| |
| |||||||
Log-Analyse und Auswertung: Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.06.2012, 20:05
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet! Ja und Müll wurde auch entfernt Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.06.2012, 20:37
| #17 |
 | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet!Code:
ATTFilter 21:34:53.0790 3892 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:34:53.0870 3892 ============================================================
21:34:53.0870 3892 Current date / time: 2012/06/25 21:34:53.0870
21:34:53.0870 3892 SystemInfo:
21:34:53.0870 3892
21:34:53.0870 3892 OS Version: 6.1.7601 ServicePack: 1.0
21:34:53.0870 3892 Product type: Workstation
21:34:53.0870 3892 ComputerName: STEPHAN-PC
21:34:53.0870 3892 UserName: Stephan
21:34:53.0870 3892 Windows directory: C:\Windows
21:34:53.0870 3892 System windows directory: C:\Windows
21:34:53.0870 3892 Running under WOW64
21:34:53.0870 3892 Processor architecture: Intel x64
21:34:53.0870 3892 Number of processors: 4
21:34:53.0870 3892 Page size: 0x1000
21:34:53.0870 3892 Boot type: Normal boot
21:34:53.0870 3892 ============================================================
21:34:54.0650 3892 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:34:54.0650 3892 ============================================================
21:34:54.0650 3892 \Device\Harddisk0\DR0:
21:34:54.0650 3892 MBR partitions:
21:34:54.0650 3892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1B479000
21:34:54.0670 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x1B47983F, BlocksNum 0x1D4AD42
21:34:54.0670 3892 ============================================================
21:34:54.0720 3892 C: <-> \Device\Harddisk0\DR0\Partition0
21:34:54.0750 3892 D: <-> \Device\Harddisk0\DR0\Partition1
21:34:54.0750 3892 ============================================================
21:34:54.0750 3892 Initialize success
21:34:54.0750 3892 ============================================================
21:35:49.0560 2200 ============================================================
21:35:49.0560 2200 Scan started
21:35:49.0560 2200 Mode: Manual; SigCheck; TDLFS;
21:35:49.0560 2200 ============================================================
21:35:50.0500 2200 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:35:50.0610 2200 1394ohci - ok
21:35:50.0640 2200 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:35:50.0660 2200 ACPI - ok
21:35:50.0670 2200 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:35:50.0740 2200 AcpiPmi - ok
21:35:50.0840 2200 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:35:50.0860 2200 AdobeARMservice - ok
21:35:51.0010 2200 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:35:51.0020 2200 AdobeFlashPlayerUpdateSvc - ok
21:35:51.0080 2200 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:35:51.0110 2200 adp94xx - ok
21:35:51.0160 2200 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:35:51.0190 2200 adpahci - ok
21:35:51.0200 2200 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:35:51.0230 2200 adpu320 - ok
21:35:51.0260 2200 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:35:51.0380 2200 AeLookupSvc - ok
21:35:51.0440 2200 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:35:51.0500 2200 AFD - ok
21:35:51.0540 2200 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:35:51.0550 2200 agp440 - ok
21:35:51.0600 2200 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:35:51.0650 2200 ALG - ok
21:35:51.0680 2200 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:35:51.0690 2200 aliide - ok
21:35:51.0740 2200 AMD External Events Utility (5ec60409bd50953bd4f892b18840039e) C:\Windows\system32\atiesrxx.exe
21:35:51.0830 2200 AMD External Events Utility - ok
21:35:51.0870 2200 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:35:51.0890 2200 amdide - ok
21:35:51.0930 2200 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:35:51.0970 2200 AmdK8 - ok
21:35:52.0380 2200 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
21:35:52.0640 2200 amdkmdag - ok
21:35:52.0820 2200 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
21:35:52.0870 2200 amdkmdap - ok
21:35:52.0920 2200 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:35:52.0960 2200 AmdPPM - ok
21:35:53.0020 2200 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:35:53.0030 2200 amdsata - ok
21:35:53.0070 2200 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:35:53.0090 2200 amdsbs - ok
21:35:53.0110 2200 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:35:53.0120 2200 amdxata - ok
21:35:53.0250 2200 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:35:53.0260 2200 AntiVirSchedulerService - ok
21:35:53.0310 2200 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:35:53.0320 2200 AntiVirService - ok
21:35:53.0380 2200 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:35:53.0540 2200 AppID - ok
21:35:53.0570 2200 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:35:53.0620 2200 AppIDSvc - ok
21:35:53.0660 2200 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:35:53.0730 2200 Appinfo - ok
21:35:53.0760 2200 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:35:53.0760 2200 arc - ok
21:35:53.0800 2200 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:35:53.0820 2200 arcsas - ok
21:35:53.0850 2200 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:53.0910 2200 AsyncMac - ok
21:35:53.0920 2200 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:35:53.0930 2200 atapi - ok
21:35:53.0960 2200 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
21:35:53.0980 2200 AtiHDAudioService - ok
21:35:54.0380 2200 atikmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
21:35:54.0460 2200 atikmdag - ok
21:35:54.0630 2200 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:35:54.0700 2200 AudioEndpointBuilder - ok
21:35:54.0700 2200 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:35:54.0730 2200 AudioSrv - ok
21:35:54.0830 2200 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
21:35:54.0850 2200 avgntflt - ok
21:35:54.0900 2200 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
21:35:54.0920 2200 avipbb - ok
21:35:54.0960 2200 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:35:54.0970 2200 avkmgr - ok
21:35:55.0010 2200 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:35:55.0050 2200 AxInstSV - ok
21:35:55.0120 2200 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:35:55.0180 2200 b06bdrv - ok
21:35:55.0240 2200 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:35:55.0290 2200 b57nd60a - ok
21:35:55.0340 2200 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:35:55.0370 2200 BDESVC - ok
21:35:55.0380 2200 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:35:55.0440 2200 Beep - ok
21:35:55.0520 2200 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:35:55.0590 2200 BFE - ok
21:35:55.0660 2200 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:35:55.0740 2200 BITS - ok
21:35:55.0830 2200 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:35:55.0860 2200 blbdrive - ok
21:35:55.0920 2200 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:35:55.0960 2200 bowser - ok
21:35:55.0990 2200 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:35:56.0030 2200 BrFiltLo - ok
21:35:56.0060 2200 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:35:56.0090 2200 BrFiltUp - ok
21:35:56.0150 2200 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:35:56.0200 2200 Browser - ok
21:35:56.0230 2200 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:35:56.0290 2200 Brserid - ok
21:35:56.0310 2200 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:56.0350 2200 BrSerWdm - ok
21:35:56.0390 2200 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:56.0430 2200 BrUsbMdm - ok
21:35:56.0450 2200 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:56.0480 2200 BrUsbSer - ok
21:35:56.0500 2200 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:35:56.0530 2200 BTHMODEM - ok
21:35:56.0600 2200 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:35:56.0660 2200 bthserv - ok
21:35:56.0700 2200 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:35:56.0760 2200 cdfs - ok
21:35:56.0800 2200 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:35:56.0840 2200 cdrom - ok
21:35:56.0880 2200 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:35:56.0920 2200 CertPropSvc - ok
21:35:56.0960 2200 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:35:56.0980 2200 circlass - ok
21:35:57.0020 2200 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:35:57.0030 2200 CLFS - ok
21:35:57.0130 2200 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:35:57.0140 2200 clr_optimization_v2.0.50727_32 - ok
21:35:57.0210 2200 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:35:57.0220 2200 clr_optimization_v2.0.50727_64 - ok
21:35:57.0260 2200 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:35:57.0290 2200 CmBatt - ok
21:35:57.0310 2200 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:35:57.0320 2200 cmdide - ok
21:35:57.0380 2200 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:35:57.0400 2200 CNG - ok
21:35:57.0410 2200 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:35:57.0420 2200 Compbatt - ok
21:35:57.0450 2200 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:35:57.0490 2200 CompositeBus - ok
21:35:57.0510 2200 COMSysApp - ok
21:35:57.0560 2200 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
21:35:57.0570 2200 cpuz135 - ok
21:35:57.0590 2200 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:35:57.0600 2200 crcdisk - ok
21:35:57.0660 2200 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:35:57.0700 2200 CryptSvc - ok
21:35:57.0750 2200 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:35:57.0810 2200 DcomLaunch - ok
21:35:57.0850 2200 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:35:57.0910 2200 defragsvc - ok
21:35:57.0940 2200 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:35:58.0000 2200 DfsC - ok
21:35:58.0040 2200 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:35:58.0090 2200 Dhcp - ok
21:35:58.0120 2200 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:35:58.0180 2200 discache - ok
21:35:58.0210 2200 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:35:58.0220 2200 Disk - ok
21:35:58.0270 2200 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:35:58.0320 2200 Dnscache - ok
21:35:58.0360 2200 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:35:58.0400 2200 dot3svc - ok
21:35:58.0410 2200 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:35:58.0460 2200 DPS - ok
21:35:58.0500 2200 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:35:58.0540 2200 drmkaud - ok
21:35:58.0600 2200 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:35:58.0620 2200 dtsoftbus01 - ok
21:35:58.0710 2200 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:35:58.0750 2200 DXGKrnl - ok
21:35:58.0790 2200 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:35:58.0840 2200 EapHost - ok
21:35:59.0010 2200 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:35:59.0100 2200 ebdrv - ok
21:35:59.0190 2200 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:35:59.0240 2200 EFS - ok
21:35:59.0350 2200 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:35:59.0420 2200 ehRecvr - ok
