| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs Trojaner (Neu) - Was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
25.05.2012, 20:33
| #1 |
 |  Verschlüsselungs Trojaner (Neu) - Was tun? So hier das Log, hat anscheinend nichts gefunden soweit ich das beurteilen kann. Code:
ATTFilter 21:27:09.0495 4820 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
21:27:10.0056 4820 ============================================================
21:27:10.0056 4820 Current date / time: 2012/05/25 21:27:10.0056
21:27:10.0056 4820 SystemInfo:
21:27:10.0056 4820
21:27:10.0056 4820 OS Version: 6.1.7601 ServicePack: 1.0
21:27:10.0056 4820 Product type: Workstation
21:27:10.0056 4820 ComputerName: JULIAN-PC
21:27:10.0056 4820 UserName: Julian
21:27:10.0056 4820 Windows directory: C:\Windows
21:27:10.0056 4820 System windows directory: C:\Windows
21:27:10.0056 4820 Running under WOW64
21:27:10.0056 4820 Processor architecture: Intel x64
21:27:10.0056 4820 Number of processors: 8
21:27:10.0056 4820 Page size: 0x1000
21:27:10.0056 4820 Boot type: Normal boot
21:27:10.0056 4820 ============================================================
21:27:10.0805 4820 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:27:10.0821 4820 ============================================================
21:27:10.0821 4820 \Device\Harddisk0\DR0:
21:27:10.0821 4820 MBR partitions:
21:27:10.0821 4820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1F41B000
21:27:10.0852 4820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2261C000, BlocksNum 0x2823B800
21:27:10.0852 4820 ============================================================
21:27:10.0883 4820 C: <-> \Device\Harddisk0\DR0\Partition0
21:27:10.0914 4820 D: <-> \Device\Harddisk0\DR0\Partition1
21:27:10.0914 4820 ============================================================
21:27:10.0914 4820 Initialize success
21:27:10.0914 4820 ============================================================
21:27:44.0240 3140 ============================================================
21:27:44.0240 3140 Scan started
21:27:44.0240 3140 Mode: Manual; SigCheck; TDLFS;
21:27:44.0240 3140 ============================================================
21:27:44.0646 3140 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:27:44.0786 3140 1394ohci - ok
21:27:44.0833 3140 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:27:44.0880 3140 ACPI - ok
21:27:44.0911 3140 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:27:45.0005 3140 AcpiPmi - ok
21:27:45.0145 3140 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:27:45.0176 3140 AdobeFlashPlayerUpdateSvc - ok
21:27:45.0254 3140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:27:45.0301 3140 adp94xx - ok
21:27:45.0364 3140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:27:45.0410 3140 adpahci - ok
21:27:45.0442 3140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:27:45.0473 3140 adpu320 - ok
21:27:45.0504 3140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:27:45.0697 3140 AeLookupSvc - ok
21:27:45.0785 3140 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:27:45.0859 3140 AFD - ok
21:27:45.0900 3140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:27:45.0926 3140 agp440 - ok
21:27:45.0963 3140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:27:46.0039 3140 ALG - ok
21:27:46.0074 3140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:27:46.0098 3140 aliide - ok
21:27:46.0117 3140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:27:46.0141 3140 amdide - ok
21:27:46.0152 3140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:27:46.0219 3140 AmdK8 - ok
21:27:46.0258 3140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:27:46.0309 3140 AmdPPM - ok
21:27:46.0357 3140 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:27:46.0386 3140 amdsata - ok
21:27:46.0451 3140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:27:46.0489 3140 amdsbs - ok
21:27:46.0522 3140 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:27:46.0538 3140 amdxata - ok
21:27:46.0616 3140 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:27:46.0647 3140 AntiVirSchedulerService - ok
21:27:46.0663 3140 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:27:46.0694 3140 AntiVirService - ok
21:27:46.0725 3140 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:27:46.0928 3140 AppID - ok
21:27:46.0975 3140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:27:47.0068 3140 AppIDSvc - ok
21:27:47.0162 3140 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:27:47.0293 3140 Appinfo - ok
21:27:47.0328 3140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:27:47.0356 3140 arc - ok
21:27:47.0380 3140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:27:47.0408 3140 arcsas - ok
21:27:47.0465 3140 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
21:27:47.0510 3140 ASLDRService - ok
21:27:47.0529 3140 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
21:27:47.0547 3140 ASMMAP64 - ok
21:27:47.0640 3140 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:27:47.0664 3140 aspnet_state - ok
21:27:47.0690 3140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:27:47.0788 3140 AsyncMac - ok
21:27:47.0822 3140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:27:47.0846 3140 atapi - ok
21:27:48.0014 3140 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
21:27:48.0118 3140 athr - ok
21:27:48.0215 3140 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
21:27:48.0230 3140 ATKGFNEXSrv - ok
21:27:48.0293 3140 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
21:27:48.0308 3140 ATKWMIACPIIO - ok
21:27:48.0511 3140 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:27:48.0636 3140 AudioEndpointBuilder - ok
21:27:48.0651 3140 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:27:48.0761 3140 AudioSrv - ok
21:27:48.0823 3140 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
21:27:48.0854 3140 avgntflt - ok
21:27:48.0870 3140 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
21:27:48.0901 3140 avipbb - ok
21:27:48.0917 3140 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:27:48.0948 3140 avkmgr - ok
21:27:48.0995 3140 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:27:49.0088 3140 AxInstSV - ok
21:27:49.0182 3140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:27:49.0244 3140 b06bdrv - ok
21:27:49.0307 3140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:27:49.0369 3140 b57nd60a - ok
21:27:49.0478 3140 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:27:49.0509 3140 BBSvc - ok
21:27:49.0555 3140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:27:49.0604 3140 BDESVC - ok
21:27:49.0632 3140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:27:49.0742 3140 Beep - ok
21:27:49.0839 3140 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:27:49.0964 3140 BFE - ok
21:27:50.0071 3140 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:27:50.0206 3140 BITS - ok
21:27:50.0261 3140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:27:50.0315 3140 blbdrive - ok
21:27:50.0364 3140 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:27:50.0419 3140 bowser - ok
21:27:50.0448 3140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:27:50.0522 3140 BrFiltLo - ok
21:27:50.0543 3140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:27:50.0590 3140 BrFiltUp - ok
21:27:50.0636 3140 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:27:50.0746 3140 Browser - ok
21:27:50.0824 3140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:27:50.0917 3140 Brserid - ok
21:27:50.0948 3140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:27:50.0980 3140 BrSerWdm - ok
21:27:51.0011 3140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:27:51.0058 3140 BrUsbMdm - ok
21:27:51.0089 3140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:27:51.0136 3140 BrUsbSer - ok
21:27:51.0245 3140 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:27:51.0323 3140 BthEnum - ok
21:27:51.0370 3140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:27:51.0416 3140 BTHMODEM - ok
21:27:51.0494 3140 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:27:51.0563 3140 BthPan - ok
21:27:51.0644 3140 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:27:51.0717 3140 BTHPORT - ok
21:27:51.0764 3140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:27:51.0867 3140 bthserv - ok
21:27:51.0893 3140 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:27:51.0939 3140 BTHUSB - ok
21:27:51.0975 3140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:27:52.0076 3140 cdfs - ok
21:27:52.0117 3140 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:27:52.0157 3140 cdrom - ok
21:27:52.0205 3140 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:27:52.0301 3140 CertPropSvc - ok
21:27:52.0340 3140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:27:52.0387 3140 circlass - ok
21:27:52.0459 3140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:27:52.0498 3140 CLFS - ok
21:27:52.0574 3140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:27:52.0605 3140 clr_optimization_v2.0.50727_32 - ok
21:27:52.0668 3140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:27:52.0683 3140 clr_optimization_v2.0.50727_64 - ok
21:27:52.0761 3140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:27:52.0792 3140 clr_optimization_v4.0.30319_32 - ok
