| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Agent.CWIGenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.07.2012, 08:10
| #16 |
 |  Trojan.Agent.CWIGen Hallo Cosinus, hier das TDSS Log: Code:
ATTFilter 08:23:34.0412 4852 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
08:23:34.0475 4852 ============================================================
08:23:34.0475 4852 Current date / time: 2012/07/13 08:23:34.0475
08:23:34.0475 4852 SystemInfo:
08:23:34.0475 4852
08:23:34.0475 4852 OS Version: 6.1.7601 ServicePack: 1.0
08:23:34.0475 4852 Product type: Workstation
08:23:34.0475 4852 ComputerName: INGEBORG-PC
08:23:34.0475 4852 UserName: Hans
08:23:34.0475 4852 Windows directory: C:\windows
08:23:34.0475 4852 System windows directory: C:\windows
08:23:34.0475 4852 Processor architecture: Intel x86
08:23:34.0475 4852 Number of processors: 2
08:23:34.0475 4852 Page size: 0x1000
08:23:34.0475 4852 Boot type: Normal boot
08:23:34.0475 4852 ============================================================
08:23:36.0128 4852 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:23:36.0128 4852 Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:23:36.0128 4852 ============================================================
08:23:36.0128 4852 \Device\Harddisk0\DR0:
08:23:36.0128 4852 MBR partitions:
08:23:36.0128 4852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
08:23:36.0128 4852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x11AFD000
08:23:36.0128 4852 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1392F800, BlocksNum 0x75BA000
08:23:36.0128 4852 \Device\Harddisk1\DR1:
08:23:36.0128 4852 MBR partitions:
08:23:36.0128 4852 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
08:23:36.0128 4852 ============================================================
08:23:36.0159 4852 C: <-> \Device\Harddisk0\DR0\Partition1
08:23:36.0206 4852 D: <-> \Device\Harddisk0\DR0\Partition2
08:23:36.0206 4852 ============================================================
08:23:36.0206 4852 Initialize success
08:23:36.0206 4852 ============================================================
08:24:12.0172 5120 ============================================================
08:24:12.0172 5120 Scan started
08:24:12.0172 5120 Mode: Manual; SigCheck; TDLFS;
08:24:12.0172 5120 ============================================================
08:24:12.0921 5120 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
08:24:13.0108 5120 1394ohci - ok
08:24:13.0280 5120 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
08:24:13.0342 5120 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
08:24:13.0404 5120 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
08:24:13.0451 5120 ACPI - ok
08:24:13.0514 5120 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
08:24:13.0607 5120 AcpiPmi - ok
08:24:13.0779 5120 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:24:13.0810 5120 AdobeARMservice - ok
08:24:13.0904 5120 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:24:13.0935 5120 AdobeFlashPlayerUpdateSvc - ok
08:24:14.0044 5120 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
08:24:14.0091 5120 adp94xx - ok
08:24:14.0122 5120 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
08:24:14.0184 5120 adpahci - ok
08:24:14.0231 5120 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
08:24:14.0262 5120 adpu320 - ok
08:24:14.0294 5120 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
08:24:14.0387 5120 AeLookupSvc - ok
08:24:14.0496 5120 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
08:24:14.0574 5120 AFD - ok
08:24:14.0606 5120 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
08:24:14.0637 5120 agp440 - ok
08:24:14.0746 5120 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
08:24:14.0777 5120 aic78xx - ok
08:24:14.0824 5120 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
08:24:14.0902 5120 ALG - ok
08:24:14.0933 5120 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
08:24:14.0964 5120 aliide - ok
08:24:14.0980 5120 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
08:24:15.0011 5120 amdagp - ok
08:24:15.0042 5120 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
08:24:15.0074 5120 amdide - ok
08:24:15.0105 5120 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
08:24:15.0167 5120 AmdK8 - ok
08:24:15.0183 5120 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
08:24:15.0230 5120 AmdPPM - ok
08:24:15.0292 5120 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
08:24:15.0323 5120 amdsata - ok
08:24:15.0370 5120 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
08:24:15.0417 5120 amdsbs - ok
08:24:15.0417 5120 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
08:24:15.0448 5120 amdxata - ok
08:24:15.0495 5120 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
08:24:15.0620 5120 AppID - ok
08:24:15.0713 5120 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
08:24:15.0776 5120 AppIDSvc - ok
08:24:15.0822 5120 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
08:24:15.0885 5120 Appinfo - ok
08:24:16.0010 5120 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:24:16.0025 5120 Apple Mobile Device - ok
08:24:16.0072 5120 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
08:24:16.0119 5120 arc - ok
08:24:16.0134 5120 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
08:24:16.0166 5120 arcsas - ok
08:24:16.0212 5120 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
08:24:16.0337 5120 AsyncMac - ok
08:24:16.0368 5120 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
08:24:16.0400 5120 atapi - ok
08:24:16.0540 5120 athr (8efa8e1c4c5eea27951a8dd015ffe4cd) C:\windows\system32\DRIVERS\athr.sys
08:24:16.0665 5120 athr - ok
08:24:16.0868 5120 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:24:16.0930 5120 AudioEndpointBuilder - ok
08:24:16.0946 5120 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:24:17.0008 5120 Audiosrv - ok
08:24:17.0102 5120 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
08:24:17.0195 5120 AxInstSV - ok
08:24:17.0273 5120 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
08:24:17.0336 5120 b06bdrv - ok
08:24:17.0382 5120 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
08:24:17.0429 5120 b57nd60x - ok
08:24:17.0538 5120 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
08:24:17.0570 5120 BcmSqlStartupSvc - ok
08:24:17.0616 5120 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
08:24:17.0679 5120 BDESVC - ok
08:24:17.0710 5120 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
08:24:17.0788 5120 Beep - ok
08:24:17.0866 5120 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
08:24:17.0960 5120 BFE - ok
08:24:18.0022 5120 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
08:24:18.0116 5120 BITS - ok
08:24:18.0131 5120 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
08:24:18.0178 5120 blbdrive - ok
08:24:18.0303 5120 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:24:18.0350 5120 Bonjour Service - ok
08:24:18.0396 5120 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
08:24:18.0459 5120 bowser - ok
08:24:18.0474 5120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
08:24:18.0552 5120 BrFiltLo - ok
08:24:18.0568 5120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
08:24:18.0630 5120 BrFiltUp - ok
08:24:18.0677 5120 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
08:24:18.0771 5120 Browser - ok
08:24:18.0818 5120 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
08:24:18.0896 5120 Brserid - ok
08:24:18.0927 5120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
08:24:18.0958 5120 BrSerWdm - ok
08:24:18.0974 5120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
08:24:19.0005 5120 BrUsbMdm - ok
08:24:19.0036 5120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
08:24:19.0083 5120 BrUsbSer - ok
08:24:19.0098 5120 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
08:24:19.0145 5120 BTHMODEM - ok
08:24:19.0176 5120 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
08:24:19.0254 5120 bthserv - ok
08:24:19.0286 5120 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
08:24:19.0364 5120 cdfs - ok
08:24:19.0426 5120 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
08:24:19.0473 5120 cdrom - ok
08:24:19.0520 5120 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:24:19.0582 5120 CertPropSvc - ok
08:24:19.0676 5120 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\windows\system32\drivers\cfwids.sys
08:24:19.0722 5120 cfwids - ok
08:24:19.0769 5120 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
08:24:19.0800 5120 circlass - ok
08:24:19.0847 5120 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
08:24:19.0878 5120 CLFS - ok
08:24:19.0972 5120 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:24:20.0003 5120 clr_optimization_v2.0.50727_32 - ok
08:24:20.0081 5120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:24:20.0159 5120 clr_optimization_v4.0.30319_32 - ok
08:24:20.0190 5120 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
08:24:20.0237 5120 CmBatt - ok
08:24:20.0284 5120 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
08:24:20.0315 5120 cmdide - ok
08:24:20.0362 5120 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys
08:24:20.0424 5120 CNG - ok
08:24:20.0456 5120 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
08:24:20.0487 5120 Compbatt - ok
08:24:20.0534 5120 CompFilter (9704b9c442e3ef2989746d08f80a3743) C:\windows\system32\DRIVERS\lvbusflt.sys
08:24:20.0565 5120 CompFilter - ok
08:24:20.0596 5120 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
08:24:20.0643 5120 CompositeBus - ok
08:24:20.0705 5120 COMSysApp - ok
08:24:20.0721 5120 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
08:24:20.0752 5120 crcdisk - ok
08:24:20.0814 5120 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
08:24:20.0877 5120 CryptSvc - ok
08:24:20.0955 5120 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys
08:24:20.0970 5120 ctxusbm - ok
08:24:21.0048 5120 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:24:21.0111 5120 DcomLaunch - ok
08:24:21.0158 5120 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
08:24:21.0236 5120 defragsvc - ok
08:24:21.0298 5120 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
08:24:21.0376 5120 DfsC - ok
08:24:21.0438 5120 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
08:24:21.0516 5120 Dhcp - ok
08:24:21.0532 5120 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
08:24:21.0610 5120 discache - ok
08:24:21.0657 5120 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
08:24:21.0672 5120 Disk - ok
08:24:21.0735 5120 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
08:24:21.0797 5120 Dnscache - ok
08:24:21.0860 5120 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
08:24:21.0922 5120 dot3svc - ok
08:24:21.0969 5120 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
08:24:22.0062 5120 DPS - ok
08:24:22.0125 5120 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
08:24:22.0187 5120 drmkaud - ok
08:24:22.0265 5120 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
08:24:22.0312 5120 DXGKrnl - ok
08:24:22.0343 5120 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
08:24:22.0406 5120 EapHost - ok
08:24:22.0655 5120 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
08:24:22.0811 5120 ebdrv - ok
08:24:22.0952 5120 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
08:24:22.0998 5120 EFS - ok
08:24:23.0092 5120 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
08:24:23.0154 5120 ehRecvr - ok
08:24:23.0201 5120 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
08:24:23.0264 5120 ehSched - ok
