MMCSS - ok
22:59:01.0744 3624 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:59:01.0790 3624 Modem - ok
22:59:01.0806 3624 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:59:01.0837 3624 monitor - ok
22:59:01.0868 3624 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:59:01.0884 3624 mouclass - ok
22:59:01.0900 3624 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:59:01.0931 3624 mouhid - ok
22:59:01.0946 3624 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
22:59:02.0009 3624 mountmgr - ok
22:59:02.0024 3624 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
22:59:02.0102 3624 mpio - ok
22:59:02.0118 3624 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:59:02.0180 3624 mpsdrv - ok
22:59:02.0212 3624 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
22:59:02.0321 3624 MpsSvc - ok
22:59:02.0336 3624 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
22:59:02.0414 3624 MRxDAV - ok
22:59:02.0446 3624 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
22:59:02.0508 3624 mrxsmb - ok
22:59:02.0555 3624 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:59:02.0617 3624 mrxsmb10 - ok
22:59:02.0633 3624 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:59:02.0695 3624 mrxsmb20 - ok
22:59:02.0695 3624 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
22:59:02.0758 3624 msahci - ok
22:59:02.0789 3624 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
22:59:02.0867 3624 msdsm - ok
22:59:02.0882 3624 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:59:02.0914 3624 MSDTC - ok
22:59:02.0929 3624 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:59:02.0992 3624 Msfs - ok
22:59:03.0023 3624 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:59:03.0085 3624 mshidkmdf - ok
22:59:03.0101 3624 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
22:59:03.0116 3624 msisadrv - ok
22:59:03.0148 3624 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:59:03.0210 3624 MSiSCSI - ok
22:59:03.0226 3624 msiserver - ok
22:59:03.0272 3624 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:59:03.0288 3624 MSK80Service - ok
22:59:03.0319 3624 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:59:03.0382 3624 MSKSSRV - ok
22:59:03.0397 3624 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:59:03.0444 3624 MSPCLOCK - ok
22:59:03.0460 3624 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:59:03.0522 3624 MSPQM - ok
22:59:03.0538 3624 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
22:59:03.0600 3624 MsRPC - ok
22:59:03.0631 3624 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
22:59:03.0647 3624 mssmbios - ok
22:59:03.0647 3624 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:59:03.0709 3624 MSTEE - ok
22:59:03.0725 3624 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
22:59:03.0740 3624 MTConfig - ok
22:59:03.0756 3624 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:59:03.0772 3624 Mup - ok
22:59:03.0865 3624 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:59:03.0943 3624 MyWiFiDHCPDNS - ok
22:59:03.0974 3624 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
22:59:04.0084 3624 napagent - ok
22:59:04.0099 3624 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:59:04.0146 3624 NativeWifiP - ok
22:59:04.0240 3624 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
22:59:04.0333 3624 NAUpdate - ok
22:59:04.0380 3624 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
22:59:04.0427 3624 NDIS - ok
22:59:04.0442 3624 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:59:04.0474 3624 NdisCap - ok
22:59:04.0505 3624 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:59:04.0552 3624 NdisTapi - ok
22:59:04.0567 3624 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
22:59:04.0661 3624 Ndisuio - ok
22:59:04.0676 3624 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
22:59:04.0770 3624 NdisWan - ok
22:59:04.0801 3624 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
22:59:04.0910 3624 NDProxy - ok
22:59:04.0957 3624 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:59:05.0004 3624 NetBIOS - ok
22:59:05.0035 3624 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
22:59:05.0129 3624 NetBT - ok
22:59:05.0176 3624 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:59:05.0191 3624 Netlogon - ok
22:59:05.0222 3624 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:59:05.0269 3624 Netman - ok
22:59:05.0332 3624 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:05.0394 3624 NetMsmqActivator - ok
22:59:05.0394 3624 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:05.0410 3624 NetPipeActivator - ok
22:59:05.0425 3624 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:59:05.0488 3624 netprofm - ok
22:59:05.0503 3624 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:05.0503 3624 NetTcpActivator - ok
22:59:05.0519 3624 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:05.0519 3624 NetTcpPortSharing - ok
22:59:05.0690 3624 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\windows\system32\DRIVERS\NETwNs64.sys
22:59:06.0018 3624 NETwNs64 - ok
22:59:06.0049 3624 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
22:59:06.0065 3624 nfrd960 - ok
22:59:06.0096 3624 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
22:59:06.0174 3624 NlaSvc - ok
22:59:06.0190 3624 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:59:06.0236 3624 Npfs - ok
22:59:06.0252 3624 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:59:06.0299 3624 nsi - ok
22:59:06.0314 3624 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:59:06.0377 3624 nsiproxy - ok
22:59:06.0424 3624 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
22:59:06.0502 3624 Ntfs - ok
22:59:06.0517 3624 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:59:06.0580 3624 Null - ok
22:59:06.0626 3624 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\DRIVERS\nusb3hub.sys
22:59:06.0689 3624 nusb3hub - ok
22:59:06.0720 3624 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\DRIVERS\nusb3xhc.sys
22:59:06.0814 3624 nusb3xhc - ok
22:59:06.0860 3624 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
22:59:06.0938 3624 nvraid - ok
22:59:06.0954 3624 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
22:59:07.0016 3624 nvstor - ok
22:59:07.0032 3624 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
22:59:07.0048 3624 nv_agp - ok
22:59:07.0063 3624 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
22:59:07.0094 3624 ohci1394 - ok
22:59:07.0172 3624 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:59:07.0235 3624 ose - ok
22:59:07.0344 3624 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:59:07.0562 3624 osppsvc - ok
22:59:07.0703 3624 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:59:07.0765 3624 p2pimsvc - ok
22:59:07.0781 3624 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:59:07.0796 3624 p2psvc - ok
22:59:07.0843 3624 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
22:59:07.0874 3624 Parport - ok