21:27:52.0855 3140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:27:52.0870 3140 clr_optimization_v4.0.30319_64 - ok
21:27:52.0902 3140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:27:52.0948 3140 CmBatt - ok
21:27:52.0964 3140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:27:52.0995 3140 cmdide - ok
21:27:53.0073 3140 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:27:53.0136 3140 CNG - ok
21:27:53.0229 3140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:27:53.0245 3140 Compbatt - ok
21:27:53.0276 3140 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:27:53.0338 3140 CompositeBus - ok
21:27:53.0354 3140 COMSysApp - ok
21:27:53.0385 3140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:27:53.0416 3140 crcdisk - ok
21:27:53.0463 3140 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:27:53.0572 3140 CryptSvc - ok
21:27:53.0760 3140 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:27:53.0806 3140 cvhsvc - ok
21:27:53.0900 3140 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:27:54.0009 3140 DcomLaunch - ok
21:27:54.0072 3140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:27:54.0181 3140 defragsvc - ok
21:27:54.0259 3140 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:27:54.0352 3140 DfsC - ok
21:27:54.0430 3140 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:27:54.0524 3140 Dhcp - ok
21:27:54.0555 3140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:27:54.0664 3140 discache - ok
21:27:54.0711 3140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:27:54.0742 3140 Disk - ok
21:27:54.0805 3140 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:27:54.0883 3140 Dnscache - ok
21:27:54.0930 3140 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:27:55.0054 3140 dot3svc - ok
21:27:55.0086 3140 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:27:55.0195 3140 DPS - ok
21:27:55.0226 3140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:27:55.0288 3140 drmkaud - ok
21:27:55.0398 3140 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:27:55.0460 3140 DXGKrnl - ok
21:27:55.0491 3140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:27:55.0585 3140 EapHost - ok
21:27:55.0935 3140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:27:56.0068 3140 ebdrv - ok
21:27:56.0192 3140 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:27:56.0255 3140 EFS - ok
21:27:56.0379 3140 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:27:56.0461 3140 ehRecvr - ok
21:27:56.0500 3140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:27:56.0562 3140 ehSched - ok
21:27:56.0751 3140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:27:56.0829 3140 elxstor - ok
21:27:56.0835 3140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:27:56.0880 3140 ErrDev - ok
21:27:56.0952 3140 ETD (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys
21:27:56.0978 3140 ETD - ok
21:27:57.0036 3140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:27:57.0143 3140 EventSystem - ok
21:27:57.0196 3140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:27:57.0295 3140 exfat - ok
21:27:57.0334 3140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:27:57.0441 3140 fastfat - ok
21:27:57.0550 3140 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:27:57.0626 3140 Fax - ok
21:27:57.0665 3140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:27:57.0704 3140 fdc - ok
21:27:57.0735 3140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:27:57.0842 3140 fdPHost - ok
21:27:57.0867 3140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:27:57.0961 3140 FDResPub - ok
21:27:57.0989 3140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:27:58.0016 3140 FileInfo - ok
21:27:58.0039 3140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:27:58.0145 3140 Filetrace - ok
21:27:58.0177 3140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:27:58.0215 3140 flpydisk - ok
21:27:58.0267 3140 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:27:58.0303 3140 FltMgr - ok
21:27:58.0423 3140 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:27:58.0514 3140 FontCache - ok
21:27:58.0587 3140 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:27:58.0607 3140 FontCache3.0.0.0 - ok
21:27:58.0654 3140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:27:58.0685 3140 FsDepends - ok
21:27:58.0716 3140 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:27:58.0732 3140 fssfltr - ok
21:27:58.0934 3140 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:27:59.0028 3140 fsssvc - ok
21:27:59.0184 3140 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:27:59.0215 3140 Fs_Rec - ok
21:27:59.0324 3140 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:27:59.0370 3140 fvevol - ok
21:27:59.0409 3140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:27:59.0436 3140 gagp30kx - ok
21:27:59.0549 3140 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:27:59.0663 3140 gpsvc - ok
21:27:59.0700 3140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:27:59.0742 3140 hcw85cir - ok
21:27:59.0805 3140 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:27:59.0860 3140 HdAudAddService - ok
21:27:59.0904 3140 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:27:59.0954 3140 HDAudBus - ok
21:27:59.0987 3140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:28:00.0029 3140 HidBatt - ok
21:28:00.0052 3140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:28:00.0095 3140 HidBth - ok
21:28:00.0139 3140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:28:00.0176 3140 HidIr - ok
21:28:00.0206 3140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:28:00.0301 3140 hidserv - ok
21:28:00.0343 3140 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:28:00.0374 3140 HidUsb - ok
21:28:00.0421 3140 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:28:00.0530 3140 hkmsvc - ok
21:28:00.0561 3140 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:28:00.0623 3140 HomeGroupListener - ok
21:28:00.0670 3140 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:28:00.0717 3140 HomeGroupProvider - ok
21:28:00.0764 3140 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:28:00.0795 3140 HpSAMD - ok
21:28:00.0889 3140 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:28:00.0998 3140 HTTP - ok
21:28:01.0029 3140 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:28:01.0060 3140 hwpolicy - ok
21:28:01.0091 3140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:28:01.0123 3140 i8042prt - ok
21:28:01.0201 3140 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
21:28:01.0247 3140 iaStor - ok
21:28:01.0310 3140 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:28:01.0357 3140 iaStorV - ok
21:28:01.0497 3140 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:28:01.0559 3140 idsvc - ok
21:28:02.0792 3140 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:28:03.0385 3140 igfx - ok
21:28:03.0541 3140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:28:03.0572 3140 iirsp - ok
21:28:03.0681 3140 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:28:03.0790 3140 IKEEXT - ok
21:28:04.0118 3140 IntcAzAudAddService (c15a21b1e2291952424f361093734f95) C:\Windows\system32\drivers\RTKVHD64.sys
21:28:04.0243 3140 IntcAzAudAddService - ok
21:28:04.0399 3140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:28:04.0414 3140 intelide - ok
21:28:04.0445 3140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:28:04.0492 3140 intelppm - ok
21:28:04.0539 3140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:28:04.0648 3140 IPBusEnum - ok
21:28:04.0664 3140 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:04.0757 3140 IpFilterDriver - ok
21:28:04.0867 3140 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:28:04.0991 3140 iphlpsvc - ok
21:28:05.0023 3140 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:28:05.0054 3140 IPMIDRV - ok
21:28:05.0069 3140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:28:05.0163 3140 IPNAT - ok
21:28:05.0210 3140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:28:05.0257 3140 IRENUM - ok
21:28:05.0288 3140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:28:05.0303 3140 isapnp - ok
21:28:05.0366 3140 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:28:05.0397 3140 iScsiPrt - ok
21:28:05.0444 3140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:28:05.0459 3140 kbdclass - ok
21:28:05.0491 3140 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:28:05.0537 3140 kbdhid - ok
21:28:05.0584 3140 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
21:28:05.0600 3140 kbfiltr - ok
21:28:05.0631 3140 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:28:05.0662 3140 KeyIso - ok
21:28:05.0678 3140 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:28:05.0709 3140 KSecDD - ok
21:28:05.0740 3140 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:28:05.0771 3140 KSecPkg - ok
21:28:05.0803 3140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:28:05.0881 3140 ksthunk - ok
21:28:05.0943 3140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:28:06.0068 3140 KtmRm - ok
21:28:06.0099 3140 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
21:28:06.0130 3140 L1C - ok
21:28:06.0177 3140 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:28:06.0271 3140 LanmanServer - ok