21:35:59.0450 2200 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:35:59.0500 2200 ehSched - ok
21:35:59.0610 2200 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:35:59.0640 2200 elxstor - ok
21:35:59.0650 2200 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:35:59.0670 2200 ErrDev - ok
21:35:59.0730 2200 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:35:59.0780 2200 EventSystem - ok
21:35:59.0830 2200 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:35:59.0890 2200 exfat - ok
21:35:59.0920 2200 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:35:59.0960 2200 fastfat - ok
21:36:00.0030 2200 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:36:00.0090 2200 Fax - ok
21:36:00.0120 2200 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:36:00.0150 2200 fdc - ok
21:36:00.0170 2200 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:36:00.0230 2200 fdPHost - ok
21:36:00.0260 2200 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:36:00.0310 2200 FDResPub - ok
21:36:00.0330 2200 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:36:00.0340 2200 FileInfo - ok
21:36:00.0350 2200 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:36:00.0410 2200 Filetrace - ok
21:36:00.0430 2200 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:36:00.0450 2200 flpydisk - ok
21:36:00.0490 2200 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:36:00.0510 2200 FltMgr - ok
21:36:00.0590 2200 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:36:00.0660 2200 FontCache - ok
21:36:00.0780 2200 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:36:00.0800 2200 FontCache3.0.0.0 - ok
21:36:00.0870 2200 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:36:00.0880 2200 FsDepends - ok
21:36:00.0920 2200 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:36:00.0930 2200 Fs_Rec - ok
21:36:00.0960 2200 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:36:00.0980 2200 fvevol - ok
21:36:01.0010 2200 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:36:01.0020 2200 gagp30kx - ok
21:36:01.0100 2200 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:36:01.0160 2200 gpsvc - ok
21:36:01.0180 2200 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:36:01.0230 2200 hcw85cir - ok
21:36:01.0280 2200 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:36:01.0330 2200 HdAudAddService - ok
21:36:01.0360 2200 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:36:01.0390 2200 HDAudBus - ok
21:36:01.0410 2200 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:36:01.0440 2200 HidBatt - ok
21:36:01.0470 2200 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:36:01.0500 2200 HidBth - ok
21:36:01.0520 2200 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:36:01.0550 2200 HidIr - ok
21:36:01.0590 2200 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:36:01.0650 2200 hidserv - ok
21:36:01.0690 2200 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:36:01.0720 2200 HidUsb - ok
21:36:01.0750 2200 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:36:01.0810 2200 hkmsvc - ok
21:36:01.0850 2200 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:36:01.0910 2200 HomeGroupListener - ok
21:36:01.0950 2200 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:36:01.0980 2200 HomeGroupProvider - ok
21:36:02.0020 2200 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:36:02.0030 2200 HpSAMD - ok
21:36:02.0090 2200 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:36:02.0160 2200 HTTP - ok
21:36:02.0190 2200 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:36:02.0200 2200 hwpolicy - ok
21:36:02.0230 2200 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:36:02.0240 2200 i8042prt - ok
21:36:02.0290 2200 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:36:02.0310 2200 iaStorV - ok
21:36:02.0460 2200 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:36:02.0500 2200 idsvc - ok
21:36:02.0550 2200 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:36:02.0560 2200 iirsp - ok
21:36:02.0670 2200 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:36:02.0740 2200 IKEEXT - ok
21:36:02.0970 2200 IntcAzAudAddService (254faae42afc641c0be628de123ea9de) C:\Windows\system32\drivers\RTKVHD64.sys
21:36:03.0050 2200 IntcAzAudAddService - ok
21:36:03.0210 2200 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:36:03.0220 2200 intelide - ok
21:36:03.0250 2200 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:36:03.0290 2200 intelppm - ok
21:36:03.0310 2200 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:36:03.0390 2200 IPBusEnum - ok
21:36:03.0410 2200 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:36:03.0460 2200 IpFilterDriver - ok
21:36:03.0500 2200 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:36:03.0550 2200 iphlpsvc - ok
21:36:03.0570 2200 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:36:03.0590 2200 IPMIDRV - ok
21:36:03.0620 2200 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:36:03.0670 2200 IPNAT - ok
21:36:03.0700 2200 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:36:03.0730 2200 IRENUM - ok
21:36:03.0760 2200 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:36:03.0780 2200 isapnp - ok
21:36:03.0810 2200 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:36:03.0830 2200 iScsiPrt - ok
21:36:03.0860 2200 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:36:03.0870 2200 kbdclass - ok
21:36:03.0890 2200 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:36:03.0930 2200 kbdhid - ok
21:36:03.0960 2200 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:36:03.0980 2200 KeyIso - ok
21:36:03.0990 2200 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:36:04.0010 2200 KSecDD - ok
21:36:04.0020 2200 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:36:04.0030 2200 KSecPkg - ok
21:36:04.0040 2200 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:36:04.0090 2200 ksthunk - ok
21:36:04.0130 2200 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:36:04.0200 2200 KtmRm - ok
21:36:04.0260 2200 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:36:04.0330 2200 LanmanServer - ok
21:36:04.0380 2200 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:36:04.0440 2200 LanmanWorkstation - ok
21:36:04.0500 2200 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
21:36:04.0510 2200 LGBusEnum - ok
21:36:04.0540 2200 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
21:36:04.0550 2200 LGVirHid - ok
21:36:04.0620 2200 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:36:04.0680 2200 lltdio - ok
21:36:04.0720 2200 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:36:04.0790 2200 lltdsvc - ok
21:36:04.0820 2200 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:36:04.0860 2200 lmhosts - ok
21:36:04.0900 2200 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:36:04.0920 2200 LSI_FC - ok
21:36:04.0950 2200 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:36:04.0970 2200 LSI_SAS - ok
21:36:04.0980 2200 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:36:05.0000 2200 LSI_SAS2 - ok
21:36:05.0010 2200 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:36:05.0030 2200 LSI_SCSI - ok
21:36:05.0060 2200 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:36:05.0090 2200 luafv - ok
21:36:05.0120 2200 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:36:05.0120 2200 MBAMProtector - ok
21:36:05.0210 2200 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:36:05.0230 2200 MBAMService - ok
21:36:05.0250 2200 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
21:36:05.0260 2200 MBfilt - ok
21:36:05.0300 2200 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:36:05.0340 2200 Mcx2Svc - ok
21:36:05.0370 2200 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:36:05.0380 2200 megasas - ok
21:36:05.0430 2200 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:36:05.0450 2200 MegaSR - ok
21:36:05.0480 2200 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:36:05.0540 2200 MMCSS - ok
21:36:05.0560 2200 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:36:05.0600 2200 Modem - ok
21:36:05.0630 2200 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:36:05.0650 2200 monitor - ok
21:36:05.0680 2200 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:36:05.0690 2200 mouclass - ok
21:36:05.0700 2200 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:36:05.0730 2200 mouhid - ok
21:36:05.0760 2200 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:36:05.0770 2200 mountmgr - ok
21:36:05.0790 2200 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:36:05.0810 2200 mpio - ok
21:36:05.0830 2200 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:36:05.0890 2200 mpsdrv - ok
21:36:05.0960 2200 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:36:06.0010 2200 MpsSvc - ok
21:36:06.0040 2200 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:36:06.0080 2200 MRxDAV - ok
21:36:06.0120 2200 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:36:06.0160 2200 mrxsmb - ok
21:36:06.0190 2200 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:36:06.0230 2200 mrxsmb10 - ok
21:36:06.0250 2200 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:36:06.0300 2200 mrxsmb20 - ok
21:36:06.0320 2200 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:36:06.0340 2200 msahci - ok
21:36:06.0360 2200 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:36:06.0380 2200 msdsm - ok
21:36:06.0420 2200 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:36:06.0460 2200 MSDTC - ok
21:36:06.0490 2200 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:36:06.0520 2200 Msfs - ok
21:36:06.0550 2200 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:36:06.0580 2200 mshidkmdf - ok
21:36:06.0620 2200 MSICDSetup - ok
21:36:06.0630 2200 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:36:06.0640 2200 msisadrv - ok
21:36:06.0680 2200 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:36:06.0760 2200 MSiSCSI - ok
21:36:06.0760 2200 msiserver - ok
21:36:06.0810 2200 MSI_MSIBIOS_010507 - ok
21:36:06.0830 2200 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:36:06.0880 2200 MSKSSRV - ok
21:36:06.0890 2200 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:36:06.0940 2200 MSPCLOCK - ok
21:36:06.0950 2200 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:36:07.0000 2200 MSPQM - ok
21:36:07.0030 2200 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:36:07.0050 2200 MsRPC - ok
21:36:07.0060 2200 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:36:07.0060 2200 mssmbios - ok
21:36:07.0080 2200 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:36:07.0120 2200 MSTEE - ok
21:36:07.0140 2200 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:36:07.0170 2200 MTConfig - ok
21:36:07.0190 2200 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:36:07.0200 2200 Mup - ok
21:36:07.0250 2200 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:36:07.0310 2200 napagent - ok
21:36:07.0360 2200 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:36:07.0410 2200 NativeWifiP - ok
21:36:07.0490 2200 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:36:07.0520 2200 NDIS - ok
21:36:07.0540 2200 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:36:07.0590 2200 NdisCap - ok