22:59:07.0890 3624 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
22:59:07.0984 3624 partmgr - ok
22:59:07.0999 3624 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:59:08.0046 3624 PcaSvc - ok
22:59:08.0062 3624 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
22:59:08.0155 3624 pci - ok
22:59:08.0155 3624 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
22:59:08.0171 3624 pciide - ok
22:59:08.0186 3624 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
22:59:08.0202 3624 pcmcia - ok
22:59:08.0218 3624 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:59:08.0233 3624 pcw - ok
22:59:08.0264 3624 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:59:08.0358 3624 PEAUTH - ok
22:59:08.0389 3624 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:59:08.0420 3624 PerfHost - ok
22:59:08.0467 3624 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
22:59:08.0561 3624 pla - ok
22:59:08.0608 3624 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
22:59:08.0701 3624 PlugPlay - ok
22:59:08.0717 3624 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:59:08.0732 3624 PNRPAutoReg - ok
22:59:08.0764 3624 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:59:08.0779 3624 PNRPsvc - ok
22:59:08.0810 3624 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
22:59:08.0904 3624 PolicyAgent - ok
22:59:08.0920 3624 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
22:59:08.0998 3624 Power - ok
22:59:09.0044 3624 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
22:59:09.0169 3624 PptpMiniport - ok
22:59:09.0185 3624 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
22:59:09.0216 3624 Processor - ok
22:59:09.0232 3624 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
22:59:09.0310 3624 ProfSvc - ok
22:59:09.0341 3624 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:59:09.0356 3624 ProtectedStorage - ok
22:59:09.0372 3624 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
22:59:09.0481 3624 Psched - ok
22:59:09.0497 3624 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
22:59:09.0559 3624 PxHlpa64 - ok
22:59:09.0606 3624 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
22:59:09.0668 3624 ql2300 - ok
22:59:09.0684 3624 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
22:59:09.0700 3624 ql40xx - ok
22:59:09.0715 3624 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:59:09.0746 3624 QWAVE - ok
22:59:09.0762 3624 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:59:09.0809 3624 QWAVEdrv - ok
22:59:09.0809 3624 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:59:09.0871 3624 RasAcd - ok
22:59:09.0887 3624 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:59:09.0934 3624 RasAgileVpn - ok
22:59:09.0949 3624 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:59:10.0027 3624 RasAuto - ok
22:59:10.0043 3624 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
22:59:10.0168 3624 Rasl2tp - ok
22:59:10.0246 3624 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
22:59:10.0355 3624 RasMan - ok
22:59:10.0433 3624 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:59:10.0495 3624 RasPppoe - ok
22:59:10.0511 3624 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:59:10.0558 3624 RasSstp - ok
22:59:10.0573 3624 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
22:59:10.0667 3624 rdbss - ok
22:59:10.0698 3624 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
22:59:10.0714 3624 rdpbus - ok
22:59:10.0729 3624 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:59:10.0760 3624 RDPCDD - ok
22:59:10.0792 3624 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:59:10.0838 3624 RDPENCDD - ok
22:59:10.0854 3624 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:59:10.0885 3624 RDPREFMP - ok
22:59:10.0932 3624 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
22:59:11.0010 3624 RDPWD - ok
22:59:11.0026 3624 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
22:59:11.0088 3624 rdyboost - ok
22:59:11.0197 3624 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:59:11.0275 3624 RegSrvc - ok
22:59:11.0306 3624 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:59:11.0369 3624 RemoteAccess - ok
22:59:11.0384 3624 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:59:11.0431 3624 RemoteRegistry - ok
22:59:11.0478 3624 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\windows\system32\DRIVERS\revoflt.sys
22:59:11.0540 3624 Revoflt - ok
22:59:11.0556 3624 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
22:59:11.0603 3624 RFCOMM - ok
22:59:11.0712 3624 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
22:59:11.0821 3624 RoxMediaDB12OEM - ok
22:59:11.0852 3624 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
22:59:11.0930 3624 RoxWatch12 - ok
22:59:11.0946 3624 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:59:12.0024 3624 RpcEptMapper - ok
22:59:12.0040 3624 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:59:12.0071 3624 RpcLocator - ok
22:59:12.0086 3624 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:59:12.0133 3624 RpcSs - ok
22:59:12.0180 3624 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:59:12.0211 3624 rspndr - ok
22:59:12.0258 3624 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
22:59:12.0336 3624 RSUSBSTOR - ok
22:59:12.0367 3624 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\windows\system32\DRIVERS\Rt64win7.sys
22:59:12.0414 3624 RTL8167 - ok
22:59:12.0445 3624 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:59:12.0476 3624 SamSs - ok
22:59:12.0508 3624 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
22:59:12.0554 3624 sbp2port - ok
22:59:12.0773 3624 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:59:12.0866 3624 SBSDWSCService - ok
22:59:12.0898 3624 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:59:12.0976 3624 SCardSvr - ok
22:59:12.0976 3624 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
22:59:13.0085 3624 scfilter - ok
22:59:13.0116 3624 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
22:59:13.0210 3624 Schedule - ok
22:59:13.0225 3624 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:59:13.0272 3624 SCPolicySvc - ok
22:59:13.0288 3624 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
22:59:13.0350 3624 SDRSVC - ok
22:59:13.0381 3624 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:59:13.0444 3624 secdrv - ok
22:59:13.0444 3624 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
22:59:13.0522 3624 seclogon - ok
22:59:13.0537 3624 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
22:59:13.0600 3624 SENS - ok
22:59:13.0615 3624 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:59:13.0646 3624 SensrSvc - ok
22:59:13.0678 3624 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
22:59:13.0709 3624 Serenum - ok
22:59:13.0709 3624 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
22:59:13.0740 3624 Serial - ok
22:59:13.0740 3624 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
22:59:13.0771 3624 sermouse - ok