21:28:06.0317 3140 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:28:06.0411 3140 LanmanWorkstation - ok
21:28:06.0458 3140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:28:06.0567 3140 lltdio - ok
21:28:06.0614 3140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:28:06.0739 3140 lltdsvc - ok
21:28:06.0770 3140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:28:06.0848 3140 lmhosts - ok
21:28:07.0004 3140 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:28:07.0035 3140 LMS - ok
21:28:07.0082 3140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:28:07.0113 3140 LSI_FC - ok
21:28:07.0144 3140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:28:07.0175 3140 LSI_SAS - ok
21:28:07.0222 3140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:28:07.0238 3140 LSI_SAS2 - ok
21:28:07.0269 3140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:28:07.0300 3140 LSI_SCSI - ok
21:28:07.0331 3140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:28:07.0425 3140 luafv - ok
21:28:07.0487 3140 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:28:07.0503 3140 MBAMProtector - ok
21:28:07.0597 3140 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:28:07.0643 3140 MBAMService - ok
21:28:07.0675 3140 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:28:07.0706 3140 Mcx2Svc - ok
21:28:07.0737 3140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:28:07.0768 3140 megasas - ok
21:28:07.0799 3140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:28:07.0831 3140 MegaSR - ok
21:28:07.0877 3140 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
21:28:07.0909 3140 MEIx64 - ok
21:28:07.0940 3140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:28:08.0065 3140 MMCSS - ok
21:28:08.0065 3140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:28:08.0174 3140 Modem - ok
21:28:08.0205 3140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:28:08.0252 3140 monitor - ok
21:28:08.0299 3140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:28:08.0314 3140 mouclass - ok
21:28:08.0361 3140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:28:08.0408 3140 mouhid - ok
21:28:08.0439 3140 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:28:08.0455 3140 mountmgr - ok
21:28:08.0533 3140 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:28:08.0564 3140 MozillaMaintenance - ok
21:28:08.0595 3140 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:28:08.0626 3140 mpio - ok
21:28:08.0657 3140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:28:08.0751 3140 mpsdrv - ok
21:28:08.0860 3140 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:28:08.0985 3140 MpsSvc - ok
21:28:09.0016 3140 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:28:09.0079 3140 MRxDAV - ok
21:28:09.0125 3140 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:09.0188 3140 mrxsmb - ok
21:28:09.0235 3140 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:09.0281 3140 mrxsmb10 - ok
21:28:09.0328 3140 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:09.0391 3140 mrxsmb20 - ok
21:28:09.0422 3140 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:28:09.0448 3140 msahci - ok
21:28:09.0474 3140 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:28:09.0505 3140 msdsm - ok
21:28:09.0546 3140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:28:09.0599 3140 MSDTC - ok
21:28:09.0644 3140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:28:09.0747 3140 Msfs - ok
21:28:09.0768 3140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:28:09.0872 3140 mshidkmdf - ok
21:28:09.0890 3140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:28:09.0915 3140 msisadrv - ok
21:28:09.0964 3140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:28:10.0080 3140 MSiSCSI - ok
21:28:10.0086 3140 msiserver - ok
21:28:10.0126 3140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:28:10.0213 3140 MSKSSRV - ok
21:28:10.0219 3140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:10.0307 3140 MSPCLOCK - ok
21:28:10.0314 3140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:28:10.0405 3140 MSPQM - ok
21:28:10.0457 3140 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:28:10.0498 3140 MsRPC - ok
21:28:10.0522 3140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:28:10.0546 3140 mssmbios - ok
21:28:10.0580 3140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:28:10.0681 3140 MSTEE - ok
21:28:10.0729 3140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:28:10.0778 3140 MTConfig - ok
21:28:10.0837 3140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:28:10.0863 3140 Mup - ok
21:28:10.0954 3140 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:28:11.0042 3140 napagent - ok
21:28:11.0120 3140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:28:11.0182 3140 NativeWifiP - ok
21:28:11.0307 3140 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
21:28:11.0370 3140 NDIS - ok
21:28:11.0401 3140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:28:11.0494 3140 NdisCap - ok
21:28:11.0526 3140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:11.0619 3140 NdisTapi - ok
21:28:11.0650 3140 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:11.0760 3140 Ndisuio - ok
21:28:11.0775 3140 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:11.0869 3140 NdisWan - ok
21:28:11.0900 3140 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:28:12.0025 3140 NDProxy - ok
21:28:12.0040 3140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:28:12.0150 3140 NetBIOS - ok
21:28:12.0212 3140 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:28:12.0306 3140 NetBT - ok
21:28:12.0337 3140 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:28:12.0368 3140 Netlogon - ok
21:28:12.0430 3140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:28:12.0540 3140 Netman - ok
21:28:12.0664 3140 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:12.0680 3140 NetMsmqActivator - ok
21:28:12.0696 3140 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:12.0711 3140 NetPipeActivator - ok
21:28:12.0789 3140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:28:12.0914 3140 netprofm - ok
21:28:13.0086 3140 netr28x (f1814e62eb6e50472afc9903525ecec1) C:\Windows\system32\DRIVERS\netr28x.sys
21:28:13.0132 3140 netr28x - ok
21:28:13.0242 3140 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:13.0257 3140 NetTcpActivator - ok
21:28:13.0273 3140 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:13.0288 3140 NetTcpPortSharing - ok
21:28:13.0429 3140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:28:13.0460 3140 nfrd960 - ok
21:28:13.0507 3140 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:28:13.0616 3140 NlaSvc - ok
21:28:13.0647 3140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:28:13.0725 3140 Npfs - ok
21:28:13.0756 3140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:28:13.0850 3140 nsi - ok
21:28:13.0881 3140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:28:13.0975 3140 nsiproxy - ok
21:28:14.0162 3140 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:28:14.0256 3140 Ntfs - ok
21:28:14.0396 3140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:28:14.0505 3140 Null - ok
21:28:15.0909 3140 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:28:16.0471 3140 nvlddmkm - ok
21:28:16.0658 3140 nvpciflt (6856261c915dd080dbadae9d6b788d85) C:\Windows\system32\DRIVERS\nvpciflt.sys
21:28:16.0674 3140 nvpciflt - ok
21:28:16.0736 3140 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:28:16.0767 3140 nvraid - ok
21:28:16.0798 3140 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:28:16.0830 3140 nvstor - ok
21:28:16.0954 3140 NVSvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
21:28:17.0001 3140 NVSvc - ok
21:28:17.0313 3140 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:28:17.0438 3140 nvUpdatusService - ok
21:28:17.0610 3140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:28:17.0641 3140 nv_agp - ok
21:28:17.0656 3140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:28:17.0688 3140 ohci1394 - ok
21:28:17.0781 3140 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:17.0797 3140 ose - ok
21:28:18.0358 3140 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:28:18.0670 3140 osppsvc - ok
21:28:18.0826 3140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:28:18.0889 3140 p2pimsvc - ok
21:28:18.0951 3140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:28:18.0998 3140 p2psvc - ok
21:28:19.0060 3140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:28:19.0107 3140 Parport - ok
21:28:19.0138 3140 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:28:19.0154 3140 partmgr - ok
21:28:19.0201 3140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:28:19.0263 3140 PcaSvc - ok
21:28:19.0326 3140 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:28:19.0357 3140 pci - ok
21:28:19.0372 3140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:28:19.0404 3140 pciide - ok
21:28:19.0435 3140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:28:19.0466 3140 pcmcia - ok
21:28:19.0482 3140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:28:19.0513 3140 pcw - ok
21:28:19.0575 3140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:28:19.0700 3140 PEAUTH - ok
21:28:19.0794 3140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:28:19.0840 3140 PerfHost - ok
21:28:20.0028 3140 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:28:20.0168 3140 pla - ok