08:24:23.0357 5120 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
08:24:23.0404 5120 elxstor - ok
08:24:23.0513 5120 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
08:24:23.0544 5120 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
08:24:23.0544 5120 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
08:24:23.0607 5120 EPSON_EB_RPCV4_04 (b92f2b3247f0a99490c1298a1d3d7b4c) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
08:24:23.0716 5120 EPSON_EB_RPCV4_04 - ok
08:24:23.0763 5120 EPSON_PM_RPCV4_04 (651336b99c75fb54e4b5971cf458f9bd) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
08:24:23.0810 5120 EPSON_PM_RPCV4_04 - ok
08:24:23.0856 5120 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
08:24:23.0903 5120 ErrDev - ok
08:24:23.0966 5120 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
08:24:24.0028 5120 EventSystem - ok
08:24:24.0059 5120 ew_hwusbdev - ok
08:24:24.0090 5120 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
08:24:24.0168 5120 exfat - ok
08:24:24.0200 5120 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
08:24:24.0278 5120 fastfat - ok
08:24:24.0340 5120 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
08:24:24.0418 5120 Fax - ok
08:24:24.0434 5120 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
08:24:24.0465 5120 fdc - ok
08:24:24.0496 5120 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
08:24:24.0574 5120 fdPHost - ok
08:24:24.0590 5120 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
08:24:24.0652 5120 FDResPub - ok
08:24:24.0683 5120 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
08:24:24.0714 5120 FileInfo - ok
08:24:24.0730 5120 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
08:24:24.0808 5120 Filetrace - ok
08:24:24.0824 5120 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
08:24:24.0855 5120 flpydisk - ok
08:24:24.0902 5120 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
08:24:24.0933 5120 FltMgr - ok
08:24:25.0042 5120 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
08:24:25.0120 5120 FontCache - ok
08:24:25.0182 5120 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:24:25.0198 5120 FontCache3.0.0.0 - ok
08:24:25.0229 5120 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
08:24:25.0260 5120 FsDepends - ok
08:24:25.0292 5120 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
08:24:25.0323 5120 fssfltr - ok
08:24:25.0416 5120 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
08:24:25.0479 5120 fsssvc - ok
08:24:25.0510 5120 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
08:24:25.0541 5120 Fs_Rec - ok
08:24:25.0604 5120 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
08:24:25.0635 5120 fvevol - ok
08:24:25.0713 5120 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
08:24:25.0744 5120 gagp30kx - ok
08:24:25.0791 5120 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
08:24:25.0806 5120 GEARAspiWDM - ok
08:24:25.0884 5120 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
08:24:25.0962 5120 gpsvc - ok
08:24:26.0056 5120 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
08:24:26.0103 5120 gupdate - ok
08:24:26.0118 5120 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
08:24:26.0150 5120 gupdatem - ok
08:24:26.0228 5120 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:24:26.0259 5120 gusvc - ok
08:24:26.0274 5120 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
08:24:26.0352 5120 hcw85cir - ok
08:24:26.0415 5120 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
08:24:26.0493 5120 HdAudAddService - ok
08:24:26.0540 5120 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
08:24:26.0586 5120 HDAudBus - ok
08:24:26.0602 5120 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
08:24:26.0649 5120 HidBatt - ok
08:24:26.0727 5120 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
08:24:26.0774 5120 HidBth - ok
08:24:26.0805 5120 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
08:24:26.0836 5120 HidIr - ok
08:24:26.0883 5120 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
08:24:26.0945 5120 hidserv - ok
08:24:27.0008 5120 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
08:24:27.0054 5120 HidUsb - ok
08:24:27.0086 5120 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
08:24:27.0179 5120 hkmsvc - ok
08:24:27.0226 5120 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
08:24:27.0288 5120 HomeGroupListener - ok
08:24:27.0335 5120 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
08:24:27.0382 5120 HomeGroupProvider - ok
08:24:27.0429 5120 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
08:24:27.0460 5120 HpSAMD - ok
08:24:27.0522 5120 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
08:24:27.0600 5120 HTTP - ok
08:24:27.0616 5120 huawei_cdcacm - ok
08:24:27.0632 5120 huawei_enumerator - ok
08:24:27.0678 5120 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
08:24:27.0710 5120 hwpolicy - ok
08:24:27.0756 5120 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
08:24:27.0803 5120 i8042prt - ok
08:24:27.0866 5120 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
08:24:27.0897 5120 iaStor - ok
08:24:27.0975 5120 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
08:24:28.0022 5120 iaStorV - ok
08:24:28.0146 5120 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:24:28.0209 5120 idsvc - ok
08:24:28.0973 5120 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys
08:24:29.0363 5120 igfx - ok
08:24:29.0550 5120 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
08:24:29.0582 5120 iirsp - ok
08:24:29.0738 5120 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
08:24:29.0831 5120 IKEEXT - ok
08:24:30.0112 5120 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
08:24:30.0206 5120 IntcAzAudAddService - ok
08:24:30.0346 5120 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
08:24:30.0377 5120 intelide - ok
08:24:30.0424 5120 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
08:24:30.0455 5120 intelppm - ok
08:24:30.0486 5120 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
08:24:30.0564 5120 IPBusEnum - ok
08:24:30.0580 5120 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:24:30.0642 5120 IpFilterDriver - ok
08:24:30.0767 5120 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
08:24:30.0845 5120 iphlpsvc - ok
08:24:30.0876 5120 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
08:24:30.0923 5120 IPMIDRV - ok
08:24:30.0939 5120 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
08:24:31.0001 5120 IPNAT - ok
08:24:31.0126 5120 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
08:24:31.0157 5120 iPod Service - ok
08:24:31.0204 5120 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
08:24:31.0282 5120 IRENUM - ok
08:24:31.0313 5120 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
08:24:31.0344 5120 isapnp - ok
08:24:31.0391 5120 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
08:24:31.0438 5120 iScsiPrt - ok
08:24:31.0469 5120 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
08:24:31.0500 5120 kbdclass - ok
08:24:31.0547 5120 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
08:24:31.0594 5120 kbdhid - ok
08:24:31.0641 5120 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:24:31.0672 5120 KeyIso - ok
08:24:31.0719 5120 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys
08:24:31.0750 5120 KSecDD - ok
08:24:31.0781 5120 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys
08:24:31.0828 5120 KSecPkg - ok
08:24:31.0875 5120 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
08:24:31.0968 5120 KtmRm - ok
08:24:32.0031 5120 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
08:24:32.0109 5120 LanmanServer - ok
08:24:32.0140 5120 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
08:24:32.0249 5120 LanmanWorkstation - ok
08:24:32.0280 5120 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
08:24:32.0358 5120 lltdio - ok
08:24:32.0405 5120 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
08:24:32.0483 5120 lltdsvc - ok
08:24:32.0499 5120 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
08:24:32.0561 5120 lmhosts - ok
08:24:32.0608 5120 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
08:24:32.0639 5120 LSI_FC - ok
08:24:32.0702 5120 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
08:24:32.0733 5120 LSI_SAS - ok
08:24:32.0764 5120 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
08:24:32.0795 5120 LSI_SAS2 - ok
08:24:32.0811 5120 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
08:24:32.0842 5120 LSI_SCSI - ok
08:24:32.0873 5120 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
08:24:32.0951 5120 luafv - ok
08:24:33.0014 5120 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\windows\system32\DRIVERS\lvrs.sys
08:24:33.0076 5120 LVRS - ok
08:24:33.0419 5120 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\windows\system32\DRIVERS\lvuvc.sys
08:24:33.0591 5120 LVUVC - ok
08:24:33.0856 5120 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\windows\system32\drivers\mbamswissarmy.sys
08:24:33.0887 5120 MBAMSwissArmy - ok
08:24:34.0012 5120 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:24:34.0043 5120 McAfee SiteAdvisor Service - ok
08:24:34.0059 5120 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:24:34.0090 5120 McMPFSvc - ok
08:24:34.0106 5120 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:24:34.0137 5120 mcmscsvc - ok
08:24:34.0152 5120 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:24:34.0184 5120 McNaiAnn - ok
08:24:34.0199 5120 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:24:34.0230 5120 McNASvc - ok
08:24:34.0324 5120 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
08:24:34.0371 5120 McODS - ok
08:24:34.0386 5120 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:24:34.0418 5120 McProxy - ok
08:24:34.0480 5120 McPvDrv (000751813ecef491689176e72b3a8bee) C:\windows\system32\drivers\McPvDrv.sys
08:24:34.0496 5120 McPvDrv - ok
08:24:34.0574 5120 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
08:24:34.0620 5120 McShield - ok
08:24:34.0698 5120 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
08:24:34.0730 5120 Mcx2Svc - ok
08:24:34.0776 5120 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
08:24:34.0808 5120 megasas - ok
08:24:34.0839 5120 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
08:24:34.0886 5120 MegaSR - ok
08:24:34.0948 5120 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\windows\system32\drivers\mfeapfk.sys
08:24:34.0979 5120 mfeapfk - ok
08:24:35.0042 5120 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\windows\system32\drivers\mfeavfk.sys
08:24:35.0073 5120 mfeavfk - ok
08:24:35.0088 5120 mfeavfk01 - ok
08:24:35.0120 5120 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\windows\system32\drivers\mfebopk.sys
08:24:35.0135 5120 mfebopk - ok
08:24:35.0182 5120 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
08:24:35.0229 5120 mfefire - ok
08:24:35.0276 5120 mfefirek (4ea6ff90015424517843e931448e00f1) C:\windows\system32\drivers\mfefirek.sys
08:24:35.0322 5120 mfefirek - ok
08:24:35.0369 5120 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\windows\system32\drivers\mfehidk.sys
08:24:35.0432 5120 mfehidk - ok
08:24:35.0463 5120 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\windows\system32\DRIVERS\mfenlfk.sys
08:24:35.0494 5120 mfenlfk - ok
08:24:35.0525 5120 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\windows\system32\drivers\mferkdet.sys
08:24:35.0556 5120 mferkdet - ok
08:24:35.0697 5120 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
08:24:35.0744 5120 mfevtp - ok
08:24:35.0806 5120 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\windows\system32\drivers\mfewfpk.sys