22:59:13.0802 3624 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
22:59:13.0896 3624 SessionEnv - ok
22:59:13.0912 3624 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
22:59:13.0927 3624 sffdisk - ok
22:59:13.0943 3624 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
22:59:13.0958 3624 sffp_mmc - ok
22:59:13.0974 3624 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
22:59:14.0036 3624 sffp_sd - ok
22:59:14.0052 3624 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
22:59:14.0068 3624 sfloppy - ok
22:59:14.0130 3624 SftService (6f36ee03af65de9aeb024809866d19b1) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:59:14.0270 3624 SftService - ok
22:59:14.0317 3624 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
22:59:14.0380 3624 SharedAccess - ok
22:59:14.0411 3624 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
22:59:14.0489 3624 ShellHWDetection - ok
22:59:14.0504 3624 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
22:59:14.0520 3624 SiSRaid2 - ok
22:59:14.0520 3624 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
22:59:14.0551 3624 SiSRaid4 - ok
22:59:14.0582 3624 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:59:14.0645 3624 Smb - ok
22:59:14.0692 3624 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:59:14.0723 3624 SNMPTRAP - ok
22:59:14.0738 3624 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:59:14.0754 3624 spldr - ok
22:59:14.0770 3624 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
22:59:14.0863 3624 Spooler - ok
22:59:14.0926 3624 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
22:59:15.0097 3624 sppsvc - ok
22:59:15.0113 3624 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:59:15.0160 3624 sppuinotify - ok
22:59:15.0191 3624 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
22:59:15.0284 3624 srv - ok
22:59:15.0300 3624 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
22:59:15.0378 3624 srv2 - ok
22:59:15.0409 3624 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
22:59:15.0472 3624 srvnet - ok
22:59:15.0596 3624 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:59:15.0659 3624 SSDPSRV - ok
22:59:15.0690 3624 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:59:15.0737 3624 SstpSvc - ok
22:59:15.0815 3624 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
22:59:15.0877 3624 STacSV - ok
22:59:15.0940 3624 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
22:59:15.0971 3624 stexstor - ok
22:59:16.0002 3624 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
22:59:16.0080 3624 STHDA - ok
22:59:16.0111 3624 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
22:59:16.0189 3624 stisvc - ok
22:59:16.0252 3624 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:59:16.0314 3624 stllssvr - ok
22:59:16.0376 3624 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
22:59:16.0392 3624 swenum - ok
22:59:16.0423 3624 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:59:16.0486 3624 swprv - ok
22:59:16.0532 3624 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
22:59:16.0657 3624 SysMain - ok
22:59:16.0673 3624 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
22:59:16.0735 3624 TabletInputService - ok
22:59:16.0766 3624 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
22:59:16.0844 3624 TapiSrv - ok
22:59:16.0860 3624 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:59:16.0907 3624 TBS - ok
22:59:17.0016 3624 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
22:59:17.0172 3624 Tcpip - ok
22:59:17.0203 3624 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
22:59:17.0250 3624 TCPIP6 - ok
22:59:17.0281 3624 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
22:59:17.0375 3624 tcpipreg - ok
22:59:17.0390 3624 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:59:17.0422 3624 TDPIPE - ok
22:59:17.0453 3624 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
22:59:17.0515 3624 TDTCP - ok
22:59:17.0531 3624 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
22:59:17.0640 3624 tdx - ok
22:59:17.0656 3624 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
22:59:17.0718 3624 TermDD - ok
22:59:17.0749 3624 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
22:59:17.0858 3624 TermService - ok
22:59:17.0858 3624 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:59:17.0890 3624 Themes - ok
22:59:17.0905 3624 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:59:17.0952 3624 THREADORDER - ok
22:59:17.0968 3624 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:59:18.0014 3624 TrkWks - ok
22:59:18.0046 3624 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
22:59:18.0155 3624 TrustedInstaller - ok
22:59:18.0170 3624 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
22:59:18.0264 3624 tssecsrv - ok
22:59:18.0280 3624 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
22:59:18.0358 3624 TsUsbFlt - ok
22:59:18.0373 3624 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
22:59:18.0436 3624 TsUsbGD - ok
22:59:18.0467 3624 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
22:59:18.0560 3624 tunnel - ok
22:59:18.0560 3624 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
22:59:18.0592 3624 uagp35 - ok
22:59:18.0623 3624 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
22:59:18.0732 3624 udfs - ok
22:59:18.0748 3624 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:59:18.0779 3624 UI0Detect - ok
22:59:18.0794 3624 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
22:59:18.0810 3624 uliagpkx - ok
22:59:18.0826 3624 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
22:59:18.0904 3624 umbus - ok
22:59:18.0919 3624 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
22:59:18.0950 3624 UmPass - ok
22:59:19.0028 3624 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:59:19.0231 3624 UNS - ok
22:59:19.0262 3624 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:59:19.0340 3624 upnphost - ok
22:59:19.0356 3624 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
22:59:19.0450 3624 usbccgp - ok
22:59:19.0481 3624 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
22:59:19.0512 3624 usbcir - ok
22:59:19.0543 3624 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
22:59:19.0590 3624 usbehci - ok
22:59:19.0637 3624 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
22:59:19.0715 3624 usbhub - ok
22:59:19.0730 3624 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\drivers\usbohci.sys
22:59:19.0762 3624 usbohci - ok
22:59:19.0777 3624 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
22:59:19.0808 3624 usbprint - ok
22:59:19.0824 3624 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:59:19.0933 3624 USBSTOR - ok
22:59:19.0933 3624 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\drivers\usbuhci.sys
22:59:19.0964 3624 usbuhci - ok
22:59:19.0996 3624 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
22:59:20.0058 3624 usbvideo - ok
22:59:20.0074 3624 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:59:20.0152 3624 UxSms - ok