21:28:20.0246 3140 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:28:20.0308 3140 PlugPlay - ok
21:28:20.0355 3140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:28:20.0418 3140 PNRPAutoReg - ok
21:28:20.0480 3140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:28:20.0511 3140 PNRPsvc - ok
21:28:20.0589 3140 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:28:20.0698 3140 PolicyAgent - ok
21:28:20.0745 3140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:28:20.0854 3140 Power - ok
21:28:20.0932 3140 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:28:21.0026 3140 PptpMiniport - ok
21:28:21.0042 3140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:28:21.0073 3140 Processor - ok
21:28:21.0135 3140 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:28:21.0244 3140 ProfSvc - ok
21:28:21.0276 3140 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:28:21.0307 3140 ProtectedStorage - ok
21:28:21.0354 3140 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:28:21.0447 3140 Psched - ok
21:28:21.0619 3140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:28:21.0712 3140 ql2300 - ok
21:28:21.0868 3140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:28:21.0900 3140 ql40xx - ok
21:28:21.0962 3140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:28:22.0009 3140 QWAVE - ok
21:28:22.0024 3140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:28:22.0087 3140 QWAVEdrv - ok
21:28:22.0102 3140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:28:22.0196 3140 RasAcd - ok
21:28:22.0274 3140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:28:22.0383 3140 RasAgileVpn - ok
21:28:22.0430 3140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:28:22.0539 3140 RasAuto - ok
21:28:22.0586 3140 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:28:22.0680 3140 Rasl2tp - ok
21:28:22.0742 3140 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:28:22.0836 3140 RasMan - ok
21:28:22.0898 3140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:28:22.0976 3140 RasPppoe - ok
21:28:23.0007 3140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:28:23.0116 3140 RasSstp - ok
21:28:23.0163 3140 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:28:23.0257 3140 rdbss - ok
21:28:23.0288 3140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:28:23.0335 3140 rdpbus - ok
21:28:23.0350 3140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:28:23.0444 3140 RDPCDD - ok
21:28:23.0460 3140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:28:23.0553 3140 RDPENCDD - ok
21:28:23.0584 3140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:28:23.0678 3140 RDPREFMP - ok
21:28:23.0725 3140 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:28:23.0787 3140 RDPWD - ok
21:28:23.0850 3140 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:28:23.0881 3140 rdyboost - ok
21:28:23.0912 3140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:28:24.0006 3140 RemoteAccess - ok
21:28:24.0068 3140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:28:24.0162 3140 RemoteRegistry - ok
21:28:24.0208 3140 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:28:24.0255 3140 RFCOMM - ok
21:28:24.0286 3140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:28:24.0380 3140 RpcEptMapper - ok
21:28:24.0411 3140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:28:24.0458 3140 RpcLocator - ok
21:28:24.0520 3140 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:28:24.0630 3140 RpcSs - ok
21:28:24.0676 3140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:28:24.0770 3140 rspndr - ok
21:28:24.0801 3140 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:28:24.0817 3140 SamSs - ok
21:28:24.0848 3140 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:28:24.0879 3140 sbp2port - ok
21:28:24.0910 3140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:28:25.0004 3140 SCardSvr - ok
21:28:25.0035 3140 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:28:25.0144 3140 scfilter - ok
21:28:25.0269 3140 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:28:25.0410 3140 Schedule - ok
21:28:25.0441 3140 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:28:25.0534 3140 SCPolicySvc - ok
21:28:25.0581 3140 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:28:25.0628 3140 SDRSVC - ok
21:28:25.0737 3140 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:28:25.0768 3140 SeaPort - ok
21:28:25.0831 3140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:28:25.0940 3140 secdrv - ok
21:28:25.0971 3140 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:28:26.0065 3140 seclogon - ok
21:28:26.0096 3140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:28:26.0205 3140 SENS - ok
21:28:26.0236 3140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:28:26.0299 3140 SensrSvc - ok
21:28:26.0314 3140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:28:26.0346 3140 Serenum - ok
21:28:26.0392 3140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:28:26.0424 3140 Serial - ok
21:28:26.0439 3140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:28:26.0486 3140 sermouse - ok
21:28:26.0517 3140 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:28:26.0626 3140 SessionEnv - ok
21:28:26.0642 3140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:28:26.0689 3140 sffdisk - ok
21:28:26.0704 3140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:28:26.0751 3140 sffp_mmc - ok
21:28:26.0767 3140 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:28:26.0814 3140 sffp_sd - ok
21:28:26.0845 3140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:28:26.0892 3140 sfloppy - ok
21:28:26.0985 3140 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:28:27.0032 3140 Sftfs - ok
21:28:27.0141 3140 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:28:27.0172 3140 sftlist - ok
21:28:27.0235 3140 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:28:27.0266 3140 Sftplay - ok
21:28:27.0282 3140 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:28:27.0297 3140 Sftredir - ok
21:28:27.0328 3140 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:28:27.0344 3140 Sftvol - ok
21:28:27.0406 3140 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:28:27.0438 3140 sftvsa - ok
21:28:27.0500 3140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:28:27.0609 3140 SharedAccess - ok
21:28:27.0672 3140 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:28:27.0781 3140 ShellHWDetection - ok
21:28:27.0812 3140 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
21:28:27.0859 3140 SiSGbeLH - ok
21:28:27.0890 3140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:28:27.0906 3140 SiSRaid2 - ok
21:28:27.0937 3140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:28:27.0952 3140 SiSRaid4 - ok
21:28:27.0999 3140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:28:28.0093 3140 Smb - ok
21:28:28.0124 3140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:28:28.0171 3140 SNMPTRAP - ok
21:28:28.0202 3140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:28:28.0218 3140 spldr - ok
21:28:28.0311 3140 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:28:28.0420 3140 Spooler - ok
21:28:28.0764 3140 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:28:28.0982 3140 sppsvc - ok
21:28:29.0169 3140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:28:29.0263 3140 sppuinotify - ok
21:28:29.0356 3140 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:28:29.0434 3140 srv - ok
21:28:29.0481 3140 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:28:29.0528 3140 srv2 - ok
21:28:29.0559 3140 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:28:29.0606 3140 srvnet - ok
21:28:29.0668 3140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:28:29.0762 3140 SSDPSRV - ok
21:28:29.0793 3140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:28:29.0902 3140 SstpSvc - ok
21:28:29.0934 3140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:28:29.0949 3140 stexstor - ok
21:28:30.0058 3140 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:28:30.0121 3140 stisvc - ok
21:28:30.0152 3140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:28:30.0168 3140 swenum - ok
21:28:30.0246 3140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:28:30.0370 3140 swprv - ok
21:28:30.0558 3140 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:28:30.0651 3140 SysMain - ok
21:28:30.0792 3140 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:28:30.0838 3140 TabletInputService - ok
21:28:30.0885 3140 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:28:30.0979 3140 TapiSrv - ok
21:28:31.0010 3140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:28:31.0104 3140 TBS - ok
21:28:31.0353 3140 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:28:31.0462 3140 Tcpip - ok
21:28:31.0806 3140 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:28:31.0899 3140 TCPIP6 - ok
21:28:32.0071 3140 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:28:32.0164 3140 tcpipreg - ok
21:28:32.0211 3140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:28:32.0242 3140 TDPIPE - ok
21:28:32.0258 3140 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:28:32.0289 3140 TDTCP - ok
21:28:32.0336 3140 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:28:32.0430 3140 tdx - ok