08:24:35.0837 5120 mfewfpk - ok
08:24:35.0931 5120 Microsoft SharePoint Workspace Audit Service - ok
08:24:35.0946 5120 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:24:36.0009 5120 MMCSS - ok
08:24:36.0087 5120 MOBKbackup (35176fa09a0fc58db630991a81a0ba39) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
08:24:36.0118 5120 MOBKbackup - ok
08:24:36.0180 5120 MOBKFilter (e896775837a8bce436348df460522394) C:\windows\system32\DRIVERS\MOBK.sys
08:24:36.0196 5120 MOBKFilter - ok
08:24:36.0227 5120 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
08:24:36.0305 5120 Modem - ok
08:24:36.0321 5120 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
08:24:36.0368 5120 monitor - ok
08:24:36.0399 5120 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
08:24:36.0430 5120 mouclass - ok
08:24:36.0446 5120 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
08:24:36.0492 5120 mouhid - ok
08:24:36.0524 5120 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
08:24:36.0555 5120 mountmgr - ok
08:24:36.0617 5120 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
08:24:36.0664 5120 mpio - ok
08:24:36.0711 5120 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
08:24:36.0789 5120 mpsdrv - ok
08:24:36.0867 5120 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
08:24:36.0929 5120 MpsSvc - ok
08:24:36.0976 5120 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
08:24:37.0023 5120 MRxDAV - ok
08:24:37.0085 5120 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
08:24:37.0163 5120 mrxsmb - ok
08:24:37.0210 5120 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:24:37.0257 5120 mrxsmb10 - ok
08:24:37.0288 5120 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:24:37.0319 5120 mrxsmb20 - ok
08:24:37.0350 5120 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
08:24:37.0382 5120 msahci - ok
08:24:37.0428 5120 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
08:24:37.0475 5120 msdsm - ok
08:24:37.0522 5120 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
08:24:37.0584 5120 MSDTC - ok
08:24:37.0631 5120 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
08:24:37.0694 5120 Msfs - ok
08:24:37.0725 5120 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
08:24:37.0787 5120 mshidkmdf - ok
08:24:37.0818 5120 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
08:24:37.0850 5120 msisadrv - ok
08:24:37.0881 5120 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
08:24:37.0974 5120 MSiSCSI - ok
08:24:37.0974 5120 msiserver - ok
08:24:38.0099 5120 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:24:38.0130 5120 MSK80Service - ok
08:24:38.0162 5120 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
08:24:38.0240 5120 MSKSSRV - ok
08:24:38.0255 5120 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
08:24:38.0318 5120 MSPCLOCK - ok
08:24:38.0333 5120 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
08:24:38.0396 5120 MSPQM - ok
08:24:38.0427 5120 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
08:24:38.0474 5120 MsRPC - ok
08:24:38.0520 5120 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
08:24:38.0552 5120 mssmbios - ok
08:24:38.0614 5120 MSSQL$MSSMLBIZ - ok
08:24:38.0708 5120 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:24:38.0739 5120 MSSQLServerADHelper - ok
08:24:38.0739 5120 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
08:24:38.0801 5120 MSTEE - ok
08:24:38.0817 5120 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
08:24:38.0864 5120 MTConfig - ok
08:24:38.0895 5120 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
08:24:38.0926 5120 Mup - ok
08:24:38.0988 5120 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
08:24:39.0066 5120 napagent - ok
08:24:39.0129 5120 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
08:24:39.0160 5120 NativeWifiP - ok
08:24:39.0238 5120 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
08:24:39.0285 5120 NDIS - ok
08:24:39.0316 5120 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
08:24:39.0394 5120 NdisCap - ok
08:24:39.0425 5120 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
08:24:39.0488 5120 NdisTapi - ok
08:24:39.0534 5120 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
08:24:39.0612 5120 Ndisuio - ok
08:24:39.0659 5120 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
08:24:39.0768 5120 NdisWan - ok
08:24:39.0800 5120 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
08:24:39.0862 5120 NDProxy - ok
08:24:39.0909 5120 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
08:24:39.0971 5120 NetBIOS - ok
08:24:40.0018 5120 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
08:24:40.0080 5120 NetBT - ok
08:24:40.0112 5120 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:24:40.0143 5120 Netlogon - ok
08:24:40.0205 5120 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
08:24:40.0283 5120 Netman - ok
08:24:40.0299 5120 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
08:24:40.0377 5120 netprofm - ok
08:24:40.0455 5120 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:24:40.0502 5120 NetTcpPortSharing - ok
08:24:40.0533 5120 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
08:24:40.0564 5120 nfrd960 - ok
08:24:40.0611 5120 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
08:24:40.0673 5120 NlaSvc - ok
08:24:40.0704 5120 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
08:24:40.0751 5120 Npfs - ok
08:24:40.0782 5120 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
08:24:40.0829 5120 nsi - ok
08:24:40.0845 5120 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
08:24:40.0923 5120 nsiproxy - ok
08:24:41.0032 5120 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
08:24:41.0126 5120 Ntfs - ok
08:24:41.0266 5120 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
08:24:41.0313 5120 Null - ok
08:24:41.0375 5120 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
08:24:41.0406 5120 nvraid - ok
08:24:41.0438 5120 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
08:24:41.0484 5120 nvstor - ok
08:24:41.0500 5120 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
08:24:41.0547 5120 nv_agp - ok
08:24:41.0594 5120 OberonGameConsoleService (b5d5da8230d3d3525839d939a9196c3e) C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
08:24:41.0625 5120 OberonGameConsoleService - ok
08:24:41.0687 5120 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
08:24:41.0734 5120 ohci1394 - ok
08:24:41.0796 5120 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:24:41.0828 5120 ose - ok
08:24:42.0218 5120 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:24:42.0436 5120 osppsvc - ok
08:24:42.0686 5120 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:24:42.0764 5120 p2pimsvc - ok
08:24:42.0795 5120 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
08:24:42.0842 5120 p2psvc - ok
08:24:42.0888 5120 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
08:24:42.0935 5120 Parport - ok
08:24:42.0982 5120 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
08:24:43.0013 5120 partmgr - ok
08:24:43.0029 5120 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
08:24:43.0076 5120 Parvdm - ok
08:24:43.0107 5120 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
08:24:43.0154 5120 PcaSvc - ok
08:24:43.0185 5120 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
08:24:43.0232 5120 pci - ok
08:24:43.0263 5120 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
08:24:43.0294 5120 pciide - ok
08:24:43.0325 5120 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
08:24:43.0372 5120 pcmcia - ok
08:24:43.0388 5120 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
08:24:43.0403 5120 pcw - ok
08:24:43.0466 5120 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
08:24:43.0559 5120 PEAUTH - ok
08:24:43.0762 5120 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
08:24:43.0871 5120 pla - ok
08:24:44.0058 5120 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
08:24:44.0136 5120 PlugPlay - ok
08:24:44.0292 5120 PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
08:24:44.0370 5120 PMBDeviceInfoProvider - ok
08:24:44.0402 5120 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
08:24:44.0448 5120 PNRPAutoReg - ok
08:24:44.0480 5120 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:24:44.0526 5120 PNRPsvc - ok
08:24:44.0589 5120 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
08:24:44.0682 5120 PolicyAgent - ok
08:24:44.0745 5120 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
08:24:44.0870 5120 Power - ok
08:24:45.0057 5120 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
08:24:45.0166 5120 PptpMiniport - ok
08:24:45.0197 5120 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
08:24:45.0228 5120 Processor - ok
08:24:45.0306 5120 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
08:24:45.0370 5120 ProfSvc - ok
08:24:45.0417 5120 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:24:45.0448 5120 ProtectedStorage - ok
08:24:45.0479 5120 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
08:24:45.0557 5120 Psched - ok
08:24:45.0619 5120 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys
08:24:45.0651 5120 PxHelp20 - ok
08:24:45.0807 5120 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
08:24:45.0885 5120 ql2300 - ok
08:24:46.0025 5120 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
08:24:46.0056 5120 ql40xx - ok
08:24:46.0165 5120 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
08:24:46.0243 5120 QWAVE - ok
08:24:46.0275 5120 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
08:24:46.0321 5120 QWAVEdrv - ok
08:24:46.0775 5120 Radio.fx (138f7963118ec710c348819c08f72230) C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
08:24:46.0900 5120 Radio.fx - ok
08:24:47.0040 5120 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
08:24:47.0102 5120 RasAcd - ok
08:24:47.0165 5120 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
08:24:47.0227 5120 RasAgileVpn - ok
08:24:47.0274 5120 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
08:24:47.0368 5120 RasAuto - ok
08:24:47.0399 5120 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
08:24:47.0477 5120 Rasl2tp - ok
08:24:47.0555 5120 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
08:24:47.0633 5120 RasMan - ok
08:24:47.0695 5120 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
08:24:47.0758 5120 RasPppoe - ok
08:24:47.0804 5120 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
08:24:47.0882 5120 RasSstp - ok
08:24:47.0929 5120 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
08:24:47.0992 5120 rdbss - ok
08:24:48.0023 5120 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
08:24:48.0054 5120 rdpbus - ok
08:24:48.0101 5120 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
08:24:48.0163 5120 RDPCDD - ok
08:24:48.0210 5120 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
08:24:48.0272 5120 RDPENCDD - ok
08:24:48.0319 5120 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
08:24:48.0397 5120 RDPREFMP - ok
08:24:48.0460 5120 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
08:24:48.0522 5120 RDPWD - ok
08:24:48.0584 5120 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
08:24:48.0631 5120 rdyboost - ok
08:24:48.0709 5120 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
08:24:48.0787 5120 RemoteAccess - ok
08:24:48.0834 5120 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
08:24:48.0912 5120 RemoteRegistry - ok
08:24:48.0959 5120 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
08:24:49.0037 5120 RpcEptMapper - ok
08:24:49.0084 5120 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
08:24:49.0130 5120 RpcLocator - ok