21:36:07.0620 2200 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:36:07.0680 2200 NdisTapi - ok
21:36:07.0710 2200 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:36:07.0750 2200 Ndisuio - ok
21:36:07.0780 2200 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:36:07.0840 2200 NdisWan - ok
21:36:07.0850 2200 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:36:07.0900 2200 NDProxy - ok
21:36:07.0920 2200 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:36:07.0960 2200 NetBIOS - ok
21:36:07.0990 2200 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:36:08.0040 2200 NetBT - ok
21:36:08.0070 2200 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:36:08.0090 2200 Netlogon - ok
21:36:08.0140 2200 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:36:08.0210 2200 Netman - ok
21:36:08.0250 2200 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:36:08.0300 2200 netprofm - ok
21:36:08.0410 2200 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:36:08.0420 2200 NetTcpPortSharing - ok
21:36:08.0470 2200 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:36:08.0490 2200 nfrd960 - ok
21:36:08.0520 2200 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:36:08.0580 2200 NlaSvc - ok
21:36:08.0600 2200 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:36:08.0660 2200 Npfs - ok
21:36:08.0700 2200 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:36:08.0740 2200 nsi - ok
21:36:08.0770 2200 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:36:08.0800 2200 nsiproxy - ok
21:36:08.0930 2200 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:36:08.0980 2200 Ntfs - ok
21:36:09.0030 2200 NTIOLib_1_0_4 - ok
21:36:09.0070 2200 NTIOLib_1_0_C - ok
21:36:09.0210 2200 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:36:09.0270 2200 Null - ok
21:36:09.0320 2200 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
21:36:09.0360 2200 NVENETFD - ok
21:36:09.0410 2200 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
21:36:09.0430 2200 NVHDA - ok
21:36:09.0940 2200 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:36:10.0290 2200 nvlddmkm - ok
21:36:10.0450 2200 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:36:10.0470 2200 nvraid - ok
21:36:10.0510 2200 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:36:10.0530 2200 nvstor - ok
21:36:10.0620 2200 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
21:36:10.0650 2200 nvsvc - ok
21:36:10.0830 2200 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:36:10.0860 2200 nvUpdatusService - ok
21:36:11.0020 2200 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:36:11.0050 2200 nv_agp - ok
21:36:11.0060 2200 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:36:11.0090 2200 ohci1394 - ok
21:36:11.0170 2200 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:36:11.0180 2200 ose - ok
21:36:11.0260 2200 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:36:11.0320 2200 p2pimsvc - ok
21:36:11.0370 2200 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:36:11.0410 2200 p2psvc - ok
21:36:11.0450 2200 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:36:11.0480 2200 Parport - ok
21:36:11.0510 2200 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:36:11.0530 2200 partmgr - ok
21:36:11.0540 2200 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:36:11.0580 2200 PcaSvc - ok
21:36:11.0610 2200 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:36:11.0630 2200 pci - ok
21:36:11.0630 2200 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:36:11.0640 2200 pciide - ok
21:36:11.0870 2200 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:36:11.0890 2200 pcmcia - ok
21:36:11.0900 2200 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:36:11.0920 2200 pcw - ok
21:36:11.0960 2200 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:36:12.0030 2200 PEAUTH - ok
21:36:12.0110 2200 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:36:12.0140 2200 PerfHost - ok
21:36:12.0260 2200 Ph6xIB64 (e4f04c21885070e502e1ad7178d58335) C:\Windows\system32\DRIVERS\Ph6xIB64.sys
21:36:12.0350 2200 Ph6xIB64 - ok
21:36:12.0520 2200 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:36:12.0610 2200 pla - ok
21:36:12.0690 2200 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:36:12.0740 2200 PlugPlay - ok
21:36:12.0750 2200 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:36:12.0780 2200 PNRPAutoReg - ok
21:36:12.0810 2200 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:36:12.0830 2200 PNRPsvc - ok
21:36:12.0880 2200 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:36:12.0920 2200 PolicyAgent - ok
21:36:12.0960 2200 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:36:13.0010 2200 Power - ok
21:36:13.0080 2200 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:36:13.0150 2200 PptpMiniport - ok
21:36:13.0180 2200 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:36:13.0210 2200 Processor - ok
21:36:13.0250 2200 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:36:13.0310 2200 ProfSvc - ok
21:36:13.0330 2200 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:36:13.0340 2200 ProtectedStorage - ok
21:36:13.0390 2200 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:36:13.0420 2200 Psched - ok
21:36:13.0510 2200 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:36:13.0570 2200 ql2300 - ok
21:36:13.0720 2200 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:36:13.0740 2200 ql40xx - ok
21:36:13.0860 2200 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:36:13.0890 2200 QWAVE - ok
21:36:13.0910 2200 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:36:13.0940 2200 QWAVEdrv - ok
21:36:13.0960 2200 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:36:14.0010 2200 RasAcd - ok
21:36:14.0070 2200 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:36:14.0130 2200 RasAgileVpn - ok
21:36:14.0150 2200 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:36:14.0210 2200 RasAuto - ok
21:36:14.0250 2200 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:36:14.0310 2200 Rasl2tp - ok
21:36:14.0360 2200 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:36:14.0420 2200 RasMan - ok
21:36:14.0440 2200 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:36:14.0490 2200 RasPppoe - ok
21:36:14.0520 2200 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:36:14.0570 2200 RasSstp - ok
21:36:14.0610 2200 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:36:14.0660 2200 rdbss - ok
21:36:14.0670 2200 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:36:14.0700 2200 rdpbus - ok
21:36:14.0720 2200 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:36:14.0770 2200 RDPCDD - ok
21:36:14.0810 2200 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:36:14.0860 2200 RDPENCDD - ok
21:36:14.0880 2200 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:36:14.0910 2200 RDPREFMP - ok
21:36:14.0950 2200 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:36:15.0000 2200 RDPWD - ok
21:36:15.0020 2200 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:36:15.0040 2200 rdyboost - ok
21:36:15.0080 2200 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:36:15.0140 2200 RemoteAccess - ok
21:36:15.0170 2200 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:36:15.0240 2200 RemoteRegistry - ok
21:36:15.0260 2200 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:36:15.0310 2200 RpcEptMapper - ok
21:36:15.0340 2200 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:36:15.0370 2200 RpcLocator - ok
21:36:15.0410 2200 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:36:15.0440 2200 RpcSs - ok
21:36:15.0470 2200 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:36:15.0530 2200 rspndr - ok
21:36:15.0620 2200 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
21:36:15.0640 2200 RTCore64 - ok
21:36:15.0690 2200 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:36:15.0720 2200 RTL8167 - ok
21:36:15.0740 2200 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:36:15.0750 2200 SamSs - ok
21:36:15.0770 2200 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:36:15.0780 2200 sbp2port - ok
21:36:15.0820 2200 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:36:15.0860 2200 SCardSvr - ok
21:36:15.0900 2200 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:36:15.0950 2200 scfilter - ok
21:36:16.0030 2200 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:36:16.0090 2200 Schedule - ok
21:36:16.0120 2200 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:36:16.0150 2200 SCPolicySvc - ok
21:36:16.0170 2200 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:36:16.0220 2200 SDRSVC - ok
21:36:16.0300 2200 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:36:16.0330 2200 secdrv - ok
21:36:16.0340 2200 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:36:16.0380 2200 seclogon - ok
21:36:16.0410 2200 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:36:16.0460 2200 SENS - ok
21:36:16.0510 2200 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:36:16.0550 2200 SensrSvc - ok
21:36:16.0560 2200 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:36:16.0590 2200 Serenum - ok
21:36:16.0640 2200 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:36:16.0660 2200 Serial - ok
21:36:16.0700 2200 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:36:16.0730 2200 sermouse - ok
21:36:16.0770 2200 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:36:16.0840 2200 SessionEnv - ok
21:36:16.0860 2200 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:36:16.0880 2200 sffdisk - ok
21:36:16.0920 2200 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:36:16.0980 2200 sffp_mmc - ok
21:36:17.0070 2200 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:36:17.0130 2200 sffp_sd - ok
21:36:17.0150 2200 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:36:17.0180 2200 sfloppy - ok
21:36:17.0230 2200 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:36:17.0290 2200 SharedAccess - ok
21:36:17.0340 2200 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:36:17.0410 2200 ShellHWDetection - ok
21:36:17.0430 2200 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:36:17.0450 2200 SiSRaid2 - ok
21:36:17.0470 2200 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:36:17.0480 2200 SiSRaid4 - ok
21:36:17.0530 2200 skfiltv (01acb9228c303de1fff82b807d28b2b0) C:\Windows\system32\drivers\skfiltv.sys
21:36:17.0580 2200 skfiltv - ok
21:36:17.0670 2200 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:36:17.0690 2200 SkypeUpdate - ok
21:36:17.0730 2200 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:36:17.0780 2200 Smb - ok
21:36:17.0820 2200 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:36:17.0850 2200 SNMPTRAP - ok
21:36:17.0950 2200 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
21:36:17.0970 2200 speedfan - ok
21:36:17.0980 2200 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:36:17.0990 2200 spldr - ok
21:36:18.0020 2200 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:36:18.0070 2200 Spooler - ok
21:36:18.0250 2200 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:36:18.0340 2200 sppsvc - ok
21:36:18.0440 2200 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:36:18.0490 2200 sppuinotify - ok
21:36:18.0570 2200 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:36:18.0610 2200 srv - ok