22:59:20.0167 3624 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:59:20.0183 3624 VaultSvc - ok
22:59:20.0214 3624 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
22:59:20.0230 3624 vdrvroot - ok
22:59:20.0261 3624 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
22:59:20.0354 3624 vds - ok
22:59:20.0386 3624 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:59:20.0401 3624 vga - ok
22:59:20.0417 3624 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:59:20.0479 3624 VgaSave - ok
22:59:20.0479 3624 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
22:59:20.0542 3624 vhdmp - ok
22:59:20.0557 3624 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
22:59:20.0573 3624 viaide - ok
22:59:20.0588 3624 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
22:59:20.0651 3624 volmgr - ok
22:59:20.0666 3624 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
22:59:20.0744 3624 volmgrx - ok
22:59:20.0776 3624 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
22:59:20.0838 3624 volsnap - ok
22:59:20.0854 3624 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
22:59:20.0869 3624 vsmraid - ok
22:59:20.0916 3624 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
22:59:21.0088 3624 VSS - ok
22:59:21.0103 3624 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:59:21.0134 3624 vwifibus - ok
22:59:21.0166 3624 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
22:59:21.0197 3624 vwififlt - ok
22:59:21.0212 3624 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
22:59:21.0244 3624 vwifimp - ok
22:59:21.0290 3624 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:59:21.0353 3624 W32Time - ok
22:59:21.0368 3624 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
22:59:21.0400 3624 WacomPen - ok
22:59:21.0415 3624 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:59:21.0524 3624 WANARP - ok
22:59:21.0524 3624 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:59:21.0556 3624 Wanarpv6 - ok
22:59:21.0602 3624 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
22:59:21.0696 3624 wbengine - ok
22:59:21.0712 3624 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:59:21.0743 3624 WbioSrvc - ok
22:59:21.0758 3624 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
22:59:21.0821 3624 wcncsvc - ok
22:59:21.0836 3624 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:59:21.0899 3624 WcsPlugInService - ok
22:59:22.0008 3624 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
22:59:22.0039 3624 Wd - ok
22:59:22.0070 3624 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:59:22.0102 3624 Wdf01000 - ok
22:59:22.0117 3624 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:59:22.0195 3624 WdiServiceHost - ok
22:59:22.0211 3624 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:59:22.0226 3624 WdiSystemHost - ok
22:59:22.0242 3624 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
22:59:22.0304 3624 WebClient - ok
22:59:22.0320 3624 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:59:22.0398 3624 Wecsvc - ok
22:59:22.0414 3624 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:59:22.0460 3624 wercplsupport - ok
22:59:22.0476 3624 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:59:22.0538 3624 WerSvc - ok
22:59:22.0648 3624 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:59:22.0694 3624 WfpLwf - ok
22:59:22.0726 3624 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
22:59:22.0804 3624 WimFltr - ok
22:59:22.0819 3624 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:59:22.0835 3624 WIMMount - ok
22:59:22.0866 3624 WinDefend - ok
22:59:22.0882 3624 WinHttpAutoProxySvc - ok
22:59:22.0913 3624 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:59:22.0944 3624 Winmgmt - ok
22:59:23.0053 3624 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
22:59:23.0225 3624 WinRM - ok
22:59:23.0318 3624 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
22:59:23.0381 3624 WinUsb - ok
22:59:23.0459 3624 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:59:23.0506 3624 Wlansvc - ok
22:59:23.0584 3624 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:59:23.0646 3624 wlcrasvc - ok
22:59:23.0740 3624 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:59:23.0818 3624 wlidsvc - ok
22:59:23.0974 3624 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
22:59:23.0989 3624 WmiAcpi - ok
22:59:24.0036 3624 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:59:24.0083 3624 wmiApSrv - ok
22:59:24.0098 3624 WMPNetworkSvc - ok
22:59:24.0130 3624 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:59:24.0161 3624 WPCSvc - ok
22:59:24.0176 3624 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
22:59:24.0254 3624 WPDBusEnum - ok
22:59:24.0270 3624 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:59:24.0317 3624 ws2ifsl - ok
22:59:24.0332 3624 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
22:59:24.0364 3624 wscsvc - ok
22:59:24.0364 3624 WSearch - ok
22:59:24.0442 3624 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
22:59:24.0582 3624 wuauserv - ok
22:59:24.0613 3624 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
22:59:24.0691 3624 WudfPf - ok
22:59:24.0738 3624 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
22:59:24.0832 3624 WUDFRd - ok
22:59:24.0847 3624 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
22:59:24.0925 3624 wudfsvc - ok
22:59:24.0941 3624 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:59:25.0003 3624 WwanSvc - ok
22:59:25.0034 3624 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:59:25.0253 3624 \Device\Harddisk0\DR0 - ok
22:59:25.0253 3624 Boot (0x1200) (17e6064b18aa88ed8319b3238fe06a25) \Device\Harddisk0\DR0\Partition0
22:59:25.0253 3624 \Device\Harddisk0\DR0\Partition0 - ok
22:59:25.0300 3624 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
22:59:25.0300 3624 \Device\Harddisk0\DR0\Partition1 - ok
22:59:25.0300 3624 ============================================================
22:59:25.0300 3624 Scan finished
22:59:25.0300 3624 ============================================================
22:59:25.0300 1272 Detected object count: 2
22:59:25.0300 1272 Actual detected object count: 2
22:59:50.0228 1272 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
22:59:50.0228 1272 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:59:50.0228 1272 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:59:50.0228 1272 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
Viele Grüße Alex |
|
06.04.2012, 22:12
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2012, 23:19
| #21 |
| | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] hier die combofix log: Code:
ATTFilter ComboFix 12-04-06.03 - *** 06.04.2012 23:49:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4003.2768 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\RPSETUP.EXE.LOG
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-06 bis 2012-04-06 ))))))))))))))))))))))))))))))
.
.