08:24:49.0177 5120 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:24:49.0240 5120 RpcSs - ok
08:24:49.0302 5120 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
08:24:49.0396 5120 rspndr - ok
08:24:49.0458 5120 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\windows\system32\DRIVERS\Rt86win7.sys
08:24:49.0520 5120 RTL8167 - ok
08:24:49.0567 5120 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
08:24:49.0614 5120 SABI - ok
08:24:49.0708 5120 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:24:49.0739 5120 SamSs - ok
08:24:49.0801 5120 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
08:24:49.0832 5120 sbp2port - ok
08:24:49.0879 5120 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
08:24:49.0957 5120 SCardSvr - ok
08:24:50.0004 5120 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
08:24:50.0082 5120 scfilter - ok
08:24:50.0176 5120 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
08:24:50.0269 5120 Schedule - ok
08:24:50.0316 5120 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:24:50.0378 5120 SCPolicySvc - ok
08:24:50.0425 5120 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
08:24:50.0503 5120 SDRSVC - ok
08:24:50.0566 5120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
08:24:50.0644 5120 secdrv - ok
08:24:50.0737 5120 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
08:24:50.0800 5120 seclogon - ok
08:24:50.0831 5120 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
08:24:50.0940 5120 SENS - ok
08:24:51.0002 5120 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
08:24:51.0049 5120 SensrSvc - ok
08:24:51.0268 5120 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
08:24:51.0299 5120 Serenum - ok
08:24:51.0377 5120 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
08:24:51.0580 5120 Serial - ok
08:24:51.0704 5120 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
08:24:51.0751 5120 sermouse - ok
08:24:51.0829 5120 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
08:24:51.0938 5120 SessionEnv - ok
08:24:52.0110 5120 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files\ShadowExplorer\sesvc.exe
08:24:52.0126 5120 sesvc ( UnsignedFile.Multi.Generic ) - warning
08:24:52.0126 5120 sesvc - detected UnsignedFile.Multi.Generic (1)
08:24:52.0172 5120 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
08:24:52.0266 5120 sffdisk - ok
08:24:52.0297 5120 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
08:24:52.0328 5120 sffp_mmc - ok
08:24:52.0344 5120 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
08:24:52.0391 5120 sffp_sd - ok
08:24:52.0422 5120 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
08:24:52.0500 5120 sfloppy - ok
08:24:52.0562 5120 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
08:24:52.0656 5120 SharedAccess - ok
08:24:52.0734 5120 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
08:24:52.0952 5120 ShellHWDetection - ok
08:24:53.0030 5120 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
08:24:53.0062 5120 sisagp - ok
08:24:53.0108 5120 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
08:24:53.0140 5120 SiSRaid2 - ok
08:24:53.0171 5120 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
08:24:53.0202 5120 SiSRaid4 - ok
08:24:53.0249 5120 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
08:24:53.0358 5120 Smb - ok
08:24:53.0420 5120 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
08:24:53.0483 5120 SNMPTRAP - ok
08:24:53.0514 5120 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
08:24:53.0545 5120 spldr - ok
08:24:53.0686 5120 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
08:24:53.0764 5120 Spooler - ok
08:24:54.0091 5120 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
08:24:54.0278 5120 sppsvc - ok
08:24:54.0419 5120 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
08:24:54.0481 5120 sppuinotify - ok
08:24:54.0607 5120 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:24:54.0623 5120 SQLBrowser - ok
08:24:54.0701 5120 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:24:54.0732 5120 SQLWriter - ok
08:24:54.0825 5120 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
08:24:54.0888 5120 srv - ok
08:24:54.0935 5120 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
08:24:54.0997 5120 srv2 - ok
08:24:55.0028 5120 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
08:24:55.0091 5120 srvnet - ok
08:24:55.0137 5120 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
08:24:55.0200 5120 SSDPSRV - ok
08:24:55.0231 5120 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
08:24:55.0309 5120 SstpSvc - ok
08:24:55.0465 5120 StarMoney 7.0 OnlineUpdate (e8606bf6be3b7481d95f1dd2e4f3fcba) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
08:24:55.0512 5120 StarMoney 7.0 OnlineUpdate - ok
08:24:55.0730 5120 StarMoney 8.0 OnlineUpdate (7e784dc5c7ce2c6f3c392ad320f5f2c0) C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
08:24:55.0777 5120 StarMoney 8.0 OnlineUpdate - ok
08:24:56.0354 5120 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
08:24:56.0401 5120 stexstor - ok
08:24:56.0479 5120 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
08:24:56.0713 5120 StiSvc - ok
08:24:56.0807 5120 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
08:24:56.0838 5120 swenum - ok
08:24:56.0900 5120 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
08:24:57.0009 5120 swprv - ok
08:24:57.0087 5120 SynTP (7a9025d8f7852b06d6d08ed536135e7e) C:\windows\system32\DRIVERS\SynTP.sys
08:24:57.0119 5120 SynTP - ok
08:24:57.0275 5120 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
08:24:57.0368 5120 SysMain - ok
08:24:57.0431 5120 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
08:24:57.0555 5120 TabletInputService - ok
08:24:57.0696 5120 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
08:24:57.0836 5120 TapiSrv - ok
08:24:57.0883 5120 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
08:24:58.0023 5120 TBS - ok
08:24:58.0226 5120 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
08:24:58.0335 5120 Tcpip - ok
08:24:58.0741 5120 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
08:24:58.0819 5120 TCPIP6 - ok
08:24:59.0115 5120 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
08:24:59.0225 5120 tcpipreg - ok
08:24:59.0271 5120 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
08:24:59.0318 5120 TDPIPE - ok
08:24:59.0412 5120 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
08:24:59.0459 5120 TDTCP - ok
08:24:59.0505 5120 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
08:24:59.0568 5120 tdx - ok
08:24:59.0615 5120 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
08:24:59.0646 5120 TermDD - ok
08:24:59.0740 5120 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
08:24:59.0834 5120 TermService - ok
08:24:59.0881 5120 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
08:24:59.0928 5120 Themes - ok
08:24:59.0974 5120 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:25:00.0052 5120 THREADORDER - ok
08:25:00.0084 5120 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
08:25:00.0177 5120 TrkWks - ok
08:25:00.0271 5120 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
08:25:00.0333 5120 TrustedInstaller - ok
08:25:00.0364 5120 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
08:25:00.0442 5120 tssecsrv - ok
08:25:00.0552 5120 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
08:25:00.0583 5120 TsUsbFlt - ok
08:25:00.0645 5120 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
08:25:00.0770 5120 tunnel - ok
08:25:00.0817 5120 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
08:25:00.0848 5120 uagp35 - ok
08:25:00.0910 5120 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
08:25:01.0066 5120 udfs - ok
08:25:01.0113 5120 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
08:25:01.0222 5120 UI0Detect - ok
08:25:01.0269 5120 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
08:25:01.0300 5120 uliagpkx - ok
08:25:01.0347 5120 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
08:25:01.0378 5120 umbus - ok
08:25:01.0410 5120 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
08:25:01.0456 5120 UmPass - ok
08:25:01.0628 5120 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
08:25:01.0675 5120 UMVPFSrv - ok
08:25:01.0737 5120 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
08:25:01.0831 5120 upnphost - ok
08:25:01.0893 5120 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
08:25:01.0940 5120 usbaudio - ok
08:25:01.0987 5120 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
08:25:02.0049 5120 usbccgp - ok
08:25:02.0112 5120 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
08:25:02.0158 5120 usbcir - ok
08:25:02.0205 5120 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
08:25:02.0236 5120 usbehci - ok
08:25:02.0314 5120 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
08:25:02.0439 5120 usbhub - ok
08:25:02.0486 5120 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
08:25:02.0564 5120 usbohci - ok
08:25:02.0611 5120 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
08:25:02.0658 5120 usbprint - ok
08:25:02.0751 5120 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
08:25:02.0814 5120 usbscan - ok
08:25:02.0876 5120 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:25:02.0954 5120 USBSTOR - ok
08:25:03.0001 5120 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
08:25:03.0063 5120 usbuhci - ok
08:25:03.0141 5120 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\system32\Drivers\usbvideo.sys
08:25:03.0219 5120 usbvideo - ok
08:25:03.0266 5120 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
08:25:03.0344 5120 UxSms - ok
08:25:03.0406 5120 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:25:03.0438 5120 VaultSvc - ok
08:25:03.0500 5120 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
08:25:03.0531 5120 vdrvroot - ok
08:25:03.0625 5120 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
08:25:03.0718 5120 vds - ok
08:25:03.0765 5120 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
08:25:03.0812 5120 vga - ok
08:25:03.0859 5120 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
08:25:03.0921 5120 VgaSave - ok
08:25:03.0968 5120 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
08:25:04.0015 5120 vhdmp - ok
08:25:04.0062 5120 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
08:25:04.0093 5120 viaagp - ok
08:25:04.0124 5120 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
08:25:04.0171 5120 ViaC7 - ok
08:25:04.0202 5120 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
08:25:04.0233 5120 viaide - ok
08:25:04.0249 5120 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
08:25:04.0280 5120 volmgr - ok
08:25:04.0342 5120 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
08:25:04.0374 5120 volmgrx - ok
08:25:04.0420 5120 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
08:25:04.0467 5120 volsnap - ok
08:25:04.0514 5120 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
08:25:04.0561 5120 vsmraid - ok
08:25:04.0686 5120 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
08:25:04.0795 5120 VSS - ok
08:25:04.0826 5120 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
08:25:04.0857 5120 vwifibus - ok
08:25:04.0920 5120 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
08:25:04.0966 5120 vwififlt - ok
08:25:04.0998 5120 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
08:25:05.0044 5120 vwifimp - ok
08:25:05.0091 5120 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
08:25:05.0185 5120 W32Time - ok
08:25:05.0232 5120 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
08:25:05.0278 5120 WacomPen - ok