21:28:32.0445 3140 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:28:32.0461 3140 TermDD - ok
21:28:32.0554 3140 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:28:32.0664 3140 TermService - ok
21:28:32.0679 3140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:28:32.0726 3140 Themes - ok
21:28:32.0757 3140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:28:32.0851 3140 THREADORDER - ok
21:28:32.0882 3140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:28:32.0976 3140 TrkWks - ok
21:28:33.0038 3140 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:28:33.0147 3140 TrustedInstaller - ok
21:28:33.0163 3140 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:28:33.0241 3140 tssecsrv - ok
21:28:33.0288 3140 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:28:33.0334 3140 TsUsbFlt - ok
21:28:33.0366 3140 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:28:33.0397 3140 TsUsbGD - ok
21:28:33.0444 3140 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:28:33.0537 3140 tunnel - ok
21:28:33.0568 3140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:28:33.0600 3140 uagp35 - ok
21:28:33.0631 3140 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:28:33.0756 3140 udfs - ok
21:28:33.0787 3140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:28:33.0849 3140 UI0Detect - ok
21:28:33.0880 3140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:28:33.0896 3140 uliagpkx - ok
21:28:33.0943 3140 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:28:33.0974 3140 umbus - ok
21:28:34.0005 3140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:28:34.0052 3140 UmPass - ok
21:28:34.0364 3140 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:28:34.0504 3140 UNS - ok
21:28:34.0660 3140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:28:34.0770 3140 upnphost - ok
21:28:34.0848 3140 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:28:34.0910 3140 usbccgp - ok
21:28:34.0957 3140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:28:35.0004 3140 usbcir - ok
21:28:35.0050 3140 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:28:35.0097 3140 usbehci - ok
21:28:35.0175 3140 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:28:35.0222 3140 usbhub - ok
21:28:35.0253 3140 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:28:35.0269 3140 usbohci - ok
21:28:35.0316 3140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
21:28:35.0347 3140 usbprint - ok
21:28:35.0378 3140 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:28:35.0425 3140 USBSTOR - ok
21:28:35.0472 3140 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:28:35.0503 3140 usbuhci - ok
21:28:35.0565 3140 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:28:35.0612 3140 usbvideo - ok
21:28:35.0643 3140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:28:35.0721 3140 UxSms - ok
21:28:35.0752 3140 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:28:35.0784 3140 VaultSvc - ok
21:28:35.0799 3140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:28:35.0830 3140 vdrvroot - ok
21:28:35.0908 3140 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:28:36.0018 3140 vds - ok
21:28:36.0064 3140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:28:36.0096 3140 vga - ok
21:28:36.0111 3140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:28:36.0189 3140 VgaSave - ok
21:28:36.0236 3140 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:28:36.0267 3140 vhdmp - ok
21:28:36.0283 3140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:28:36.0314 3140 viaide - ok
21:28:36.0361 3140 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:28:36.0376 3140 volmgr - ok
21:28:36.0439 3140 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:28:36.0470 3140 volmgrx - ok
21:28:36.0501 3140 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:28:36.0532 3140 volsnap - ok
21:28:36.0595 3140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:28:36.0626 3140 vsmraid - ok
21:28:36.0813 3140 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:28:36.0954 3140 VSS - ok
21:28:37.0125 3140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:28:37.0172 3140 vwifibus - ok
21:28:37.0203 3140 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:28:37.0250 3140 vwififlt - ok
21:28:37.0281 3140 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:28:37.0328 3140 vwifimp - ok
21:28:37.0406 3140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:28:37.0515 3140 W32Time - ok
21:28:37.0546 3140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:28:37.0578 3140 WacomPen - ok
21:28:37.0624 3140 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:28:37.0718 3140 WANARP - ok
21:28:37.0734 3140 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:28:37.0827 3140 Wanarpv6 - ok
21:28:37.0999 3140 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:28:38.0092 3140 wbengine - ok
21:28:38.0248 3140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:28:38.0295 3140 WbioSrvc - ok
21:28:38.0358 3140 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:28:38.0436 3140 wcncsvc - ok
21:28:38.0467 3140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:28:38.0529 3140 WcsPlugInService - ok
21:28:38.0576 3140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:28:38.0607 3140 Wd - ok
21:28:38.0685 3140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:28:38.0748 3140 Wdf01000 - ok
21:28:38.0763 3140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:28:38.0872 3140 WdiServiceHost - ok
21:28:38.0872 3140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:28:38.0919 3140 WdiSystemHost - ok
21:28:38.0982 3140 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:28:39.0028 3140 WebClient - ok
21:28:39.0060 3140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:28:39.0169 3140 Wecsvc - ok
21:28:39.0200 3140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:28:39.0309 3140 wercplsupport - ok
21:28:39.0340 3140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:28:39.0450 3140 WerSvc - ok
21:28:39.0512 3140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:28:39.0606 3140 WfpLwf - ok
21:28:39.0621 3140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:28:39.0652 3140 WIMMount - ok
21:28:39.0699 3140 WinDefend - ok
21:28:39.0715 3140 WinHttpAutoProxySvc - ok
21:28:39.0793 3140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:28:39.0902 3140 Winmgmt - ok
21:28:40.0136 3140 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:28:40.0292 3140 WinRM - ok
21:28:40.0526 3140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:28:40.0604 3140 Wlansvc - ok
21:28:40.0682 3140 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:28:40.0713 3140 wlcrasvc - ok
21:28:40.0994 3140 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:28:41.0119 3140 wlidsvc - ok
21:28:41.0290 3140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:28:41.0322 3140 WmiAcpi - ok
21:28:41.0400 3140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:28:41.0446 3140 wmiApSrv - ok
21:28:41.0493 3140 WMPNetworkSvc - ok
21:28:41.0524 3140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:28:41.0571 3140 WPCSvc - ok
21:28:41.0602 3140 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:28:41.0634 3140 WPDBusEnum - ok
21:28:41.0665 3140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:28:41.0774 3140 ws2ifsl - ok
21:28:41.0805 3140 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:28:41.0868 3140 wscsvc - ok
21:28:41.0868 3140 WSearch - ok
21:28:42.0117 3140 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:28:42.0304 3140 wuauserv - ok
21:28:42.0476 3140 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:28:42.0570 3140 WudfPf - ok
21:28:42.0616 3140 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:28:42.0726 3140 WUDFRd - ok
21:28:42.0757 3140 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:28:42.0850 3140 wudfsvc - ok
21:28:42.0882 3140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:28:42.0944 3140 WwanSvc - ok
21:28:42.0975 3140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:28:43.0490 3140 \Device\Harddisk0\DR0 - ok
21:28:43.0521 3140 Boot (0x1200) (125fac85c95d2be1c3f423bae6f72dc4) \Device\Harddisk0\DR0\Partition0
21:28:43.0521 3140 \Device\Harddisk0\DR0\Partition0 - ok
21:28:43.0537 3140 Boot (0x1200) (9c481b074696cb00d8ed33c983b1a3b2) \Device\Harddisk0\DR0\Partition1
21:28:43.0552 3140 \Device\Harddisk0\DR0\Partition1 - ok
21:28:43.0552 3140 ============================================================
21:28:43.0552 3140 Scan finished
21:28:43.0552 3140 ============================================================
21:28:43.0568 4160 Detected object count: 0
21:28:43.0568 4160 Actual detected object count: 0
 Julian |
|
25.05.2012, 23:38
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verschlüsselungs Trojaner (Neu) - Was tun? Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
26.05.2012, 21:47
| #3 |
| |  Verschlüsselungs Trojaner (Neu) - Was tun? So hier der ComboFix Log, hab aber vergessen Windows Defender auszustellen, ist noch ein durchlauf nötig?
__________________ Naja hier der Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-05-26.02 - Julian 26.05.2012 22:25:13.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8104.6400 [GMT 2:00]
ausgeführt von:: c:\users\Julian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-26 bis 2012-05-26 ))))))))))))))))))))))))))))))