2012-04-06 21:58 . 2012-04-06 21:58 -------- d-----w- c:\users\Lena.***-PC\AppData\Local\temp
2012-04-06 21:58 . 2012-04-06 21:58 -------- d-----w- c:\users\Kolja.***-PC\AppData\Local\temp
2012-04-06 21:58 . 2012-04-06 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 18:26 . 2012-04-06 18:26 -------- d-----w- C:\_OTL
2012-04-05 20:05 . 2012-04-05 20:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-05 20:04 . 2012-04-05 20:04 -------- d-----w- c:\program files (x86)\Java
2012-04-03 18:53 . 2012-04-03 18:53 -------- d-----w- c:\users\Kolja.***-PC\AppData\Local\LucasArts
2012-04-03 18:52 . 2008-03-05 14:03 479752 ----a-w- c:\windows\SysWow64\XAudio2_0.dll
2012-04-03 18:52 . 2008-03-05 14:00 25608 ----a-w- c:\windows\SysWow64\X3DAudio1_3.dll
2012-04-03 18:52 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\SysWow64\D3DX9_37.dll
2012-04-03 18:52 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\SysWow64\D3DCompiler_37.dll
2012-04-03 18:52 . 2008-02-05 21:07 462864 ----a-w- c:\windows\SysWow64\d3dx10_37.dll
2012-04-03 18:37 . 2012-04-03 18:37 -------- d-----w- c:\program files (x86)\LucasArts
2012-03-25 19:46 . 2012-03-25 19:46 -------- d-----w- c:\program files (x86)\ESET
2012-03-25 17:46 . 2012-03-25 17:46 -------- d-----w- c:\users\***\AppData\Local\ElevatedDiagnostics
2012-03-24 12:09 . 2012-03-24 12:09 -------- d-----w- c:\users\Lena.***-PC\AppData\Roaming\Malwarebytes
2012-03-24 09:25 . 2012-03-24 09:25 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-03-24 09:24 . 2012-03-24 09:24 -------- d-----w- c:\programdata\Malwarebytes
2012-03-24 09:24 . 2012-03-24 09:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 09:24 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 17:35 . 2012-03-20 17:41 -------- d-----w- c:\users\Lena.***-PC\AppData\Roaming\PersBackup5
2012-03-18 17:15 . 2012-03-18 17:15 -------- d-----w- c:\users\Lena.***-PC\AppData\Roaming\LSoft Technologies
2012-03-18 17:15 . 2012-03-18 17:15 -------- d-----w- c:\users\Lena.***-PC\AppData\Roaming\InstallShield Installation Information
2012-03-18 16:14 . 2012-03-18 16:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-18 16:14 . 2012-03-18 16:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-14 09:04 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:04 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 09:04 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 08:21 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 08:21 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 08:13 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 17:02 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:02 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:02 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:02 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:02 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:02 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:02 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 20:04 . 2011-07-25 07:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-25 39408]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Lena.***-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [x]
S2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-05-16 1688384]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 07:27]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 07:27]
.
2012-03-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2012-04-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-21 3666800]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.50.140.182 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-07 00:13:19
ComboFix-quarantined-files.txt 2012-04-06 22:13
.
Vor Suchlauf: 12 Verzeichnis(se), 411.386.277.888 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 410.772.844.544 Bytes frei
.
- - End Of File - - F4E46CB07B12EF6B5CC0209501F63782
Viele Grüße Alex |
|
06.04.2012, 23:22
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2012, 23:33
| #23 |
| | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] hier die log. Der Scan ist leider abgestürzt, so dass ich im none - mode erneut starten musste Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-07 00:30:14
-----------------------------
00:30:14.728 OS Version: Windows x64 6.1.7601 Service Pack 1
00:30:14.728 Number of processors: 4 586 0x2A07
00:30:14.728 ComputerName: ***-PC UserName: ***
00:30:16.147 Initialize success
00:30:19.766 AVAST engine defs: 12040601
00:30:27.036 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:30:27.036 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
00:30:27.052 Disk 0 MBR read successfully
00:30:27.067 Disk 0 MBR scan
00:30:27.067 Disk 0 Windows 7 default MBR code
00:30:27.083 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048
00:30:27.083 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
00:30:27.114 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
00:30:27.130 Disk 0 scanning C:\windows\system32\drivers
00:30:35.132 Service scanning
00:30:52.168 Modules scanning
00:30:52.183 Disk 0 trace - called modules:
00:30:52.199 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
00:30:52.714 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004732060]
00:30:52.714 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80040d5670]
00:30:52.729 5 ACPI.sys[fffff88000efc7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040d9050]
00:30:52.745 Scan finished successfully
00:31:04.258 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
00:31:04.258 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Alex |
|
06.04.2012, 23:35
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.04.2012, 11:05
| #25 |
| | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] hier die logs, musste Malwarebytes im abgesicherten modus fahren, da es zum absturz kam. antispy lief aber glatt durch. Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.06.08 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 07.04.2012 00:52:51 mbam-log-2012-04-07 (00-52-51).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 471133 Laufzeit: 36 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/07/2012 at 11:26 AM
Application Version : 5.0.1146
Core Rules Database Version : 8424
Trace Rules Database Version: 6236
Scan type : Complete Scan
Total Scan Time : 01:57:10
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 710
Memory threats detected : 0
Registry items scanned : 67938
Registry threats detected : 0
File items scanned : 277804
File threats detected : 204
Adware.Tracking Cookie