08:25:05.0341 5120 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:25:05.0434 5120 WANARP - ok
08:25:05.0450 5120 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:25:05.0497 5120 Wanarpv6 - ok
08:25:05.0700 5120 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
08:25:05.0778 5120 WatAdminSvc - ok
08:25:06.0027 5120 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
08:25:06.0121 5120 wbengine - ok
08:25:06.0168 5120 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
08:25:06.0230 5120 WbioSrvc - ok
08:25:06.0292 5120 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
08:25:06.0370 5120 wcncsvc - ok
08:25:06.0402 5120 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
08:25:06.0448 5120 WcsPlugInService - ok
08:25:06.0511 5120 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
08:25:06.0542 5120 Wd - ok
08:25:06.0604 5120 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
08:25:06.0651 5120 Wdf01000 - ok
08:25:06.0714 5120 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:25:06.0792 5120 WdiServiceHost - ok
08:25:06.0807 5120 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:25:06.0854 5120 WdiSystemHost - ok
08:25:06.0901 5120 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
08:25:06.0963 5120 WebClient - ok
08:25:07.0010 5120 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
08:25:07.0088 5120 Wecsvc - ok
08:25:07.0119 5120 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
08:25:07.0182 5120 wercplsupport - ok
08:25:07.0244 5120 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
08:25:07.0322 5120 WerSvc - ok
08:25:07.0353 5120 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
08:25:07.0416 5120 WfpLwf - ok
08:25:07.0431 5120 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
08:25:07.0462 5120 WIMMount - ok
08:25:07.0603 5120 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
08:25:07.0681 5120 WinDefend - ok
08:25:07.0712 5120 WinHttpAutoProxySvc - ok
08:25:07.0806 5120 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
08:25:07.0868 5120 Winmgmt - ok
08:25:07.0993 5120 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
08:25:08.0133 5120 WinRM - ok
08:25:08.0227 5120 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
08:25:08.0289 5120 WinUsb - ok
08:25:08.0398 5120 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
08:25:08.0461 5120 Wlansvc - ok
08:25:08.0648 5120 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:25:08.0726 5120 wlidsvc - ok
08:25:08.0882 5120 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
08:25:08.0913 5120 WmiAcpi - ok
08:25:09.0007 5120 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
08:25:09.0085 5120 wmiApSrv - ok
08:25:09.0256 5120 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:25:09.0350 5120 WMPNetworkSvc - ok
08:25:09.0490 5120 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
08:25:09.0553 5120 WPCSvc - ok
08:25:09.0600 5120 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
08:25:09.0646 5120 WPDBusEnum - ok
08:25:09.0724 5120 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
08:25:09.0787 5120 ws2ifsl - ok
08:25:09.0818 5120 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
08:25:09.0880 5120 wscsvc - ok
08:25:09.0896 5120 WSearch - ok
08:25:10.0083 5120 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
08:25:10.0177 5120 wuauserv - ok
08:25:10.0333 5120 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
08:25:10.0395 5120 WudfPf - ok
08:25:10.0442 5120 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
08:25:10.0504 5120 WUDFRd - ok
08:25:10.0582 5120 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
08:25:10.0645 5120 wudfsvc - ok
08:25:10.0738 5120 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
08:25:10.0801 5120 WwanSvc - ok
08:25:10.0879 5120 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
08:25:11.0440 5120 \Device\Harddisk0\DR0 - ok
08:25:11.0456 5120 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
08:25:11.0565 5120 \Device\Harddisk1\DR1 - ok
08:25:11.0565 5120 Boot (0x1200) (21f9a82ddeb4df9cea3b7b9da55f8f8a) \Device\Harddisk0\DR0\Partition0
08:25:11.0565 5120 \Device\Harddisk0\DR0\Partition0 - ok
08:25:11.0596 5120 Boot (0x1200) (1cf201412f0213464cb101bf59833b11) \Device\Harddisk0\DR0\Partition1
08:25:11.0596 5120 \Device\Harddisk0\DR0\Partition1 - ok
08:25:11.0628 5120 Boot (0x1200) (f854311fe5e56e925d2359d3706f3093) \Device\Harddisk0\DR0\Partition2
08:25:11.0643 5120 \Device\Harddisk0\DR0\Partition2 - ok
08:25:11.0643 5120 Boot (0x1200) (3b5e81e7d305a01fcf364730bd0fe86d) \Device\Harddisk1\DR1\Partition0
08:25:11.0659 5120 \Device\Harddisk1\DR1\Partition0 - ok
08:25:11.0659 5120 ============================================================
08:25:11.0659 5120 Scan finished
08:25:11.0659 5120 ============================================================
08:25:11.0674 5292 Detected object count: 2
08:25:11.0674 5292 Actual detected object count: 2
08:26:04.0730 5292 C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe - copied to quarantine
08:26:04.0730 5292 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
08:26:04.0949 5292 C:\Program Files\ShadowExplorer\sesvc.exe - copied to quarantine
08:26:04.0949 5292 sesvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
KastorPollux |
|
13.07.2012, 16:03
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.Agent.CWIGen ShadowExplorer und was von Epson - wirst du notfalls neu- oder nachinstallieren müssen
__________________Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
13.07.2012, 18:18
| #18 |
| | Trojan.Agent.CWIGen Hallo Cosinus,
__________________hier ist der Combofix-Logfile: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-13.03 - Hans 13.07.2012 18:38:40.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3005.2074 [GMT 2:00]
ausgeführt von:: c:\users\Hans\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-13 bis 2012-07-13 ))))))))))))))))))))))))))))))
.
.
2012-07-13 16:47 . 2012-07-13 16:47 -------- d-----w- c:\users\Ingeborg\AppData\Local\temp
2012-07-13 16:47 . 2012-07-13 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 06:26 . 2012-07-13 06:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-12 16:22 . 2012-07-12 16:22 -------- d-----w- C:\_OTL
2012-07-12 04:10 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-12 04:10 . 2012-06-02 09:08 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-12 04:10 . 2012-06-02 08:22 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-07-12 04:10 . 2012-06-02 08:21 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-07-12 04:10 . 2012-06-02 08:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-12 04:10 . 2012-06-02 08:33 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-07-12 04:10 . 2012-06-02 08:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-07-12 04:09 . 2012-06-02 09:08 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-07-12 04:09 . 2012-06-02 08:27 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-12 04:09 . 2012-06-02 08:26 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-12 04:09 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-12 04:04 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 20:28 . 2012-07-11 20:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-11 20:27 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 20:27 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 20:27 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 20:27 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 20:27 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 20:27 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 20:27 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 20:27 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 20:27 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 20:27 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 20:26 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 20:26 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 20:26 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 20:26 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 20:26 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-09 18:25 . 2012-07-11 13:31 -------- d-----w- C:\TEMP
2012-07-09 18:01 . 2012-07-09 18:01 -------- d-----w- c:\users\Hans\AppData\Roaming\JPEGsnoop
2012-07-09 17:38 . 2012-07-09 17:38 -------- d-----w- c:\users\Hans\AppData\Roaming\www.shadowexplorer.com
2012-07-09 17:38 . 2012-07-09 17:38 -------- d-----w- c:\program files\ShadowExplorer
2012-07-04 09:40 . 2012-07-04 09:40 -------- d-----w- c:\program files\ESET
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-25 07:34 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 07:34 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 07:34 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 07:34 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 07:33 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-25 07:33 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 07:33 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 07:33 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 07:33 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 19:43 . 2012-06-23 19:43 -------- d-----w- c:\users\Hans\AppData\Roaming\Malwarebytes
2012-06-23 17:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-23 17:37 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-23 17:37 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-23 17:37 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-23 17:37 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-23 17:37 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-23 17:37 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-23 17:37 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-23 17:36 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-23 17:34 . 2012-06-23 17:34 -------- d-----w- c:\users\Ingeborg\AppData\Roaming\Malwarebytes
2012-06-23 17:34 . 2012-06-23 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-23 17:34 . 2012-06-23 17:34 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 17:34 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 16:22 . 2012-04-28 15:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 16:22 . 2011-05-16 04:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-30 04:50 . 2012-05-30 04:50 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"ChromeFrameHelper"="c:\users\Hans\AppData\Local\Google\Chrome\Application\20.0.1132.57\chrome_frame_helper.exe" [2012-07-10 96792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"ConnectionCenter"="c:\users\Hans\AppData\Local\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [x]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
S2 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [x]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [x]
S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 36018540
*Deregistered* - 36018540
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 16:22]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 20:34]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 20:34]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1008Core.job
- c:\users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 11:26]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1008UA.job
- c:\users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 11:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 78.42.43.62 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-SmartDraw VP - c:\smartd~1\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5784)
c:\program files\McAfee Online Backup\MOBKshell.dll
.