21:36:18.0650 2200 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:36:18.0690 2200 srv2 - ok
21:36:18.0730 2200 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:36:18.0760 2200 srvnet - ok
21:36:18.0820 2200 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:36:18.0880 2200 SSDPSRV - ok
21:36:18.0910 2200 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:36:18.0960 2200 SstpSvc - ok
21:36:19.0010 2200 Steam Client Service - ok
21:36:19.0090 2200 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:36:19.0110 2200 Stereo Service - ok
21:36:19.0140 2200 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:36:19.0150 2200 stexstor - ok
21:36:19.0220 2200 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:36:19.0270 2200 stisvc - ok
21:36:19.0290 2200 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:36:19.0310 2200 swenum - ok
21:36:19.0350 2200 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:36:19.0420 2200 swprv - ok
21:36:19.0520 2200 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:36:19.0580 2200 SysMain - ok
21:36:19.0680 2200 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:36:19.0720 2200 TabletInputService - ok
21:36:19.0750 2200 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:36:19.0830 2200 TapiSrv - ok
21:36:19.0860 2200 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:36:19.0910 2200 TBS - ok
21:36:20.0050 2200 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:36:20.0110 2200 Tcpip - ok
21:36:20.0280 2200 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:36:20.0320 2200 TCPIP6 - ok
21:36:20.0390 2200 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:36:20.0440 2200 tcpipreg - ok
21:36:20.0450 2200 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:36:20.0500 2200 TDPIPE - ok
21:36:20.0520 2200 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:36:20.0550 2200 TDTCP - ok
21:36:20.0570 2200 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:36:20.0620 2200 tdx - ok
21:36:20.0870 2200 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:36:20.0920 2200 TeamViewer7 - ok
21:36:21.0070 2200 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:36:21.0080 2200 TermDD - ok
21:36:21.0150 2200 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:36:21.0220 2200 TermService - ok
21:36:21.0240 2200 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:36:21.0270 2200 Themes - ok
21:36:21.0310 2200 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:36:21.0340 2200 THREADORDER - ok
21:36:21.0360 2200 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:36:21.0400 2200 TrkWks - ok
21:36:21.0470 2200 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:36:21.0520 2200 TrustedInstaller - ok
21:36:21.0540 2200 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:36:21.0560 2200 tssecsrv - ok
21:36:21.0580 2200 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:36:21.0610 2200 TsUsbFlt - ok
21:36:21.0660 2200 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:36:21.0680 2200 TsUsbGD - ok
21:36:21.0720 2200 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:36:21.0790 2200 tunnel - ok
21:36:21.0810 2200 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:36:21.0820 2200 uagp35 - ok
21:36:21.0840 2200 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:36:21.0910 2200 udfs - ok
21:36:21.0940 2200 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:36:21.0970 2200 UI0Detect - ok
21:36:22.0000 2200 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:36:22.0010 2200 uliagpkx - ok
21:36:22.0030 2200 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:36:22.0060 2200 umbus - ok
21:36:22.0090 2200 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:36:22.0120 2200 UmPass - ok
21:36:22.0180 2200 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:36:22.0250 2200 upnphost - ok
21:36:22.0290 2200 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:36:22.0320 2200 usbaudio - ok
21:36:22.0380 2200 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:36:22.0430 2200 usbccgp - ok
21:36:22.0440 2200 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:36:22.0470 2200 usbcir - ok
21:36:22.0510 2200 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:36:22.0540 2200 usbehci - ok
21:36:22.0590 2200 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:36:22.0640 2200 usbhub - ok
21:36:22.0660 2200 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:36:22.0690 2200 usbohci - ok
21:36:22.0740 2200 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:36:22.0770 2200 usbprint - ok
21:36:22.0800 2200 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:36:22.0860 2200 USBSTOR - ok
21:36:22.0880 2200 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:36:22.0910 2200 usbuhci - ok
21:36:22.0940 2200 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:36:22.0990 2200 UxSms - ok
21:36:23.0010 2200 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:36:23.0030 2200 VaultSvc - ok
21:36:23.0060 2200 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:36:23.0070 2200 vdrvroot - ok
21:36:23.0110 2200 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:36:23.0170 2200 vds - ok
21:36:23.0190 2200 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:36:23.0220 2200 vga - ok
21:36:23.0240 2200 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:36:23.0300 2200 VgaSave - ok
21:36:23.0320 2200 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:36:23.0340 2200 vhdmp - ok
21:36:23.0350 2200 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:36:23.0360 2200 viaide - ok
21:36:23.0370 2200 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:36:23.0380 2200 volmgr - ok
21:36:23.0410 2200 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:36:23.0420 2200 volmgrx - ok
21:36:23.0440 2200 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:36:23.0450 2200 volsnap - ok
21:36:23.0480 2200 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:36:23.0490 2200 vsmraid - ok
21:36:23.0600 2200 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:36:23.0670 2200 VSS - ok
21:36:23.0830 2200 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:36:23.0860 2200 vwifibus - ok
21:36:23.0910 2200 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:36:23.0970 2200 W32Time - ok
21:36:23.0990 2200 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:36:24.0020 2200 WacomPen - ok
21:36:24.0040 2200 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:36:24.0100 2200 WANARP - ok
21:36:24.0120 2200 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:36:24.0150 2200 Wanarpv6 - ok
21:36:24.0240 2200 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:36:24.0290 2200 WatAdminSvc - ok
21:36:24.0390 2200 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:36:24.0470 2200 wbengine - ok
21:36:24.0570 2200 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:36:24.0620 2200 WbioSrvc - ok
21:36:24.0650 2200 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:36:24.0700 2200 wcncsvc - ok
21:36:24.0730 2200 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:36:24.0770 2200 WcsPlugInService - ok
21:36:24.0840 2200 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:36:24.0850 2200 Wd - ok
21:36:24.0900 2200 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:36:24.0920 2200 Wdf01000 - ok
21:36:24.0940 2200 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:36:25.0020 2200 WdiServiceHost - ok
21:36:25.0020 2200 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:36:25.0030 2200 WdiSystemHost - ok
21:36:25.0080 2200 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:36:25.0120 2200 WebClient - ok
21:36:25.0150 2200 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:36:25.0200 2200 Wecsvc - ok
21:36:25.0220 2200 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:36:25.0270 2200 wercplsupport - ok
21:36:25.0300 2200 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:36:25.0340 2200 WerSvc - ok
21:36:25.0400 2200 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:36:25.0450 2200 WfpLwf - ok
21:36:25.0470 2200 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:36:25.0480 2200 WIMMount - ok
21:36:25.0530 2200 WinDefend - ok
21:36:25.0530 2200 WinHttpAutoProxySvc - ok
21:36:25.0620 2200 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:36:25.0670 2200 Winmgmt - ok
21:36:25.0790 2200 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:36:25.0870 2200 WinRM - ok
21:36:26.0040 2200 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:36:26.0110 2200 Wlansvc - ok
21:36:26.0190 2200 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:36:26.0220 2200 WmiAcpi - ok
21:36:26.0300 2200 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:36:26.0340 2200 wmiApSrv - ok
21:36:26.0410 2200 WMPNetworkSvc - ok
21:36:26.0450 2200 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:36:26.0470 2200 WPCSvc - ok
21:36:26.0490 2200 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:36:26.0560 2200 WPDBusEnum - ok
21:36:26.0590 2200 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:36:26.0650 2200 ws2ifsl - ok
21:36:26.0680 2200 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:36:26.0710 2200 wscsvc - ok
21:36:26.0710 2200 WSearch - ok
21:36:26.0850 2200 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:36:26.0920 2200 wuauserv - ok
21:36:27.0070 2200 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:36:27.0130 2200 WudfPf - ok
21:36:27.0160 2200 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:36:27.0230 2200 WUDFRd - ok
21:36:27.0270 2200 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:36:27.0320 2200 wudfsvc - ok
21:36:27.0350 2200 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:36:27.0390 2200 WwanSvc - ok
21:36:27.0460 2200 ZSMC301b (99217bd11bee7f21e873f6e39b93aafd) C:\Windows\system32\Drivers\usbVM31b.sys
21:36:27.0500 2200 ZSMC301b - ok
21:36:27.0540 2200 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:36:27.0870 2200 \Device\Harddisk0\DR0 - ok
21:36:27.0880 2200 Boot (0x1200) (c4e2d48dff16468ae0f916e103dc6d70) \Device\Harddisk0\DR0\Partition0
21:36:27.0880 2200 \Device\Harddisk0\DR0\Partition0 - ok
21:36:27.0890 2200 Boot (0x1200) (7ec47e7439e93fa00d8e4bb2f60a5199) \Device\Harddisk0\DR0\Partition1
21:36:27.0890 2200 \Device\Harddisk0\DR0\Partition1 - ok
21:36:27.0890 2200 ============================================================
21:36:27.0890 2200 Scan finished
21:36:27.0890 2200 ============================================================
21:36:27.0900 2924 Detected object count: 0
21:36:27.0900 2924 Actual detected object count: 0
|
|
26.06.2012, 08:37
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet! Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
26.06.2012, 15:17
| #19 |
| | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet!Code:
ATTFilter ComboFix 12-06-26.01 - Stephan 26.06.2012 16:00:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8162.6291 [GMT 2:00]
ausgeführt von:: c:\users\Stephan\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin315.exe.lnk
c:\users\Stephan\AppData\Local\assembly\tmp
c:\users\Stephan\AppData\Local\Temp\{3C8A4649-A37C-4942-A685-AA75EA29BB73}\fpb.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-26 bis 2012-06-26 ))))))))))))))))))))))))))))))
.