.
.
2012-05-26 20:34 . 2012-05-26 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 20:32 . 2012-05-26 20:32 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C0C0DE-0703-4E39-8E70-36C653084330}\offreg.dll
2012-05-25 18:23 . 2012-05-25 18:23 -------- d-----w- c:\programdata\VirtualizedApplications
2012-05-25 16:17 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C0C0DE-0703-4E39-8E70-36C653084330}\mpengine.dll
2012-05-22 19:07 . 2012-05-22 19:25 -------- d-----w- C:\_OTL
2012-05-22 18:52 . 2012-05-23 19:22 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-05-18 11:29 . 2012-05-18 11:29 -------- d-----w- c:\program files (x86)\ESET
2012-05-17 22:16 . 2012-05-17 22:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-17 22:16 . 2012-05-17 22:16 -------- d-----w- c:\programdata\Malwarebytes
2012-05-17 22:16 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-16 12:11 . 2012-05-16 12:11 -------- d-----w- c:\program files\Microsoft SQL Server
2012-05-16 12:11 . 2012-05-16 12:11 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-05-16 12:11 . 2012-05-16 12:11 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-05-16 12:10 . 2012-05-16 12:10 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-05-16 12:10 . 2012-05-16 12:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-05-16 11:45 . 2012-05-16 11:45 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-05-16 11:45 . 2012-05-16 11:45 -------- d-----w- c:\windows\system32\1031
2012-05-16 11:45 . 2012-05-16 11:45 -------- d-----w- c:\windows\symbols
2012-05-16 11:45 . 2012-05-16 12:11 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-05-16 11:45 . 2012-05-16 11:45 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-05-16 11:45 . 2012-05-16 11:45 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-05-15 21:45 . 2012-05-16 11:50 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-05-13 22:59 . 2012-05-13 22:59 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-13 15:46 . 2012-03-22 11:43 2557952 ----a-w- c:\windows\SysWow64\QtCore4.dll
2012-05-13 15:46 . 2012-04-18 11:49 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-13 15:46 . 2012-05-13 15:46 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-05-13 15:46 . 2012-05-13 15:46 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-05-13 13:36 . 2012-05-13 13:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-13 13:35 . 2012-05-13 13:35 -------- d-----w- c:\program files (x86)\Oracle
2012-05-13 13:35 . 2012-04-04 16:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-13 13:35 . 2012-04-04 16:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-13 13:34 . 2012-05-13 13:34 -------- d-----w- c:\program files (x86)\Java
2012-05-10 20:33 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-05-10 20:33 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-05-10 20:33 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-05-10 20:33 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-05-10 20:33 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-05-10 20:33 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-05-10 20:33 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-05-10 20:33 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-05-10 20:33 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-05-10 20:33 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-05-10 20:33 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-05-10 20:32 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-05-10 20:32 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-05-10 20:31 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-10 20:31 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-10 20:31 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-10 20:31 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-10 20:29 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll
2012-05-10 20:28 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-05-10 20:27 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 20:27 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 20:27 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 20:27 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 20:27 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 20:27 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-10 20:27 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-05-10 20:27 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-05-10 20:27 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-05-10 20:26 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-05-10 20:26 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-10 20:26 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-10 20:26 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-05-10 20:26 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2012-05-10 20:26 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-05-10 20:26 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-05-10 20:26 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-05-10 20:26 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-05-10 20:24 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-05-10 20:24 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-05-10 12:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-10 12:17 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-10 12:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-10 12:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-10 12:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-10 12:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-10 12:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-09 22:36 . 2012-05-09 22:37 -------- d-----w- c:\program files\Paint.NET
2012-05-09 21:08 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-05-09 21:08 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-05-09 21:08 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-09 21:08 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-05-09 21:07 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-09 21:07 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-05-09 21:07 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-05-09 21:07 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-05-09 21:07 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-05-09 21:07 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-05-09 21:07 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-09 21:07 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-05-09 21:07 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-09 21:07 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-05-09 21:07 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-05-09 21:07 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-05-09 21:06 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:06 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-09 21:06 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-09 21:04 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-05-09 21:04 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-05-09 20:07 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-09 20:07 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-09 20:07 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-09 20:07 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-09 20:07 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-09 20:07 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-09 20:07 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-09 12:23 . 2012-05-13 23:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 12:23 . 2012-05-13 23:05 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-09 12:23 . 2012-05-09 12:23 -------- d-----w- c:\windows\system32\Macromed
2012-05-09 02:19 . 2012-05-09 02:19 -------- d-----w- c:\programdata\Intel
2012-05-08 21:25 . 2012-05-08 21:25 -------- d-----w- c:\program files (x86)\VideoLAN
2012-05-08 21:23 . 2012-05-15 22:56 -------- d-----w- c:\users\UpdatusUser
2012-05-08 21:20 . 2012-05-08 21:20 -------- d-----w- C:\NVIDIA
2012-05-08 20:04 . 2012-05-08 21:34 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 20:04 . 2012-05-08 21:34 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-08 20:04 . 2011-12-15 13:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-08 20:04 . 2012-05-08 20:04 -------- d-----w- c:\programdata\Avira
2012-05-08 20:04 . 2012-05-08 20:04 -------- d-----w- c:\program files (x86)\Avira
2012-05-08 19:24 . 2012-05-08 19:24 -------- d-----w- c:\programdata\ASUS
2012-05-08 18:47 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-08 18:29 . 2012-05-08 18:37 -------- d-----w- c:\program files (x86)\ICQ7.7
2012-05-08 18:20 . 2012-05-25 16:12 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-08 18:14 . 2006-10-09 17:07 183296 ----a-w- c:\windows\SysWow64\ACEngSvr.exe
2012-05-08 18:13 . 2010-08-03 13:30 196224 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 18:20 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 23:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11780712]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\qtxrj9rw.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-26 22:40:55
ComboFix-quarantined-files.txt 2012-05-26 20:40
.