Zeit der Fertigstellung: 2012-07-13 18:49:17
ComboFix-quarantined-files.txt 2012-07-13 16:49
.
Vor Suchlauf: 10 Verzeichnis(se), 86.486.671.360 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 86.383.177.728 Bytes frei
.
- - End Of File - - E7DE66F63D9FA520E072DF46AE4EDC51
Kann ich die TDSS quarantänisierten files nicht zurückbenennen und an den alten Ort zurückkopieren? Vielen Dank KastorPollux |
|
13.07.2012, 21:41
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent.CWIGen Mir ist keine einfach Möglichkeit bekannt, wie man Elemente aus der TDSS-Killer-Q einfach per Knopfdruck recovern kann. Ich hoffe dafür gibt es in zukunfigen Versionen mal so eine Funktion. Bis dahin heißt es einfach die Anleitungen richtig lesen und umsetzen! Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.07.2012, 14:45
| #20 |
| | Trojan.Agent.CWIGen Hallo Cosinus, Es folgen der logfile von Gmer (als Anhang) und OSAM. aswMBR ist 3 mal an derselben Stelle abgestürzt. Einen Screenshot mit der Fehlermeldung habe ich angehängt. OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:39:31 on 14.07.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1008Core.job" - "Google Inc." - C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1008UA.job" - "Google Inc." - C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\Users\Hans\AppData\Local\Temp\catchme.sys (File not found) "Citrix USB Monitor Driver" (ctxusbm) - "Citrix Systems, Inc." - C:\windows\System32\DRIVERS\ctxusbm.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys "Huawei MobileBroadband USB PNP Device" (ew_hwusbdev) - ? - C:\windows\System32\DRIVERS\ew_hwusbdev.sys (File not found) "huawei_cdcacm" (huawei_cdcacm) - ? - C:\windows\System32\DRIVERS\ew_jucdcacm.sys (File not found) "huawei_enumerator" (huawei_enumerator) - ? - C:\windows\System32\DRIVERS\ew_jubusenum.sys (File not found) "kxdyikow" (kxdyikow) - ? - C:\Users\Hans\AppData\Local\Temp\kxdyikow.sys (Hidden registry entry, rootkit activity | File not found) "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbamswissarmy.sys "McAfee Inc." (mfeavfk01) - ? - C:\windows\system32\drivers\mfeavfk01.sys (File not found) "MOBKFilter" (MOBKFilter) - "Mozy, Inc." - C:\windows\System32\DRIVERS\MOBK.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\windows\System32\Drivers\PxHelp20.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll {3EF5086B-5478-4598-A054-786C45D75692} "McInternetProtocolRoot Class" - "McAfee, Inc." - c:\progra~1\mcafee\msc\mcsniepl.dll {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {781bca65-20ed-8f6a-368f-b523ec4f51b2} "McAfee Online Backup" - "McAfee, Inc." - C:\Program Files\McAfee Online Backup\MOBKshell.dll {3c3f3c1a-9153-7c05-f938-622e7003894d} "McAfee Online Backup Shell-Erweiterungen" - "McAfee, Inc." - C:\Program Files\McAfee Online Backup\MOBKshell.dll {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} "McAfee Online Backup Shell-Erweiterungen Icon Overlay 2" - "McAfee, Inc." - C:\Program Files\McAfee Online Backup\MOBKshell.dll {b4caf489-1eec-c617-49ad-8d7088598c06} "McAfee Online Backup Shell-Erweiterungen Icon Overlay 3" - "McAfee, Inc." - C:\Program Files\McAfee Online Backup\MOBKshell.dll {AF6FB31C-95D0-4A0E-8AFE-099969D8B689} "McAfee-Depots" - "McAfee, Inc." - c:\progra~1\mcafee\mat\mcpvns.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} "Sprint.ExplorerIntegration.9" - "ABBYY" - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL {7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120624094824.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\windows\system32\livessp.dll [Logon] -----( %APPDATA%\Xdtsrk )----- "desktop.ini" - ? - C:\Users\Hans\AppData\Roaming\Xdtsrk\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ChromeFrameHelper" - "Google Inc." - "C:\Users\Hans\AppData\Local\Google\Chrome\Application\20.0.1132.57\chrome_frame_helper.exe" --startup "OfficeSyncProcess" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices "ConnectionCenter" - "Citrix Systems, Inc." - "C:\Users\Hans\AppData\Local\Citrix\ICA Client\concentr.exe" /startup "EEventManager" - "SEIKO EPSON CORPORATION" - "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide "McPvTray_exe" - "McAfee, Inc." - "C:\Program Files\McAfee\MAT\McPvTray.exe" "mcui_exe" - "McAfee, Inc." - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey "PMBVolumeWatcher" - "Sony Corporation" - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EpsonNet Print Port" - "SEIKO EPSON CORPORATION" - C:\windows\system32\enppmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "1%" (MOBKbackup) - "McAfee, Inc." - C:\Program Files\McAfee Online Backup\MOBKbackup.exe "ABBYY FineReader 9.0 Sprint Licensing Service" (ABBYY.Licensing.FineReader.Sprint.9.0) - "ABBYY" - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "EpsonBidirectionalService" (EpsonBidirectionalService) - "SEIKO EPSON CORPORATION" - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "McAfee Anti-Spam Service" (MSK80Service) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe "McAfee Firewall Core Service" (mfefire) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe "McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe "McAfee Network Agent" (McNASvc) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe "McAfee Personal Firewall Service" (McMPFSvc) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe "McAfee Proxy Service" (McProxy) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe "McAfee Scanner" (McODS) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan\mcods.exe "McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe "McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe "McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe "McAfee VirusScan Announcer" (McNaiAnn) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE "Oberon Media Game Console service" (OberonGameConsoleService) - ? - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "PMBDeviceInfoProvider" (PMBDeviceInfoProvider) - "Sony Corporation" - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe "Radio.fx Server" (Radio.fx) - ? - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe "ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files\ShadowExplorer\sesvc.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe "StarMoney 8.0 OnlineUpdate" (StarMoney 8.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== KastorPollux |
|
14.07.2012, 15:56
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent.CWIGen zu aswMBR gab es extra ganz unten von mir deswegen einen Hinweis!
__________________ --> Trojan.Agent.CWIGen |
|
14.07.2012, 17:56
| #22 |
| | Trojan.Agent.CWIGen Danke für den Hinweis, ich dachte ich könnte lesen. Hier folgt der LOGfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-14 18:48:27
-----------------------------
18:48:27.177 OS Version: Windows 6.1.7601 Service Pack 1
18:48:27.177 Number of processors: 2 586 0x170A
18:48:27.177 ComputerName: INGEBORG-PC UserName: Hans
18:48:27.770 Initialize success
18:48:32.843 AVAST engine defs: 12071400
18:49:19.928 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:49:19.928 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
18:49:20.006 Disk 0 MBR read successfully
18:49:20.006 Disk 0 MBR scan
18:49:20.021 Disk 0 unknown MBR code
18:49:20.037 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
18:49:20.053 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
18:49:20.068 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 144890 MB offset 31664128
18:49:20.099 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 60276 MB offset 328398848
18:49:20.115 Disk 0 scanning sectors +451844096
18:49:20.177 Disk 0 scanning C:\windows\system32\drivers
18:49:32.018 Service scanning
18:50:03.156 Modules scanning
18:50:11.798 Disk 0 trace - called modules:
18:50:11.829 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
18:50:11.845 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871b6030]
18:50:11.845 3 CLASSPNP.SYS[8c40459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86341028]
18:50:11.845 Scan finished successfully
18:50:35.276 Disk 0 MBR has been saved successfully to "C:\Users\Hans\Desktop\MBR.dat"
18:50:35.292 The log file has been saved successfully to "C:\Users\Hans\Desktop\aswMBR.txt"
KastorPollux |
|
14.07.2012, 21:45
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent.CWIGen Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2012, 09:08
| #24 |
| | Trojan.Agent.CWIGen Hallo Cosinus, hier folgt das LOG: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-15 09:51:14
-----------------------------
09:51:14.739 OS Version: Windows 6.1.7601 Service Pack 1
09:51:14.739 Number of processors: 2 586 0x170A
09:51:14.754 ComputerName: INGEBORG-PC UserName: Hans
09:51:16.143 Initialize success
09:51:24.504 AVAST engine defs: 12071400
09:51:37.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:51:37.405 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
09:51:37.452 Disk 0 MBR read successfully
09:51:37.452 Disk 0 MBR scan
09:51:37.467 Disk 0 Windows 7 default MBR code
09:51:37.483 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
09:51:37.514 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
09:51:37.530 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 144890 MB offset 31664128
09:51:37.577 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 60276 MB offset 328398848
09:51:37.592 Disk 0 scanning sectors +451844096
09:51:37.701 Disk 0 scanning C:\windows\system32\drivers
09:51:53.475 Service scanning
09:52:31.509 Modules scanning
09:52:42.336 Disk 0 trace - called modules:
09:52:42.367 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
09:52:42.383 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871b77f0]
09:52:42.383 3 CLASSPNP.SYS[8c6ef59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86342028]
09:52:42.399 Scan finished successfully
09:53:32.272 Disk 0 MBR has been saved successfully to "C:\Users\Hans\Desktop\MBR.dat"
09:53:32.288 The log file has been saved successfully to "C:\Users\Hans\Desktop\aswMBR2.txt"
KastorPollux |
|
15.07.2012, 16:54
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent.CWIGen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2012, 21:44
| #26 |
| | Trojan.Agent.CWIGen Hallo Cosinus, hier sind ide beiden LOGS: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.15.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Hans :: INGEBORG-PC [Administrator] 15.07.2012 18:41:29 mbam-log-2012-07-15 (18-41-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 386644 Laufzeit: 1 Stunde(n), 40 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/15/2012 at 10:26 PM
Application Version : 5.5.1006
Core Rules Database Version : 8902
Trace Rules Database Version: 6714
Scan type : Complete Scan
Total Scan Time : 01:27:33
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 882
Memory threats detected : 0
Registry items scanned : 37555
Registry threats detected : 0
File items scanned : 138600
File threats detected : 295
Adware.Tracking Cookie