.
2012-06-26 14:05 . 2012-06-26 14:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-26 13:56 . 2012-06-26 13:56 -------- d-----w- c:\users\TEMP
2012-06-25 17:35 . 2012-06-25 17:35 -------- d-----w- C:\_OTL
2012-06-21 16:52 . 2012-06-21 16:52 -------- d-----w- c:\program files (x86)\ESET
2012-06-21 13:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 13:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 13:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 13:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 13:58 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 13:58 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 13:58 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 13:58 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 13:58 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 17:56 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 17:56 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 17:56 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 17:56 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 17:56 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 17:56 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 17:56 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 17:56 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 13:56 . 2012-06-13 13:56 -------- d-----w- c:\program files (x86)\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 11:36 . 2012-04-04 06:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-16 11:36 . 2011-08-30 20:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 18:26 . 2011-10-16 06:24 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 18:26 . 2011-10-16 06:24 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-04 19:51 . 2012-04-16 12:51 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 13:56 . 2011-11-06 08:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 23:59 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VM_STI"="c:\windows\VM_STI.exe" [2004-06-09 40960]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;E:\NTIOLib_X64.sys [x]
R3 Ph6xIB64;NXP 716x PCIe TV Card;c:\windows\system32\DRIVERS\Ph6xIB64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - RTCORE64
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:36]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2464019588-1876532964-1267720530-1001Core.job
- c:\users\Stephan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 19:03]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2464019588-1876532964-1267720530-1001UA.job
- c:\users\Stephan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 19:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-09 7466600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-26 16:10:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-26 14:10
.
Vor Suchlauf: 15 Verzeichnis(se), 90.144.440.320 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 95.449.890.816 Bytes frei
.
- - End Of File - - CD567E049BF78B93E893429E6ACBA8F6
|
|
26.06.2012, 15:42
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet! Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2012, 17:09
| #21 |
| | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet! Erledigt Gmer: Log ist leer..keinerlei Funde Erledigt OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:56:25 on 26.06.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-2464019588-1876532964-1267720530-1001Core.job" - "Google Inc." - C:\Users\Stephan\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-2464019588-1876532964-1267720530-1001UA.job" - "Google Inc." - C:\Users\Stephan\AppData\Local\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AMD Function Driver for HD Audio Service" (AtiHDAudioService) - "Advanced Micro Devices" - C:\Windows\System32\drivers\AtihdW76.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "cpuz135" (cpuz135) - "CPUID" - C:\Windows\system32\drivers\cpuz135_x64.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "MSICDSetup" (MSICDSetup) - ? - E:\CDriver64.sys (File not found) "MSI_MSIBIOS_010507" (MSI_MSIBIOS_010507) - ? - C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (File not found) "NTIOLib_1_0_4" (NTIOLib_1_0_4) - ? - C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (File not found) "NTIOLib_1_0_C" (NTIOLib_1_0_C) - ? - E:\NTIOLib_X64.sys (File not found) "speedfan" (speedfan) - "Almico Software" - C:\Windows\SysWOW64\speedfan.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - ? - C:\Windows\system32\drivers\aspnet_state.sys (File not found) "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-26 17:58:24
-----------------------------
17:58:24.918 OS Version: Windows x64 6.1.7601 Service Pack 1
17:58:24.918 Number of processors: 4 586 0x2A07
17:58:24.918 ComputerName: STEPHAN-PC UserName: Stephan
17:58:25.791 Initialize success
18:00:16.224 AVAST engine defs: 12062600
18:00:27.472 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:00:27.472 Disk 0 Vendor: WDC_WD2500AAJS-00B4A0 01.03A01 Size: 238475MB BusType: 3
18:00:27.487 Disk 0 MBR read successfully
18:00:27.503 Disk 0 MBR scan
18:00:27.503 Disk 0 Windows 7 default MBR code
18:00:27.519 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 223474 MB offset 2048
18:00:27.519 Disk 0 Partition - 00 0F Extended LBA 14997 MB offset 457676800
18:00:27.550 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 14997 MB offset 457676863
18:00:27.597 Disk 0 scanning C:\Windows\system32\drivers
18:00:35.241 Service scanning
18:00:43.743 Service MSICDSetup E:\CDriver64.sys **LOCKED** 21
18:00:44.960 Service NTIOLib_1_0_C E:\NTIOLib_X64.sys **LOCKED** 21
18:00:53.150 Modules scanning
18:00:53.649 Disk 0 trace - called modules:
18:00:53.664 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:00:53.664 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d9b060]
18:00:53.664 3 CLASSPNP.SYS[fffff880019c243f] -> nt!IofCallDriver -> [0xfffffa8007aaf580]
18:00:53.680 5 ACPI.sys[fffff88000d4e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007ab5060]
18:00:54.725 AVAST engine scan C:\Windows
18:00:56.987 AVAST engine scan C:\Windows\system32
18:02:38.621 AVAST engine scan C:\Windows\system32\drivers
18:02:47.233 AVAST engine scan C:\Users\Stephan
18:06:23.277 AVAST engine scan C:\ProgramData
18:06:46.007 Scan finished successfully
18:07:35.677 Disk 0 MBR has been saved successfully to "C:\Users\Stephan\Desktop\MBR.dat"
18:07:35.693 The log file has been saved successfully to "C:\Users\Stephan\Desktop\aswMBR.txt"
|
|
26.06.2012, 18:14
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet! Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2012, 21:12
| #23 |
| | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet!Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.26.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Stephan :: STEPHAN-PC [Administrator] Schutz: Deaktiviert 26.06.2012 20:28:39 mbam-log-2012-06-26 (20-28-39).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 344126 Laufzeit: 53 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/26/2012 at 10:01 PM
Application Version : 5.1.1002
Core Rules Database Version : 8800
Trace Rules Database Version: 6612
Scan type : Complete Scan
Total Scan Time : 01:28:49
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 600
Memory threats detected : 0
Registry items scanned : 67184
Registry threats detected : 0
File items scanned : 111082
File threats detected : 169
Adware.Tracking Cookie
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\3VY5RILT.txt [ /revsci.net ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\NEGDBSW6.txt [ /adfarm1.adition.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\9GFC287I.txt [ /fastclick.net ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\0XELIY3J.txt [ /zanox-affiliate.de ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\EXZ5E4WR.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\VA5EW1VQ.txt [ /smartadserver.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\ISHSO8JU.txt [ /www.zanox-affiliate.de ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\6EY513MA.txt [ /ads.creative-serving.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\0TN25UIG.txt [ /kontera.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\0KZMBIOZ.txt [ /ad.zanox.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\KG3OUGEK.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\CRGW0RGN.txt [ /atdmt.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\AGXLFDCH.txt [ /account.swtor.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\XFQ1I1Y7.txt [ /c.atdmt.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\5Q2VRX18.txt [ /tracking.quisma.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\TRE6K7KY.txt [ /adform.net ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\D0U1900K.txt [ /invitemedia.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\RLDQZ9VP.txt [ /legolas-media.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\3IB5K84Q.txt [ /doubleclick.net ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\90EAPNBZ.txt [ /mediaplex.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\VZDUG585.txt [ /dyntracker.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\ZFLZ642S.txt [ /zanox.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\R684Y3AY.txt [ /track.adform.net ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\7F9KLRHM.txt [ /apmebf.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\VUW87863.txt [ /ad.dyntracker.de ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WKC46FWW.txt [ Cookie:stephan@bs.serving-sys.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y6289KND.txt [ Cookie:stephan@sexplaycam.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\31WZC577.txt [ Cookie:stephan@revsci.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FU1OBKB2.txt [ Cookie:stephan@adfarm1.adition.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3MKBCQCH.txt [ Cookie:stephan@fastclick.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RDDXTB42.txt [ Cookie:stephan@amazon-adsystem.