Vor Suchlauf: 13 Verzeichnis(se), 205.107.552.256 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 206.544.936.960 Bytes frei
.
- - End Of File - - C946C156A14D33058641ED8613FA8D0F
Dankeschön für die tolle Hilfe Liebe Grüße, Julian |
|
28.05.2012, 14:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner (Neu) - Was tun? Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2012, 12:49
| #5 |
| | Verschlüsselungs Trojaner (Neu) - Was tun? Guten Nachmittag Ich wollte gerade den Scan durchführen aber das Programm bricht nach ein paar Minuten ab und es kommt die Fehlermeldung, dass avast! Antirootkit nicht funktioniert. Dann hab ich die Möglichkeit auf Debuggen und Programm schließen zu klicken. Im Anhang nochmal ein Screen von dem aswMBR Fenster. Liebe Grüße, Julian |
|
29.05.2012, 14:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner (Neu) - Was tun? Deswegen weil das öfter vorkommt hab ich unten zu aswMBR einen Hinweis gepostet
__________________ --> Verschlüsselungs Trojaner (Neu) - Was tun? |
|
31.05.2012, 15:05
| #7 |
| | Verschlüsselungs Trojaner (Neu) - Was tun? So, hat jetzt geklappt hier das Log: Code:
ATTFilter [aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-31 15:22:46
-----------------------------
15:22:46.432 OS Version: Windows x64 6.1.7601 Service Pack 1
15:22:46.432 Number of processors: 8 586 0x2A07
15:22:46.432 ComputerName: JULIAN-PC UserName: Julian
15:22:50.017 Initialize success
15:47:32.567 AVAST engine defs: 12053100
15:47:39.471 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:47:39.471 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
15:47:39.502 Disk 0 MBR read successfully
15:47:39.502 Disk 0 MBR scan
15:47:39.518 Disk 0 Windows 7 default MBR code
15:47:39.533 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
15:47:39.549 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 256054 MB offset 52430848
15:47:39.565 Disk 0 Partition - 00 0F Extended LBA 328824 MB offset 576829440
15:47:39.596 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 328823 MB offset 576831488
15:47:39.627 Disk 0 scanning C:\Windows\system32\drivers
15:47:55.731 Service scanning
15:48:35.050 Modules scanning
15:48:35.070 Disk 0 trace - called modules:
15:48:35.408
15:48:35.421 Scan finished successfully
15:57:42.104 Disk 0 MBR has been saved successfully to "C:\Users\Julian\Downloads\MBR.dat"
15:57:42.121 The log file has been saved successfully to "C:\Users\Julian\Downloads\aswMBR.txt"
Danke für die Hilfe Liebe Grüße |
|
31.05.2012, 15:39
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner (Neu) - Was tun? Sieht ok aus. Wir sollten fast durch sein (abgesehen von der Entschlüsslung). Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 19:59
| #9 |
| | Verschlüsselungs Trojaner (Neu) - Was tun? So sind beide durchgelaufen Zuerst der Malewarebytes Log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.31.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Julian :: JULIAN-PC [Administrator] Schutz: Deaktiviert 31.05.2012 17:25:48 mbam-log-2012-05-31 (17-25-48).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 357592 Laufzeit: 1 Stunde(n), 9 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 05/31/2012 at 08:53 PM
Application Version : 5.0.1150
Core Rules Database Version : 8662
Trace Rules Database Version: 6474
Scan type : Complete Scan
Total Scan Time : 01:44:20
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 623
Memory threats detected : 0
Registry items scanned : 69138
Registry threats detected : 0
File items scanned : 168282
File threats detected : 330
Adware.Tracking Cookie
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\julian@apmebf[2].txt [ /apmebf ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\YLLQNB1F.txt [ /webmasterplan.com ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\IMLI9D7O.txt [ /ad.adserver01.de ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\C84G7PK9.txt [ /ad.zanox.com ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\R23SCIKH.txt [ /adfarm1.adition.com ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\XS6A6186.txt [ /serving-sys.com ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\H151ABA0.txt [ /doubleclick.net ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\AJBFDRXK.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\LBCT6RC8.txt [ /imrworldwide.com ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\66KRLBWC.txt [ /zanox.com ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\B9VTUHND.txt [ /track.adform.net ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\BI7W50K7.txt [ /tracking.quisma.com ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\PYYZNURM.txt [ /atdmt.com ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\85XUTLE5.txt [ /adform.net ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\6JOF03XE.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Cookies\E724SVAZ.txt [ /ad1.adfarm1.adition.com ]
C:\USERS\JULIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\julian@clickfuse[1].txt [ Cookie:julian@clickfuse.com/ ]
C:\USERS\JULIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\julian@apmebf[1].txt [ Cookie:julian@apmebf.com/ ]
C:\USERS\JULIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\julian@mediaplex[1].txt [ Cookie:julian@mediaplex.com/ ]
C:\USERS\JULIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\julian@ad.yieldmanager[1].txt [ Cookie:julian@ad.yieldmanager.com/ ]
C:\USERS\JULIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\julian@revsci[2].txt [ Cookie:julian@revsci.net/ ]
C:\USERS\JULIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\julian@yadro[2].txt [ Cookie:julian@yadro.ru/ ]
C:\USERS\JULIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\julian@atdmt[2].txt [ Cookie:julian@atdmt.com/ ]
C:\USERS\JULIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\julian@c.atdmt[2].txt [ Cookie:julian@c.atdmt.com/ ]
C:\USERS\JULIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\julian@amazon-adsystem[1].txt [ Cookie:julian@amazon-adsystem.com/ ]
C:\USERS\JULIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\julian@fastclick[2].txt [ Cookie:julian@fastclick.net/ ]
C:\USERS\JULIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\julian@adx.chip[1].txt [ Cookie:julian@adx.chip.de/ ]
C:\USERS\JULIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\julian@eas.apm.emediate[2].txt [ Cookie:julian@eas.apm.emediate.eu/ ]
C:\USERS\JULIAN\Cookies\YLLQNB1F.txt [ Cookie:julian@webmasterplan.com/ ]
C:\USERS\JULIAN\Cookies\IMLI9D7O.txt [ Cookie:julian@ad.adserver01.de/ ]
C:\USERS\JULIAN\Cookies\C84G7PK9.txt [ Cookie:julian@ad.zanox.com/ ]
C:\USERS\JULIAN\Cookies\julian@apmebf[2].txt [ Cookie:julian@apmebf.com/ ]
C:\USERS\JULIAN\Cookies\AJBFDRXK.txt [ Cookie:julian@ad2.adfarm1.adition.com/ ]
C:\USERS\JULIAN\Cookies\66KRLBWC.txt [ Cookie:julian@zanox.com/ ]
C:\USERS\JULIAN\Cookies\BI7W50K7.txt [ Cookie:julian@tracking.quisma.com/ ]
C:\USERS\JULIAN\Cookies\PYYZNURM.txt [ Cookie:julian@atdmt.com/ ]
C:\USERS\JULIAN\Cookies\85XUTLE5.txt [ Cookie:julian@adform.net/ ]
C:\USERS\JULIAN\Cookies\6JOF03XE.txt [ Cookie:julian@ad3.adfarm1.adition.com/ ]
C:\USERS\JULIAN\Cookies\E724SVAZ.txt [ Cookie:julian@ad1.adfarm1.adition.com/ ]
.doubleclick.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad-emea.doubleclick.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad-emea.doubleclick.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a.revenuemax.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adviva.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.adform.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