C:\USERS\HANS\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5DDCSIF.txt [ Cookie:hans@www.google.de/accounts ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\OL6E3XXR.txt [ Cookie:ingeborg@c.atdmt.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\ingeborg@content.yieldmanager[1].txt [ Cookie:ingeborg@content.yieldmanager.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\ingeborg@wasistsocialmedia[1].txt [ Cookie:ingeborg@wasistsocialmedia.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@tracking.hannoversche[1].txt [ Cookie:ingeborg@tracking.hannoversche.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\X5IX4DAL.txt [ Cookie:ingeborg@doubleclick.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\PMMMZ09I.txt [ Cookie:ingeborg@interclick.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@mediamarkt[2].txt [ Cookie:ingeborg@mediamarkt.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ad2.adfarm1.adition[1].txt [ Cookie:ingeborg@ad2.adfarm1.adition.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZWZY1PBZ.txt [ Cookie:ingeborg@zanox-affiliate.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@vodafonegroup.122.2o7[1].txt [ Cookie:ingeborg@vodafonegroup.122.2o7.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@rotator.adjuggler[2].txt [ Cookie:ingeborg@rotator.adjuggler.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\U3KXTB6O.txt [ Cookie:ingeborg@media6degrees.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@swrmediathek[2].txt [ Cookie:ingeborg@swrmediathek.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ads.pointroll[1].txt [ Cookie:ingeborg@ads.pointroll.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@e-2dj6whk4kpd5igp.stats.esomniture[2].txt [ Cookie:ingeborg@e-2dj6whk4kpd5igp.stats.esomniture.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\N4A2SCW3.txt [ Cookie:ingeborg@track.effiliation.com/servlet/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@adbrite[2].txt [ Cookie:ingeborg@adbrite.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\JCV8OELI.txt [ Cookie:ingeborg@ad2.adfarm1.adition.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@www.piloh[1].txt [ Cookie:ingeborg@www.piloh.de/stats/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\WZ0FRR2M.txt [ Cookie:ingeborg@adfarm1.adition.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\DNNUBB6T.txt [ Cookie:ingeborg@google.com/accounts/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZBF1HAXD.txt [ Cookie:ingeborg@fastclick.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\F04Q6XNL.txt [ Cookie:ingeborg@tracking.mindshare.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\JM17ZN1I.txt [ Cookie:ingeborg@tradedoubler.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\CLYC46H7.txt [ Cookie:ingeborg@stat.dealtime.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@clkads[3].txt [ Cookie:ingeborg@clkads.com/adServe/static/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@collective-media[1].txt [ Cookie:ingeborg@collective-media.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\WIKFNZYG.txt [ Cookie:ingeborg@apmebf.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@pointroll[2].txt [ Cookie:ingeborg@pointroll.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[1].txt [ Cookie:ingeborg@de.sitestat.com/sport1/sport1-de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\LUNT2I62.txt [ Cookie:ingeborg@ad4.adfarm1.adition.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUSL4C7K.txt [ Cookie:ingeborg@traffictrack.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@chitika[2].txt [ Cookie:ingeborg@chitika.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\P7GM4CSL.txt [ Cookie:ingeborg@smartadserver.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\DJKVAPV2.txt [ Cookie:ingeborg@statse.webtrendslive.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\RB6GOKYR.txt [ Cookie:ingeborg@imrworldwide.com/cgi-bin ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ad.adnet[1].txt [ Cookie:ingeborg@ad.adnet.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\O1YKV2QV.txt [ Cookie:ingeborg@eas.apm.emediate.eu/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@stats.paypal[2].txt [ Cookie:ingeborg@stats.paypal.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:ingeborg@microsoftinternetexplorer.112.2o7.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\UIMR7O4C.txt [ Cookie:ingeborg@paypal.112.2o7.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ads.quartermedia[2].txt [ Cookie:ingeborg@ads.quartermedia.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@adx.chip[2].txt [ Cookie:ingeborg@adx.chip.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\TYVVVULH.txt [ Cookie:ingeborg@webmasterplan.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\2YJ9N8MG.txt [ Cookie:ingeborg@www.active-tracking.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ru4[1].txt [ Cookie:ingeborg@ru4.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@www.brands4friends[3].txt [ Cookie:ingeborg@www.brands4friends.de/account/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@cmpmedica.112.2o7[1].txt [ Cookie:ingeborg@cmpmedica.112.2o7.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\98NTAK5J.txt [ Cookie:ingeborg@serving-sys.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\K4Q7OL3U.txt [ Cookie:ingeborg@ad.zanox.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ILFY3F1H.txt [ Cookie:ingeborg@invitemedia.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@srbg[2].txt [ Cookie:ingeborg@srbg.de/stats/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@zieltrack[1].txt [ Cookie:ingeborg@zieltrack.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@asco.122.2o7[1].txt [ Cookie:ingeborg@asco.122.2o7.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@cdn5.specificclick[1].txt [ Cookie:ingeborg@cdn5.specificclick.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\7K5RT0A9.txt [ Cookie:ingeborg@tomtailor.dyntracker.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\GLVWD0TN.txt [ Cookie:ingeborg@im.banner.t-online.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@e-2dj6wjmysjajihp.stats.esomniture[2].txt [ Cookie:ingeborg@e-2dj6wjmysjajihp.stats.esomniture.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@adlegend[2].txt [ Cookie:ingeborg@adlegend.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@tripod[2].txt [ Cookie:ingeborg@tripod.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@c.gigcount[1].txt [ Cookie:ingeborg@c.gigcount.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\P7ZB50K6.txt [ Cookie:ingeborg@pg2.solution.weborama.fr/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\0ENBU791.txt [ Cookie:ingeborg@adtech.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\724UYAMB.txt [ Cookie:ingeborg@revsci.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@rw.motorpresse-statistik[1].txt [ Cookie:ingeborg@rw.motorpresse-statistik.de/track/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\IFGKWGWH.txt [ Cookie:ingeborg@de.at.atwola.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\5HJHFH1J.txt [ Cookie:ingeborg@track.adform.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\311841DS.txt [ Cookie:ingeborg@stat.onestat.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@revsci[1].txt [ Cookie:ingeborg@revsci.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@pro-market[2].txt [ Cookie:ingeborg@pro-market.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@revenue[2].txt [ Cookie:ingeborg@revenue.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@microsoftsto.112.2o7[1].txt [ Cookie:ingeborg@microsoftsto.112.2o7.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@bizrate[3].txt [ Cookie:ingeborg@bizrate.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\H6J0GBB9.txt [ Cookie:ingeborg@wm.wiredminds.de/track/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\S3CO18M3.txt [ Cookie:ingeborg@ad1.adfarm1.adition.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\M3QTJWBN.txt [ Cookie:ingeborg@ad.dyntracker.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@liveperson[3].txt [ Cookie:ingeborg@liveperson.net/hc/LPneimanmarcus ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\VRPB6AYT.txt [ Cookie:ingeborg@adform.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@sleep-tracker[2].txt [ Cookie:ingeborg@sleep-tracker.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@w00tpublishers.wootmedia[1].txt [ Cookie:ingeborg@w00tpublishers.wootmedia.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@tracking.klicktel[2].txt [ Cookie:ingeborg@tracking.klicktel.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@s3.trafficmaxx[1].txt [ Cookie:ingeborg@s3.trafficmaxx.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@www.zieltracker[2].txt [ Cookie:ingeborg@www.zieltracker.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\EKDTIDNZ.txt [ Cookie:ingeborg@tracking.quisma.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[2].txt [ Cookie:ingeborg@de.sitestat.com/sport1/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@www1.addfreestats[1].txt [ Cookie:ingeborg@www1.addfreestats.com/cgi-bin ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@nextag[1].txt [ Cookie:ingeborg@nextag.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[3].txt [ Cookie:ingeborg@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@himedia.individuad[2].txt [ Cookie:ingeborg@himedia.individuad.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\MFY0ROX4.txt [ Cookie:ingeborg@amazon-adsystem.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@dealtime[1].txt [ Cookie:ingeborg@dealtime.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\PR19NEK4.txt [ Cookie:ingeborg@lucidmedia.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@clicks.pangora[2].txt [ Cookie:ingeborg@clicks.pangora.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@wasistsocialmedia[1].txt [ Cookie:ingeborg@wasistsocialmedia.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[4].txt [ Cookie:ingeborg@de.sitestat.com/is24/is24/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\VUXY79NG.txt [ Cookie:ingeborg@content.yieldmanager.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@fantasystats[1].txt [ Cookie:ingeborg@fantasystats.info/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@microsoftwindows.112.2o7[1].txt [ Cookie:ingeborg@microsoftwindows.112.2o7.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@keyword-advertising.web[1].txt [ Cookie:ingeborg@keyword-advertising.web.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@microsoftmachinetranslation.112.2o7[1].txt [ Cookie:ingeborg@microsoftmachinetranslation.112.2o7.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\4PWA1GYY.txt [ Cookie:ingeborg@accounts.google.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\R9SJ2CFV.txt [ Cookie:ingeborg@yieldmanager.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\6RRD077S.txt [ Cookie:ingeborg@frontlinegmbh.122.2o7.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[7].txt [ Cookie:ingeborg@de.sitestat.com/ing-diba/de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ad.adition[2].txt [ Cookie:ingeborg@ad.adition.