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JBTMWVCZ.txt [ Cookie:stephan@zanox-affiliate.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OE9IYL6Z.txt [ Cookie:stephan@......... ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0BMFG10D.txt [ Cookie:stephan@amazonservices.122.2o7.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z7NA1LTX.txt [ Cookie:stephan@imrworldwide.com/cgi-bin ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EW7J3VG8.txt [ Cookie:stephan@ad1.adfarm1.adition.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\236T11OV.txt [ Cookie:stephan@dc.tremormedia.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CX31RNXI.txt [ Cookie:stephan@.........../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0UXOBMCQ.txt [ Cookie:stephan@ad.dyntracker.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0E2B1QSO.txt [ Cookie:stephan@hightraffic.hugoboss.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C9B6YN2I.txt [ Cookie:stephan@ad.yieldmanager.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZ7B62OG.txt [ Cookie:stephan@smartadserver.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RTNVJHGD.txt [ Cookie:stephan@www.zanox-affiliate.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QXOQ8L7I.txt [ Cookie:stephan@adtech.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ERA2XK00.txt [ Cookie:stephan@collective-media.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IJDKTGER.txt [ Cookie:stephan@......../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XT2DLV29.txt [ Cookie:stephan@ad3.adfarm1.adition.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9YOJJFO.txt [ Cookie:stephan@ad.zanox.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\L9EGJW4Z.txt [ Cookie:stephan@serving-sys.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCQ1MI3C.txt [ Cookie:stephan@s2.trafficmaxx.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OWL19S8H.txt [ Cookie:stephan@yadro.ru/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WZ0BG1EI.txt [ Cookie:stephan@ww251.smartadserver.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DUKIEIBI.txt [ Cookie:stephan@harrenmedianetwork.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\K2MAMGTX.txt [ Cookie:stephan@tradedoubler.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N0W0AOCO.txt [ Cookie:stephan@www........../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HR8OQ7DO.txt [ Cookie:stephan@im.banner.t-online.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\522DP4W3.txt [ Cookie:stephan@rambler.ru/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WTBICSC3.txt [ Cookie:stephan@elitepvpers.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\61US5Y9S.txt [ Cookie:stephan@....../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7J9NB8PF.txt [ Cookie:stephan@ad2.adfarm1.adition.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N7RHCXZB.txt [ Cookie:stephan@webmasterplan.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9JASM4YK.txt [ Cookie:stephan@zedo.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7GMADI0J.txt [ Cookie:stephan@tracking.gameforge.de/track/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XU2VT2FV.txt [ Cookie:stephan@c.atdmt.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V00MLK1R.txt [ Cookie:stephan@insightexpressai.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8DD7AIJE.txt [ Cookie:stephan@edates.traffective-tracking.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ZX3D57T.txt [ Cookie:stephan@...../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G5XSPK0U.txt [ Cookie:stephan@adform.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JD4SAHEN.txt [ Cookie:stephan@ad4.adfarm1.adition.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JX44KHV.txt [ Cookie:stephan@www.elitepvpers.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E40QBGSA.txt [ Cookie:stephan@eaeacom.112.2o7.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\D2J6RE08.txt [ Cookie:stephan@invitemedia.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GJZ2Y7HZ.txt [ Cookie:stephan@yieldmanager.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\15R3IVVU.txt [ Cookie:stephan@adviva.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ULEPYBA.txt [ Cookie:stephan@www.adserving.pixfuture.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BUSZWBSD.txt [ Cookie:stephan@adxpose.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BVWAVEY9.txt [ Cookie:stephan@server.cpmstar.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UG1TXCUT.txt [ Cookie:stephan@unitymedia.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\32VJQK18.txt [ Cookie:stephan@adxpansion.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QS0PNE59.txt [ Cookie:stephan@tns-counter.ru/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UE8KV7YP.txt [ Cookie:stephan@traffictrack.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F3OYRIA0.txt [ Cookie:stephan@adx.chip.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C7V0YBA9.txt [ Cookie:stephan@www.google.de/accounts ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CGYBQIO7.txt [ Cookie:stephan@adbrite.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VLZN5YF1.txt [ Cookie:stephan@track.effiliation.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZKWHFZR2.txt [ Cookie:stephan@track.adform.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ILY6G7R4.txt [ Cookie:stephan@zanox.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JSZQZOVE.txt [ Cookie:stephan@apmebf.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\90A00CUC.txt [ Cookie:stephan@specificclick.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JKXX6M5W.txt [ Cookie:stephan@adserver.adtechus.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RN1BRY1W.txt [ Cookie:stephan@ads.247activemedia.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4VW28DGZ.txt [ Cookie:stephan@media.gan-online.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNT64OYI.txt [ Cookie:stephan@m1.webstats.motigo.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1UOVEN6G.txt [ Cookie:stephan@de.sitestat.com/karstadt-de/karstadt/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DO3O9BND.txt [ Cookie:stephan@guj.122.2o7.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H4RD9H5J.txt [ Cookie:stephan@uk.at.atwola.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IE9E4GEA.txt [ Cookie:stephan@exoclick.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\R2A10WMH.txt [ Cookie:stephan@atwola.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8553RVPE.txt [ Cookie:stephan@www......../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BNO66JRG.txt [ Cookie:stephan@lfstmedia.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2L1KXKQW.txt [ Cookie:stephan@e-2dj6wmkyqgdpmfp.stats.esomniture.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP2SUGHD.txt [ Cookie:stephan@teufel-media.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X5FUAEVT.txt [ Cookie:stephan@adformdsp.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\14E6YLX8.txt [ Cookie:stephan@www.googleadservices.com/pagead/conversion/1055079916/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JF8509G0.txt [ Cookie:stephan@dealtime.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7IP2PM6M.txt [ Cookie:stephan@www.google.com/accounts ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J2FGZUXL.txt [ Cookie:stephan@h.atdmt.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FFBJ3HGZ.txt [ Cookie:stephan@track.gridlockparadise.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OWTU2R9F.txt [ Cookie:stephan@www.republicofadvertising.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\M3HZBUY1.txt [ Cookie:stephan@www.etracker.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1RY5BEB3.txt [ Cookie:stephan@......./ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EA10872B.txt [ Cookie:stephan@adlegend.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HEI1YR9A.txt [ Cookie:stephan@tracking.mobile.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8LWT1F9.txt [ Cookie:stephan@media6degrees.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ILHTAGB.txt [ Cookie:stephan@ru4.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XE9BOS3B.txt [ Cookie:stephan@www.ardmediathek.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JKNJSSM1.txt [ Cookie:stephan@2o7.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KC29BINK.txt [ Cookie:stephan@tracking.mindshare.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YX1CDTU0.txt [ Cookie:stephan@www....../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ACMINGSU.txt [ Cookie:stephan@server.adformdsp.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QSU8T9Y0.txt [ Cookie:stephan@questionmarket.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V4TZ6FB3.txt [ Cookie:stephan@interclick.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3NF80VCW.txt [ Cookie:stephan@a.revenuemax.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FN16D0TY.txt [ Cookie:stephan@www....../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6CX10VZ7.txt [ Cookie:stephan@...../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RQ3SSYTS.txt [ Cookie:stephan@...../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q88EMEH8.txt [ Cookie:stephan@advertising.superweb.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QXBEOMEW.txt [ Cookie:stephan@www.usenext.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CKPRB6OM.txt [ Cookie:stephan@parship.122.2o7.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3YAZ28K.txt [ Cookie:stephan@www.googleadservices.com/pagead/conversion/1044648193/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J9HQMWZ2.txt [ Cookie:stephan@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UU1AA1J.txt [ Cookie:stephan@ad.dyntracker.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SL1ZKNCA.txt [ Cookie:stephan@accounts.youtube.com/accounts ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6HYCTEMO.txt [ Cookie:stephan@ads.crakmedia.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\O1EORXH0.txt [ Cookie:stephan@account.swtor.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KF7KLYUQ.txt [ Cookie:stephan@statse.webtrendslive.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G3F91QZ6.txt [ Cookie:stephan@server.adform.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XV1SRSFL.txt [ Cookie:stephan@www.googleadservices.com/pagead/conversion/1010295416/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2JKPUJF4.txt [ Cookie:stephan@www.googleadservices.com/pagead/conversion/1028954965/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PZN26VN.txt [ Cookie:stephan@...../ ]
C:\USERS\STEPHAN\Cookies\3VY5RILT.txt [ Cookie:stephan@revsci.net/ ]
C:\USERS\STEPHAN\Cookies\NEGDBSW6.txt [ Cookie:stephan@adfarm1.adition.com/ ]
C:\USERS\STEPHAN\Cookies\9GFC287I.txt [ Cookie:stephan@fastclick.net/ ]
C:\USERS\STEPHAN\Cookies\0XELIY3J.txt [ Cookie:stephan@zanox-affiliate.de/ ]
C:\USERS\STEPHAN\Cookies\EXZ5E4WR.txt [ Cookie:stephan@ad1.adfarm1.adition.com/ ]
C:\USERS\STEPHAN\Cookies\VA5EW1VQ.txt [ Cookie:stephan@smartadserver.com/ ]
C:\USERS\STEPHAN\Cookies\ISHSO8JU.txt [ Cookie:stephan@www.zanox-affiliate.de/ ]
C:\USERS\STEPHAN\Cookies\0TN25UIG.txt [ Cookie:stephan@kontera.com/ ]
C:\USERS\STEPHAN\Cookies\0KZMBIOZ.txt [ Cookie:stephan@ad.zanox.com/ ]
C:\USERS\STEPHAN\Cookies\KG3OUGEK.txt [ Cookie:stephan@ad3.adfarm1.adition.com/ ]
C:\USERS\STEPHAN\Cookies\AGXLFDCH.txt [ Cookie:stephan@account.swtor.com/ ]
C:\USERS\STEPHAN\Cookies\XFQ1I1Y7.txt [ Cookie:stephan@c.atdmt.com/ ]
C:\USERS\STEPHAN\Cookies\TRE6K7KY.txt [ Cookie:stephan@adform.net/ ]
C:\USERS\STEPHAN\Cookies\D0U1900K.txt [ Cookie:stephan@invitemedia.com/ ]
C:\USERS\STEPHAN\Cookies\VZDUG585.txt [ Cookie:stephan@dyntracker.com/ ]
C:\USERS\STEPHAN\Cookies\ZFLZ642S.txt [ Cookie:stephan@zanox.com/ ]
C:\USERS\STEPHAN\Cookies\R684Y3AY.txt [ Cookie:stephan@track.adform.net/ ]
C:\USERS\STEPHAN\Cookies\7F9KLRHM.txt [ Cookie:stephan@apmebf.com/ ]
C:\USERS\STEPHAN\Cookies\VUW87863.txt [ Cookie:stephan@ad.dyntracker.de/ ]
.lfstmedia.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
|
|
27.06.2012, 12:34
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet!Zitat:
Die Anleitung zu SUPERAntiSpyware wurde nun auch überarbeitet
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2012, 17:10
| #25 |
| | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet!Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/27/2012 at 05:47 PM
Application Version : 5.1.1002
Core Rules Database Version : 8800
Trace Rules Database Version: 6612
Scan type : Complete Scan
Total Scan Time : 02:29:22
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 685
Memory threats detected : 0
Registry items scanned : 67295
Registry threats detected : 0
File items scanned : 111624
File threats detected : 179
Adware.Tracking Cookie
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\3VY5RILT.txt [ /revsci.net ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\NEGDBSW6.txt [ /adfarm1.adition.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\9GFC287I.txt [ /fastclick.net ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\0XELIY3J.txt [ /zanox-affiliate.de ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\J5WYVEKJ.txt [ /exoclick.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\EXZ5E4WR.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\VA5EW1VQ.txt [ /smartadserver.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\ISHSO8JU.txt [ /www.zanox-affiliate.de ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\6EY513MA.txt [ /ads.creative-serving.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\0TN25UIG.txt [ /kontera.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\0KZMBIOZ.txt [ /ad.zanox.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\KG3OUGEK.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\CRGW0RGN.txt [ /atdmt.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\AGXLFDCH.txt [ /account.swtor.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\VS5LU8AR.txt [ /sunporno.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\XFQ1I1Y7.txt [ /c.atdmt.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\I17EW1CX.txt [ /ero-advertising.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\5Q2VRX18.txt [ /tracking.quisma.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\TRE6K7KY.txt [ /adform.net ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\OJC96MFB.txt [ /adultadworld.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\D0U1900K.txt [ /invitemedia.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\RLDQZ9VP.txt [ /legolas-media.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\KIKBFSVZ.txt [ /adxpansion.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\8UE4OYHQ.txt [ /doubleclick.net ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\70A8MISP.txt [ /www.sunporno.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\90EAPNBZ.txt [ /mediaplex.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\VZDUG585.txt [ /dyntracker.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\ZFLZ642S.txt [ /zanox.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\R684Y3AY.txt [ /track.adform.net ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\7F9KLRHM.txt [ /apmebf.com ]
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\VUW87863.txt [ /ad.dyntracker.de ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WKC46FWW.txt [ Cookie:stephan@bs.serving-sys.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y6289KND.txt [ Cookie:stephan@........./ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\31WZC577.txt [ Cookie:stephan@revsci.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FU1OBKB2.txt [ Cookie:stephan@adfarm1.adition.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3MKBCQCH.txt [ Cookie:stephan@fastclick.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RDDXTB42.txt [ Cookie:stephan@amazon-adsystem.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JBTMWVCZ.txt [ Cookie:stephan@zanox-affiliate.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OE9IYL6Z.txt [ Cookie:stephan@........./ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0BMFG10D.txt [ Cookie:stephan@amazonservices.122.2o7.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z7NA1LTX.txt [ Cookie:stephan@imrworldwide.com/cgi-bin ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EW7J3VG8.txt [ Cookie:stephan@ad1.adfarm1.adition.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\236T11OV.txt [ Cookie:stephan@dc.tremormedia.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CX31RNXI.txt [ Cookie:stephan@........./ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0UXOBMCQ.txt [ Cookie:stephan@ad.dyntracker.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0E2B1QSO.txt [ Cookie:stephan@hightraffic.hugoboss.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C9B6YN2I.txt [ Cookie:stephan@ad.yieldmanager.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZ7B62OG.txt [ Cookie:stephan@smartadserver.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RTNVJHGD.txt [ Cookie:stephan@www.zanox-affiliate.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QXOQ8L7I.txt [ Cookie:stephan@adtech.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ERA2XK00.txt [ Cookie:stephan@collective-media.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IJDKTGER.txt [ Cookie:stephan@........./ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XT2DLV29.txt [ Cookie:stephan@ad3.adfarm1.adition.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9YOJJFO.txt [ Cookie:stephan@ad.zanox.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\L9EGJW4Z.txt [ Cookie:stephan@serving-sys.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCQ1MI3C.txt [ Cookie:stephan@s2.trafficmaxx.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OWL19S8H.txt [ Cookie:stephan@yadro.ru/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WZ0BG1EI.txt [ Cookie:stephan@ww251.smartadserver.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DUKIEIBI.txt [ Cookie:stephan@harrenmedianetwork.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\K2MAMGTX.txt [ Cookie:stephan@tradedoubler.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N0W0AOCO.txt [ Cookie:stephan@www........../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HR8OQ7DO.txt [ Cookie:stephan@im.banner.t-online.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\522DP4W3.txt [ Cookie:stephan@rambler.ru/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WTBICSC3.txt [ Cookie:stephan@elitepvpers.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\61US5Y9S.txt [ Cookie:stephan@........./ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7J9NB8PF.txt [ Cookie:stephan@ad2.adfarm1.adition.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N7RHCXZB.txt [ Cookie:stephan@webmasterplan.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9JASM4YK.txt [ Cookie:stephan@zedo.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7GMADI0J.txt [ Cookie:stephan@tracking.gameforge.de/track/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XU2VT2FV.txt [ Cookie:stephan@c.atdmt.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V00MLK1R.txt [ Cookie:stephan@insightexpressai.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8DD7AIJE.txt [ Cookie:stephan@edates.traffective-tracking.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ZX3D57T.txt [ Cookie:stephan@........./ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G5XSPK0U.txt [ Cookie:stephan@adform.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JD4SAHEN.txt [ Cookie:stephan@ad4.adfarm1.adition.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JX44KHV.txt [ Cookie:stephan@www.elitepvpers.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E40QBGSA.txt [ Cookie:stephan@eaeacom.112.2o7.