counter.hitslink.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.computecmedia.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dyntracker.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.philips.112.2o7.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.paypal.112.2o7.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.paypal.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unister-adservices.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unister-adservices.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.habbo.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.ipcounter.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.usenext.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quartermedia.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quartermedia.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.cyonix.to [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.cyonix.to [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pornkino.to [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.active-tracking.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.active-tracking.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.active-tracking.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.adform.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pornkino.to [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pornkino.to [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornkino.to [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cyonix.to [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cyonix.to [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cyonix.to [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fahrrad-fitness-discount.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fahrrad-fitness-discount.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fahrrad-fitness-discount.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.fahrrad-fitness-discount.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.verifiedproductreviewer.bizrate.co.uk [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.verifiedproductreviewer.bizrate.co.uk [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.verifiedproductreviewer.bizrate.co.uk [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
verifiedproductreviewer.bizrate.co.uk [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exoclick.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpansion.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad4.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.mlsat02.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.zanox-affiliate.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.funpic.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.mtvnservices.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\H6BET5G2 ]
C:\USERS\JULIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JULIAN@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\JULIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JULIAN@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
C:\USERS\JULIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JULIAN@ADTECH[2].TXT [ /ADTECH ]
C:\USERS\JULIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JULIAN@SMARTADSERVER[1].TXT [ /SMARTADSERVER ]
C:\USERS\JULIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JULIAN@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
C:\USERS\JULIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JULIAN@WW251.SMARTADSERVER[2].TXT [ /WW251.SMARTADSERVER ]
C:\USERS\JULIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JULIAN@SERVING-SYS[1].TXT [ /SERVING-SYS ]
doubleclick.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
adtech.de [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
atdmt.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
atdmt.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
fastclick.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
adtech.de [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
adtech.de [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
dyntracker.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
smartadserver.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
amazon-adsystem.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
amazon-adsystem.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
serving-sys.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
revsci.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
smartadserver.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
smartadserver.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
smartadserver.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
smartadserver.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
zanox-affiliate.de [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
clickfuse.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
ad-emea.doubleclick.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
ad-emea.doubleclick.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
clickfuse.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
clickfuse.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
serving-sys.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
zanox.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
revsci.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
revsci.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
revsci.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
revsci.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
adtech.de [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
adtech.de [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
a.revenuemax.de [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
doubleclick.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
2o7.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
fastclick.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
specificclick.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
apmebf.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
mediaplex.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
mediaplex.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
adviva.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
im.banner.t-online.de [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
serving-sys.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
serving-sys.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
serving-sys.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
adform.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QTXRJ9RW.DEFAULT\COOKIES.SQLITE ]
und Liebe Grüße |
|
31.05.2012, 20:47
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner (Neu) - Was tun? Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 21:08
| #11 |
| | Verschlüsselungs Trojaner (Neu) - Was tun? Also die Probleme die ich bemerkt habe sind schon länger weg, aber wie ist das denn jetzt mit dem Entschlüsseln? Sonst ist alles noch gut, naja außer der Bluescreen halt. Liebe Grüße Und vielen vielen Dank dass der Virus weg ist |
|
01.06.2012, 11:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner (Neu) - Was tun? Obige Hinweise beachten Da sind mittlerweile 8 Tools, musst du ausprobieren Abgesehen davon wären wir aber durch Entfern bitte noch nichts aus der Quarantäne, die schädlichen Dateien, Ordner etc die wir gelöscht haben, liegen noch als Sicherheitskopie in diversen Ordner wie Qoobox oder _OTL/MovedFiles - die werden evtl. noch für eine Entschlüsselung benötigt Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.06.2012, 17:10
| #13 |
| | Verschlüsselungs Trojaner (Neu) - Was tun? Also ich hab jetzt alle Entschlüsselungsprogramme ausprobiert, leider funktioniert aber garkeins  Hab ein Lied vom USB-Stick genommen welches 9,2MB groß ist, im verschlüsselten Musikordner die gleiche Datei mit 9,2MB gesucht, aber kein Programm arbeitet damit. Ich glaube ich hab die neue Version des Trojaners, die Dateien haben jetzt auch alle so komische Namen á la 'aFnajsNsjNsk'. Ist es noch in Aussicht das man die Dateien entschlüsseln kann?Vielen Dank und liebe Grüße |
|
02.06.2012, 19:42
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner (Neu) - Was tun? Wenn es eine Lösung dazu gibt steht die oben bei den Hinweisen Eine Verschlüsselung rückgängig zu machen ist was anders als "nur" Schädlinge zu entfernen Wann genau deine Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer  es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "orginal" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht. Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.06.2012, 14:43
| #15 |
| | Verschlüsselungs Trojaner (Neu) - Was tun? Naja, ich schätze ich werde mein PC mal wieder neu aufsetzen, Dateien sind ja eh futsch... Das mit dem Backups werde ich dann auch durchführen Ich bedanke mich ganz herzlich dafür, dass wenigstens der Virus weg ist Liebe Grüße, Julian |
|
| Themen zu Verschlüsselungs Trojaner (Neu) - Was tun? |
| abgesicherten, alter, anhang, anti, anti vir, anzeige, anzeigen, bild, brauch, datei, dateien, downloaden, forum, infos, julia, modus, netzwerk, neu, neue, ordner, runter, schnell, strg, trojaner, verschlüsselung, virus, was tun?, windows-update |
Hybrid-Darstellung