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\kolja@msnportal.112.2o7[1].txt [ Cookie:kolja@msnportal.112.2o7.net/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\OKP1U5VC.txt [ Cookie:kolja@2o7.net/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\IOL0AK8V.txt [ Cookie:kolja@doubleclick.net/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\R6DLSOW6.txt [ Cookie:kolja@webmasterplan.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZT6SV6CA.txt [ Cookie:kolja@adfarm1.adition.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\CEC4Y18Y.txt [ Cookie:kolja@mediaplex.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\JDX5YIHN.txt [ Cookie:kolja@nextag.de/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\D6PPD7UI.txt [ Cookie:kolja@ad2.adfarm1.adition.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\WSVUES4D.txt [ Cookie:kolja@eas.apm.emediate.eu/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\2X4EU1Z0.txt [ Cookie:kolja@statse.webtrendslive.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\22DLTYKD.txt [ Cookie:kolja@statcounter.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\2XK1YNDS.txt [ Cookie:kolja@adviva.net/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\QUZAY8UN.txt [ Cookie:kolja@fastclick.net/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\GXEK9QHA.txt [ Cookie:kolja@tracking.quisma.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\8O2Q70RC.txt [ Cookie:kolja@msnportal.112.2o7.net/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\0DTT1JBL.txt [ Cookie:kolja@atdmt.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\B9Y20888.txt [ Cookie:kolja@ich.adscale.de/adserver-ich/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\2XZ6JH8Z.txt [ Cookie:kolja@newsclick.de/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\0RTBBJAV.txt [ Cookie:kolja@ad4.adfarm1.adition.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\9LG3RVIG.txt [ Cookie:kolja@adtech.de/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\2O87IKY1.txt [ Cookie:kolja@content.yieldmanager.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\0S37ITTN.txt [ Cookie:kolja@tradedoubler.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\YP9M4EBC.txt [ Cookie:kolja@ad.zanox.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\A9WWRP4L.txt [ Cookie:kolja@zanox.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\99017VNW.txt [ Cookie:kolja@questionmarket.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\TPE26HDI.txt [ Cookie:kolja@smartadserver.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\DB73ESLY.txt [ Cookie:kolja@de.sitestat.com/ndr/ts/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\BWJNBW7C.txt [ Cookie:kolja@xiti.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\LIF3UMPV.txt [ Cookie:kolja@www.newsclick.de/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\7TPYI3VZ.txt [ Cookie:kolja@tribalfusion.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\4CWJ1DCG.txt [ Cookie:kolja@traffictrack.de/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCS63XFM.txt [ Cookie:kolja@www.etracker.de/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\DAEAV8SU.txt [ Cookie:kolja@ad.yieldmanager.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\20BG0YAZ.txt [ Cookie:kolja@ad.adserver01.de/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\XDGD4F4W.txt [ Cookie:kolja@media6degrees.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\45JX3AVP.txt [ Cookie:kolja@serving-sys.com/ ]
C:\USERS\KOLJA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\3OSSYGVO.txt [ Cookie:kolja@im.banner.t-online.de/ ]
C:\USERS\KOLJA.***-PC\Cookies\kolja@msnportal.112.2o7[1].txt [ Cookie:kolja@msnportal.112.2o7.net/ ]
C:\USERS\KOLJA.***-PC\Cookies\OKP1U5VC.txt [ Cookie:kolja@2o7.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\0ZB979RW.txt [ Cookie:lena@2o7.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\N30W6D6N.txt [ Cookie:lena@ad.zanox.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\OT81N8ZP.txt [ Cookie:lena@doubleclick.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\WXY7J8M1.txt [ Cookie:lena@serving-sys.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\DVTVCXP1.txt [ Cookie:lena@tracking.quisma.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\O9H95CRO.txt [ Cookie:lena@ad.adserver01.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\ESPA3Y42.txt [ Cookie:lena@ad4.adfarm1.adition.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\NDKVIBLP.txt [ Cookie:lena@fl01.ct2.comclick.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q8BPDVVV.txt [ Cookie:lena@adform.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0DFU15E.txt [ Cookie:lena@tracking.mindshare.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\MEKUS4KP.txt [ Cookie:lena@adbrite.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\EKNCL65A.txt [ Cookie:lena@newsclick.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\9J9I73YL.txt [ Cookie:lena@www.office-discount.de/webapp/wcs/stores/servlet/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\HZ9X9JAM.txt [ Cookie:lena@banner.testberichte.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\C4LW39JV.txt [ Cookie:lena@paypal.112.2o7.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\SWV2PYJ6.txt [ Cookie:lena@traffictrack.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\LLSCXX2R.txt [ Cookie:lena@ads.quartermedia.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\8Y4KEPTX.txt [ Cookie:lena@www.burstnet.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\B5CMLOQB.txt [ Cookie:lena@zanox.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\XTMW2GT4.txt [ Cookie:lena@estat.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\KZTMVOGS.txt [ Cookie:lena@de.sitestat.com/is24/is24/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\UF5Q7J4C.txt [ Cookie:lena@clickfuse.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\VHA7M7UB.txt [ Cookie:lena@ad.yieldmanager.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPO8K3AR.txt [ Cookie:lena@ad2.adfarm1.adition.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\980704AW.txt [ Cookie:lena@urbia.wwe-media.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\41804Y9I.txt [ Cookie:lena@tracking.klicktel.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\DJES9JWT.txt [ Cookie:lena@atdmt.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\YF0EG262.txt [ Cookie:lena@lstat.youku.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\82PYR560.txt [ Cookie:lena@unitymedia.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\78WNT2YZ.txt [ Cookie:lena@frontlinegmbh.122.2o7.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\4EH6MP82.txt [ Cookie:lena@tradedoubler.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\743GR9KN.txt [ Cookie:lena@content.yieldmanager.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\2BECOFFN.txt [ Cookie:lena@adfarm1.adition.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ARPM02X.txt [ Cookie:lena@adxpose.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\4D85535E.txt [ Cookie:lena@a.revenuemax.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\9ZGSJTRH.txt [ Cookie:lena@msnportal.112.2o7.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\TCU48694.txt [ Cookie:lena@viewablemedia.