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\D2J6RE08.txt [ Cookie:stephan@invitemedia.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GJZ2Y7HZ.txt [ Cookie:stephan@yieldmanager.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\15R3IVVU.txt [ Cookie:stephan@adviva.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ULEPYBA.txt [ Cookie:stephan@www.adserving.pixfuture.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BUSZWBSD.txt [ Cookie:stephan@adxpose.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BVWAVEY9.txt [ Cookie:stephan@server.cpmstar.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UG1TXCUT.txt [ Cookie:stephan@unitymedia.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\32VJQK18.txt [ Cookie:stephan@adxpansion.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QS0PNE59.txt [ Cookie:stephan@tns-counter.ru/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UE8KV7YP.txt [ Cookie:stephan@traffictrack.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F3OYRIA0.txt [ Cookie:stephan@adx.chip.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C7V0YBA9.txt [ Cookie:stephan@www.google.de/accounts ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CGYBQIO7.txt [ Cookie:stephan@adbrite.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VLZN5YF1.txt [ Cookie:stephan@track.effiliation.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZKWHFZR2.txt [ Cookie:stephan@track.adform.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ILY6G7R4.txt [ Cookie:stephan@zanox.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JSZQZOVE.txt [ Cookie:stephan@apmebf.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\90A00CUC.txt [ Cookie:stephan@specificclick.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JKXX6M5W.txt [ Cookie:stephan@adserver.adtechus.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RN1BRY1W.txt [ Cookie:stephan@ads.247activemedia.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4VW28DGZ.txt [ Cookie:stephan@media.gan-online.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNT64OYI.txt [ Cookie:stephan@m1.webstats.motigo.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1UOVEN6G.txt [ Cookie:stephan@de.sitestat.com/karstadt-de/karstadt/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DO3O9BND.txt [ Cookie:stephan@guj.122.2o7.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H4RD9H5J.txt [ Cookie:stephan@uk.at.atwola.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IE9E4GEA.txt [ Cookie:stephan@exoclick.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\R2A10WMH.txt [ Cookie:stephan@atwola.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8553RVPE.txt [ Cookie:stephan@www........../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BNO66JRG.txt [ Cookie:stephan@lfstmedia.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2L1KXKQW.txt [ Cookie:stephan@e-2dj6wmkyqgdpmfp.stats.esomniture.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP2SUGHD.txt [ Cookie:stephan@teufel-media.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X5FUAEVT.txt [ Cookie:stephan@adformdsp.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\14E6YLX8.txt [ Cookie:stephan@www.googleadservices.com/pagead/conversion/1055079916/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JF8509G0.txt [ Cookie:stephan@dealtime.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7IP2PM6M.txt [ Cookie:stephan@www.google.com/accounts ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J2FGZUXL.txt [ Cookie:stephan@h.atdmt.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FFBJ3HGZ.txt [ Cookie:stephan@track.gridlockparadise.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OWTU2R9F.txt [ Cookie:stephan@www.republicofadvertising.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\M3HZBUY1.txt [ Cookie:stephan@www.etracker.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1RY5BEB3.txt [ Cookie:stephan@........./ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EA10872B.txt [ Cookie:stephan@adlegend.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HEI1YR9A.txt [ Cookie:stephan@tracking.mobile.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8LWT1F9.txt [ Cookie:stephan@media6degrees.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ILHTAGB.txt [ Cookie:stephan@ru4.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XE9BOS3B.txt [ Cookie:stephan@www.ardmediathek.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JKNJSSM1.txt [ Cookie:stephan@2o7.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KC29BINK.txt [ Cookie:stephan@tracking.mindshare.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YX1CDTU0.txt [ Cookie:stephan@www........../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ACMINGSU.txt [ Cookie:stephan@server.adformdsp.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QSU8T9Y0.txt [ Cookie:stephan@questionmarket.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V4TZ6FB3.txt [ Cookie:stephan@interclick.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3NF80VCW.txt [ Cookie:stephan@a.revenuemax.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FN16D0TY.txt [ Cookie:stephan@www........../ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6CX10VZ7.txt [ Cookie:stephan@......... ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RQ3SSYTS.txt [ Cookie:stephan@........./ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q88EMEH8.txt [ Cookie:stephan@advertising.superweb.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QXBEOMEW.txt [ Cookie:stephan@www.usenext.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CKPRB6OM.txt [ Cookie:stephan@parship.122.2o7.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3YAZ28K.txt [ Cookie:stephan@www.googleadservices.com/pagead/conversion/1044648193/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J9HQMWZ2.txt [ Cookie:stephan@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UU1AA1J.txt [ Cookie:stephan@ad.dyntracker.de/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SL1ZKNCA.txt [ Cookie:stephan@accounts.youtube.com/accounts ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6HYCTEMO.txt [ Cookie:stephan@ads.crakmedia.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\O1EORXH0.txt [ Cookie:stephan@account.swtor.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KF7KLYUQ.txt [ Cookie:stephan@statse.webtrendslive.com/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G3F91QZ6.txt [ Cookie:stephan@server.adform.net/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XV1SRSFL.txt [ Cookie:stephan@www.googleadservices.com/pagead/conversion/1010295416/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2JKPUJF4.txt [ Cookie:stephan@www.googleadservices.com/pagead/conversion/1028954965/ ]
C:\USERS\STEPHAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PZN26VN.txt [ Cookie:stephan@........./ ]
C:\USERS\STEPHAN\Cookies\3VY5RILT.txt [ Cookie:stephan@revsci.net/ ]
C:\USERS\STEPHAN\Cookies\NEGDBSW6.txt [ Cookie:stephan@adfarm1.adition.com/ ]
C:\USERS\STEPHAN\Cookies\9GFC287I.txt [ Cookie:stephan@fastclick.net/ ]
C:\USERS\STEPHAN\Cookies\0XELIY3J.txt [ Cookie:stephan@zanox-affiliate.de/ ]
C:\USERS\STEPHAN\Cookies\J5WYVEKJ.txt [ Cookie:stephan@exoclick.com/ ]
C:\USERS\STEPHAN\Cookies\EXZ5E4WR.txt [ Cookie:stephan@ad1.adfarm1.adition.com/ ]
C:\USERS\STEPHAN\Cookies\VA5EW1VQ.txt [ Cookie:stephan@smartadserver.com/ ]
C:\USERS\STEPHAN\Cookies\ISHSO8JU.txt [ Cookie:stephan@www.zanox-affiliate.de/ ]
C:\USERS\STEPHAN\Cookies\0TN25UIG.txt [ Cookie:stephan@kontera.com/ ]
C:\USERS\STEPHAN\Cookies\0KZMBIOZ.txt [ Cookie:stephan@ad.zanox.com/ ]
C:\USERS\STEPHAN\Cookies\KG3OUGEK.txt [ Cookie:stephan@ad3.adfarm1.adition.com/ ]
C:\USERS\STEPHAN\Cookies\AGXLFDCH.txt [ Cookie:stephan@account.swtor.com/ ]
C:\USERS\STEPHAN\Cookies\VS5LU8AR.txt [ Cookie:stephan@........./ ]
C:\USERS\STEPHAN\Cookies\XFQ1I1Y7.txt [ Cookie:stephan@c.atdmt.com/ ]
C:\USERS\STEPHAN\Cookies\TRE6K7KY.txt [ Cookie:stephan@adform.net/ ]
C:\USERS\STEPHAN\Cookies\OJC96MFB.txt [ Cookie:stephan@........./ ]
C:\USERS\STEPHAN\Cookies\D0U1900K.txt [ Cookie:stephan@invitemedia.com/ ]
C:\USERS\STEPHAN\Cookies\KIKBFSVZ.txt [ Cookie:stephan@adxpansion.com/ ]
C:\USERS\STEPHAN\Cookies\VZDUG585.txt [ Cookie:stephan@dyntracker.com/ ]
C:\USERS\STEPHAN\Cookies\ZFLZ642S.txt [ Cookie:stephan@zanox.com/ ]
C:\USERS\STEPHAN\Cookies\R684Y3AY.txt [ Cookie:stephan@track.adform.net/ ]
C:\USERS\STEPHAN\Cookies\7F9KLRHM.txt [ Cookie:stephan@apmebf.com/ ]
C:\USERS\STEPHAN\Cookies\VUW87863.txt [ Cookie:stephan@ad.dyntracker.de/ ]
.lfstmedia.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\STEPHAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
|
|
28.06.2012, 09:59
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet! Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.06.2012, 18:49
| #27 |
| | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet! Ich kann bis hier her keinerlei Probleme finden. Ganz im Gegenteil....mein Explorer arbeitet schneller als zuvor! Kannst du mir abschliessend sagen ob bei mir und was angerichtet wurde an Schaden?? |
|
29.06.2012, 11:39
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet! Sind denn noch Dateien bei dir verschlüsselt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 18:29
| #29 |
| | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet! Ich konnte nur 3 jpeg´s erkennen welche nicht mehr gingen, aber das war das einzigste. |
|
01.07.2012, 14:21
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet! Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Verschlüsselungstrojaner eingefangen! E-Mail Anhang geöffnet! |
| administrator, anhang geöffnet, anti-malware, autostart, dateien, dateisystem, e-mail, e-mail anhang, explorer, gen, heuristiks/extra, heuristiks/shuriken, langs, launch, logfile, malwarebytes, msn deutschland, netzwerk, neu, nvidia update, offline, online, panik, papierkorb, plug-in, problem, probleme, scan, screen, searchscopes, speicher, startet, update, windows, windows update |
Linear-Darstellung