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\XOA1MURA.txt [ Cookie:ingeborg@yadro.ru/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@adxpose[2].txt [ Cookie:ingeborg@adxpose.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\B9AKUKSC.txt [ Cookie:ingeborg@horyzon-media.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\B0F0JU7C.txt [ Cookie:ingeborg@forexyard.advertserve.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\FNXVVI39.txt [ Cookie:ingeborg@www.google.de/accounts ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@anrtx.tacoda[1].txt [ Cookie:ingeborg@anrtx.tacoda.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ANMW0KCP.txt [ Cookie:ingeborg@tracker.citizenhawk.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJSY8DCA.txt [ Cookie:ingeborg@estat.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\T734NYAJ.txt [ Cookie:ingeborg@histats.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ad.adserver01[1].txt [ Cookie:ingeborg@ad.adserver01.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\0M2CBYJW.txt [ Cookie:ingeborg@www.burstnet.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\P06W0H5L.txt [ Cookie:ingeborg@e-2dj6aelosjc5ccp.stats.esomniture.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\F84DQIBL.txt [ Cookie:ingeborg@www.zanox-affiliate.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZNPP1K16.txt [ Cookie:ingeborg@bestwestern.solution.weborama.fr/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BASS1ZV.txt [ Cookie:ingeborg@track.webtrekk.de/565556556123999/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\U8MQNQRF.txt [ Cookie:ingeborg@deutschepostag.112.2o7.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\EA92MCUY.txt [ Cookie:ingeborg@studivz.adfarm1.adition.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\YOYZNXRH.txt [ Cookie:ingeborg@eyewonder.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\AWS255T1.txt [ Cookie:ingeborg@at.atwola.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\97YNQJFT.txt [ Cookie:ingeborg@ar.atwola.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\X9JY76RR.txt [ Cookie:ingeborg@guj.122.2o7.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\LQIDO06Y.txt [ Cookie:ingeborg@kantarmedia.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\JEOLS65D.txt [ Cookie:ingeborg@www.google.com/settings/ads/preferences/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[10].txt [ Cookie:ingeborg@de.sitestat.com/ndr/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\4T6M281Q.txt [ Cookie:ingeborg@uk.at.atwola.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\EVH71VZ7.txt [ Cookie:ingeborg@unitymedia.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@insightexpressai[1].txt [ Cookie:ingeborg@insightexpressai.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@webstats.usz[1].txt [ Cookie:ingeborg@webstats.usz.ch/dcskr604d100008yvtp08umg1_4m8p ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\O5FEZYL2.txt [ Cookie:ingeborg@labelfinder.style.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\R6I8B94H.txt [ Cookie:ingeborg@eas4.emediate.eu/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ads.mikinimedia[1].txt [ Cookie:ingeborg@ads.mikinimedia.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\TVZI0TT5.txt [ Cookie:ingeborg@www.google.com/accounts ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\5RDO2H2K.txt [ Cookie:ingeborg@e-2dj6wnkoglajsgo.stats.esomniture.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[8].txt [ Cookie:ingeborg@de.sitestat.com/sueddeutscher/stuttgarter-zeitung/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\39U7KU8K.txt [ Cookie:ingeborg@www4.smartadserver.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\84NVPLFF.txt [ Cookie:ingeborg@specificclick.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ME44MQCE.txt [ Cookie:ingeborg@www.googleadservices.com/pagead/conversion/1070624563/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\6Q0HORN6.txt [ Cookie:ingeborg@conrad.122.2o7.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@liveperson[1].txt [ Cookie:ingeborg@liveperson.net/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\11A8XT9V.txt [ Cookie:ingeborg@moviepilot.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z6BPVIO1.txt [ Cookie:ingeborg@adserver.kino-zeit.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\EI00H0S3.txt [ Cookie:ingeborg@www.moviepilot.de/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\WBMHSFJK.txt [ Cookie:ingeborg@liveperson.net/hc/10599399 ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\TPHCTS7S.txt [ Cookie:ingeborg@bs.serving-sys.com/ ]
C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\L5BAH08O.txt [ Cookie:ingeborg@ww251.smartadserver.com/ ]
C:\USERS\INGEBORG\Cookies\OL6E3XXR.txt [ Cookie:ingeborg@c.atdmt.com/ ]
C:\USERS\INGEBORG\Cookies\ingeborg@content.yieldmanager[1].txt [ Cookie:ingeborg@content.yieldmanager.com/ ]
C:\USERS\INGEBORG\Cookies\ingeborg@wasistsocialmedia[1].txt [ Cookie:ingeborg@wasistsocialmedia.de/ ]
.doubleclick.net [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.adfarm1.adition.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adfarm1.adition.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tradefx.advertserve.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter-go.de [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.adserver01.de [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.mlsat02.de [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adviva.net [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ADVIVA[1].TXT [ /ADVIVA ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@AD4.ADFARM1.ADITION[2].TXT [ /AD4.ADFARM1.ADITION ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ATDMT[2].TXT [ /ATDMT ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ADBRITE[1].TXT [ /ADBRITE ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@IM.BANNER.T-ONLINE[2].TXT [ /IM.BANNER.T-ONLINE ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@MEDIAMARKT[2].TXT [ /MEDIAMARKT ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ATDMT[1].TXT [ /ATDMT ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ADXPOSE[1].TXT [ /ADXPOSE ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ADVERTISING[1].TXT [ /ADVERTISING ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@REVSCI[2].TXT [ /REVSCI ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@AD1.ADFARM1.ADITION[2].TXT [ /AD1.ADFARM1.ADITION ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@TACODA.AT.ATWOLA[2].TXT [ /TACODA.AT.ATWOLA ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@DE.AT.ATWOLA[1].TXT [ /DE.AT.ATWOLA ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@EAS.APM.EMEDIATE[2].TXT [ /EAS.APM.EMEDIATE ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@FASTCLICK[1].TXT [ /FASTCLICK ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@XITI[1].TXT [ /XITI ]
.apmebf.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tradefx.advertserve.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\INGEBORG@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\INGEBORG@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\INGEBORG@AD.YIELDMANAGER[3].TXT [ /AD.YIELDMANAGER ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\INGEBORG@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@SONYEUROPE.112.2O7[1].TXT [ /SONYEUROPE.112.2O7 ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@XITI[2].TXT [ /XITI ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@BIZRATE[1].TXT [ /BIZRATE ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@AD.WEB.BAZ[1].TXT [ /AD.WEB.BAZ ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADSERVER.YOPI[1].TXT [ /ADSERVER.YOPI ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@DATA.COREMETRICS[1].TXT [ /DATA.COREMETRICS ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@XITI[1].TXT [ /XITI ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ICE.112.2O7[1].TXT [ /ICE.112.2O7 ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@SERVE.ADVERTONIC[2].TXT [ /SERVE.ADVERTONIC ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.MYSWITZERLAND[1].TXT [ /ADS.MYSWITZERLAND ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@TRACK.EFFILIATION[1].TXT [ /TRACK.EFFILIATION ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@SERVING-SYS[2].TXT [ /SERVING-SYS ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@WWW.GOOGLEADSERVICES[9].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ATDMT[3].TXT [ /ATDMT ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@REALMEDIA[1].TXT [ /REALMEDIA ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADECN[1].TXT [ /ADECN ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADVERTISING[1].TXT [ /ADVERTISING ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@KABELBW.112.2O7[1].TXT [ /KABELBW.112.2O7 ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ZBOX.ZANOX[2].TXT [ /ZBOX.ZANOX ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@APMEBF[2].TXT [ /APMEBF ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.PUBMATIC[2].TXT [ /ADS.PUBMATIC ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@EHG-ARTNETWORLDWIDE.HITBOX[2].TXT [ /EHG-ARTNETWORLDWIDE.HITBOX ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.AD4GAME[2].TXT [ /ADS.AD4GAME ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@RAINBOWMEDIA.122.2O7[1].TXT [ /RAINBOWMEDIA.122.2O7 ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@WEBSTATS.USZ[3].TXT [ /WEBSTATS.USZ ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@GENERALTRACKING[1].TXT [ /GENERALTRACKING ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@CLICKBANK[1].TXT [ /CLICKBANK ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@TRACKER.ISSUU[1].TXT [ /TRACKER.ISSUU ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ATDMT[1].TXT [ /ATDMT ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.123RECHT[1].TXT [ /ADS.123RECHT ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@NEXTAG[2].TXT [ /NEXTAG ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ZEDO[2].TXT [ /ZEDO ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@HITBOX[2].TXT [ /HITBOX ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.IMMOBILIENSCOUT24[1].TXT [ /ADS.IMMOBILIENSCOUT24 ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@TRACK.OZONION[1].TXT [ /TRACK.OZONION ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@CONTENT.YIELDMANAGER[4].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@GENENTECH.122.2O7[1].TXT [ /GENENTECH.122.2O7 ]
C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]
KastorPollux |
|
16.07.2012, 14:36
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent.CWIGen Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan.Agent.CWIGen |
| administrator, anti-malware, anweisung, appdata, autostart, dateien, dateisystem, entschlüsseln, erfolgreich, erhalte, explorer, folge, folgende, gelöscht, heuristiks/extra, heuristiks/shuriken, logfile, malwarebytes, minute, quarantäne, rechner, registrierung, roaming, schlüsseln, service, speicher, temp, trojan.agent.cwigen, version |
Linear-Darstellung