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\35LY8AWY.txt [ Cookie:lena@stepstone.112.2o7.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\PVDD4ZJN.txt [ Cookie:lena@invitemedia.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\D8EKFY5A.txt [ Cookie:lena@im.banner.t-online.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\3YH6UNAE.txt [ Cookie:lena@stats.linx.de/click_track/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\XFGIA9Y0.txt [ Cookie:lena@track.adform.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\MVXQ5XWM.txt [ Cookie:lena@ad.adition.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\DM9T4A2Y.txt [ Cookie:lena@amazon-adsystem.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\594S4AT6.txt [ Cookie:lena@www.etracker.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\3UYEJKBU.txt [ Cookie:lena@zanox-affiliate.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\1AB34RF0.txt [ Cookie:lena@tracking.klicktel.de/dcsbusili10000cl8aqvw6567_6w4v ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\OL9T7G8H.txt [ Cookie:lena@imrworldwide.com/cgi-bin ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\G8W0588X.txt [ Cookie:lena@www.office-discount.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\WQ9QX38F.txt [ Cookie:lena@deutschepostag.112.2o7.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZQ7TAKSC.txt [ Cookie:lena@www.counter-gratis.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\OPFUHNSK.txt [ Cookie:lena@xiti.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\N7XA7PJ2.txt [ Cookie:lena@fidelity.rotator.hadj7.adjuggler.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\QEQMASTF.txt [ Cookie:lena@www.newsclick.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\05UELL42.txt [ Cookie:lena@stats.paypal.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\25OO46XN.txt [ Cookie:lena@media6degrees.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\75QP3RA9.txt [ Cookie:lena@www.styleclicker.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\09PVPUD8.txt [ Cookie:lena@komtrack.com/tr/545440 ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\2QKU3BIU.txt [ Cookie:lena@eas4.emediate.eu/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\BNUD3CLL.txt [ Cookie:lena@ads.motomedia.nl/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\52M83H47.txt [ Cookie:lena@in.getclicky.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\80JCUHR8.txt [ Cookie:lena@ad1.dyntracker.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\M0SUD1CB.txt [ Cookie:lena@adserver.adtechus.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\98ZI6X2B.txt [ Cookie:lena@e-2dj6wnmygicpigo.stats.esomniture.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\EAZLWIBM.txt [ Cookie:lena@hightraffic.hugoboss.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\2PS57KEY.txt [ Cookie:lena@adtech.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\0O9GBQYW.txt [ Cookie:lena@tracking.crealytics.com/94/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\WFBOTSYT.txt [ Cookie:lena@countomat.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\TD7S4UBJ.txt [ Cookie:lena@styleclicker.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\VBS0TCWX.txt [ Cookie:lena@tracking.3gnet.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\HMNLU7E6.txt [ Cookie:lena@mmstat.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\HRHUGOVX.txt [ Cookie:lena@amznshopbop.122.2o7.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\YV5Y9668.txt [ Cookie:lena@tracking.fahrrad.de/c_tracker/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\8PLONCM7.txt [ Cookie:lena@bizrate.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\CZ2HCAF6.txt [ Cookie:lena@adsonar.com/adserving ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\G4KR7F1L.txt [ Cookie:lena@de.sitestat.com/ndr/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWKZWRNG.txt [ Cookie:lena@de.sitestat.com/ndr/ts/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\EAYI28FT.txt [ Cookie:lena@112.2o7.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\MCBWDHYW.txt [ Cookie:lena@ad.dyntracker.de/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\WEZJYG3M.txt [ Cookie:lena@c.atdmt.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\7ISAJUIE.txt [ Cookie:lena@statcounter.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHU5V0PX.txt [ Cookie:lena@tribalfusion.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\0IKKHTR2.txt [ Cookie:lena@media.neodau.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\2C0YF9MB.txt [ Cookie:lena@weborama.fr/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\OXM9Q7Y5.txt [ Cookie:lena@2o7.net/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y9AP7KSA.txt [ Cookie:lena@ww251.smartadserver.com/ ]
C:\USERS\LENA.***-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCE1L86T.txt [ Cookie:lena@tracking.fahrrad.de/cid_tracker/ ]
C:\USERS\LENA.***-PC\Cookies\0ZB979RW.txt [ Cookie:lena@2o7.net/ ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\***@2O7[1].TXT.GZ [ /2O7 ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\***@ATDMT[2].TXT.GZ [ /ATDMT ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\***@MSNPORTAL.112.2O7[1].TXT.GZ [ /MSNPORTAL.112.2O7 ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ADS2.NET2DAY[1].TXT.GZ [ /ADS2.NET2DAY ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD.DYNTRACKER[2].TXT.GZ [ /AD.DYNTRACKER ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ADFARM1.ADITION[1].TXT.GZ [ /ADFARM1.ADITION ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@MEDIAPLEX[1].TXT.GZ [ /MEDIAPLEX ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@BS.SERVING-SYS[2].TXT.GZ [ /BS.SERVING-SYS ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@CONTENT.YIELDMANAGER[3].TXT.GZ [ /CONTENT.YIELDMANAGER ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@TRACKING.MLP[1].TXT.GZ [ /TRACKING.MLP ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@UNITYMEDIA[1].TXT.GZ [ /UNITYMEDIA ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD.AD-SRV[1].TXT.GZ [ /AD.AD-SRV ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@STUDIVZ.ADFARM1.ADITION[1].TXT.GZ [ /STUDIVZ.ADFARM1.ADITION ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@BS.SERVING-SYS[1].TXT.GZ [ /BS.SERVING-SYS ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@WWW.ETRACKER[1].TXT.GZ [ /WWW.ETRACKER ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@TRADEDOUBLER[2].TXT.GZ [ /TRADEDOUBLER ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@FASTCLICK[2].TXT.GZ [ /FASTCLICK ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@WEBMASTERPLAN[1].TXT.GZ [ /WEBMASTERPLAN ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ADFARM1.ADITION[2].TXT.GZ [ /ADFARM1.ADITION ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@TRACK.EFFILIATION[3].TXT.GZ [ /TRACK.EFFILIATION ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@WWW.GOOGLEADSERVICES[3].TXT.GZ [ /WWW.GOOGLEADSERVICES ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@TRACKING.QUISMA[2].TXT.GZ [ /TRACKING.QUISMA ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@LIVEPERSON[1].TXT.GZ [ /LIVEPERSON ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@STATCOUNTER[1].TXT.GZ [ /STATCOUNTER ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@OVERTURE[2].TXT.GZ [ /OVERTURE ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD.E-KOLAY[1].TXT.GZ [ /AD.E-KOLAY ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@WWW.ZANOX-AFFILIATE[1].TXT.GZ [ /WWW.ZANOX-AFFILIATE ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@BIZRATE[1].TXT.GZ [ /BIZRATE ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD4.ADFARM1.ADITION[1].TXT.GZ [ /AD4.ADFARM1.ADITION ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@KONTERA[2].TXT.GZ [ /KONTERA ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ADS3.NET2DAY[2].TXT.GZ [ /ADS3.NET2DAY ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@SALES.LIVEPERSON[2].TXT.GZ [ /SALES.LIVEPERSON ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ZANOX-AFFILIATE[1].TXT.GZ [ /ZANOX-AFFILIATE ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@WWW.ZANOX-AFFILIATE[2].TXT.GZ [ /WWW.ZANOX-AFFILIATE ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@CONTENT.YIELDMANAGER[1].TXT.GZ [ /CONTENT.YIELDMANAGER ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD2.ADFARM1.ADITION[1].TXT.GZ [ /AD2.ADFARM1.ADITION ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ADS4.NET2DAY[2].TXT.GZ [ /ADS4.NET2DAY ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD.ZANOX[1].TXT.GZ [ /AD.ZANOX ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@MSNPORTAL.112.2O7[1].TXT.GZ [ /MSNPORTAL.112.2O7 ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@APMEBF[2].TXT.GZ [ /APMEBF ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@IM.BANNER.T-ONLINE[1].TXT.GZ [ /IM.BANNER.T-ONLINE ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@INVITEMEDIA[2].TXT.GZ [ /INVITEMEDIA ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@WWW.GOOGLEADSERVICES[2].TXT.GZ [ /WWW.GOOGLEADSERVICES ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ZANOX[1].TXT.GZ [ /ZANOX ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@CDATE.122.2O7[1].TXT.GZ [ /CDATE.122.2O7 ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@REVSCI[2].TXT.GZ [ /REVSCI ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD.YIELDMANAGER[1].TXT.GZ [ /AD.YIELDMANAGER ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@TRACK.EFFILIATION[1].TXT.GZ [ /TRACK.EFFILIATION ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ZANOX[2].TXT.GZ [ /ZANOX ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@WWW.GOOGLEADSERVICES[1].TXT.GZ [ /WWW.GOOGLEADSERVICES ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@TRAFFICTRACK[2].TXT.GZ [ /TRAFFICTRACK ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@WEBMASTERPLAN[2].TXT.GZ [ /WEBMASTERPLAN ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@XITI[1].TXT.GZ [ /XITI ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@EAS.APM.EMEDIATE[2].TXT.GZ [ /EAS.APM.EMEDIATE ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@TRADEDOUBLER[1].TXT.GZ [ /TRADEDOUBLER ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD3.ADFARM1.ADITION[1].TXT.GZ [ /AD3.ADFARM1.ADITION ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@SNAPFISH.112.2O7[1].TXT.GZ [ /SNAPFISH.112.2O7 ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD.ADNET[2].TXT.GZ [ /AD.ADNET ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ATDMT[2].TXT.GZ [ /ATDMT ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@CONTENT.YIELDMANAGER[2].TXT.GZ [ /CONTENT.YIELDMANAGER ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@TRAFFICTRACK[1].TXT.GZ [ /TRAFFICTRACK ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD.ADSERVER01[1].TXT.GZ [ /AD.ADSERVER01 ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@IMRWORLDWIDE[2].TXT.GZ [ /IMRWORLDWIDE ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ZANOX-AFFILIATE[2].TXT.GZ [ /ZANOX-AFFILIATE ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ADX.CHIP[1].TXT.GZ [ /ADX.CHIP ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@INVITEMEDIA[1].TXT.GZ [ /INVITEMEDIA ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD.DYNTRACKER[1].TXT.GZ [ /AD.DYNTRACKER ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ADTECH[1].TXT.GZ [ /ADTECH ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD.360YIELD[1].TXT.GZ [ /AD.360YIELD ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD.360YIELD[2].TXT.GZ [ /AD.360YIELD ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@ADS.NET2DAY[2].TXT.GZ [ /ADS.NET2DAY ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@AD2.ADFARM1.ADITION[2].TXT.GZ [ /AD2.ADFARM1.ADITION ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@DOUBLECLICK[2].TXT.GZ [ /DOUBLECLICK ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@LEGOLAS-MEDIA[2].TXT.GZ [ /LEGOLAS-MEDIA ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@LIVEPERSON[3].TXT.GZ [ /LIVEPERSON ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@SERVING-SYS[1].TXT.GZ [ /SERVING-SYS ]
E:\PERSBACKUPNEU\LWC\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@STATSE.WEBTRENDSLIVE[1].TXT.GZ [ /STATSE.WEBTRENDSLIVE ]
alex |
|
07.04.2012, 18:10
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] Wieso, lief der normale Modus nicht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.04.2012, 19:18
| #27 |
| | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] Doch der normale Modus läuft, jetzt auch ohne regelmäßigen Absturz.  Zu diesem Zeitpunkt kam es bei Malwarebytes im normalen Modus zu einem Absturz während des Scans, so dass ich den nächsten Durchklauf im abgesicherten startete. War das ein Fehler? Viele Grüße Alex |
|
08.04.2012, 15:43
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2012, 17:23
| #29 |
| | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] Hallo Arne, tausend Dank für deine umfassende und schnelle Hilfe. Jetzt läuft alles wieder einwandfrei!  Werde mich in Zukunft an deine Tipps halten, damit mir so etwas nicht mehr passiert. Viele Grüße Alex |
|
08.04.2012, 18:12
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR] |
| admin, anleitungen, befehle, bildschirm, bitte warten, connection, folge, folgende, freundin, hergestellt, hintergrund, nachricht, nicht mehr, please, please wait, punkt, troja, trojaner, verbindung, vorgehen, weißem, weißer, weißer bildschirm, windows, windows 7, zugang, [k3arylup6sickor] flint4ytw.exe |
![weißer Bildschirm - please wait while the connection is being establihed [K3aRyluP6SiCkoR]](iconimages/log-analyse-auswertung/weisser-bildschirm-please-wait-while-the-connection-is-being-establihed-k3arylup6sickor_ltr.gif)
Linear-Darstellung
