| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.07.2012, 14:54
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-3719525052-158936444-3296064491-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fa80945e-8b03-11e1-a81e-001617ef09bb}\Shell - "" = AutoRun
O33 - MountPoints2\{fa80945e-8b03-11e1-a81e-001617ef09bb}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{fa80945e-8b03-11e1-a81e-001617ef09bb}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
:Files
C:\ProgramData\0C1CFAE730E3C3E7F70FE066F875F002
C:\Users\Bleibdoof_2\AppData\Local\{867760fd-04c3-f3d9-19c3-4af6794328c3}\U
C:\Users\Bleibdoof_2\AppData\Local\{867760fd-04c3-f3d9-19c3-4af6794328c3}\@
C:\Users\Bleibdoof_2\AppData\Roaming\Ahux
C:\Users\Bleibdoof_2\AppData\Roaming\Usyze
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.07.2012, 18:39
| #17 |
 | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Moin!
__________________Nach dem Durchlauf wurde ich aufgefordert neu zu starten, es wurde aber kein Log-File geöffnet. Der Neustart hing irgendwie, da musste ich manuell nachhelfen. Danach wurde auch kein Log-File geöffnet. Ich habe mal in dem von dir beschriebenen Ordner geschaut, da ist das folgende Textdokument drin: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3719525052-158936444-3296064491-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa80945e-8b03-11e1-a81e-001617ef09bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa80945e-8b03-11e1-a81e-001617ef09bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa80945e-8b03-11e1-a81e-001617ef09bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa80945e-8b03-11e1-a81e-001617ef09bb}\ not found.
File F:\setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa80945e-8b03-11e1-a81e-001617ef09bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa80945e-8b03-11e1-a81e-001617ef09bb}\ not found.
File F:\Directx\dxsetup.exe not found.
========== FILES ==========
C:\ProgramData\0C1CFAE730E3C3E7F70FE066F875F002 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\Local\{867760fd-04c3-f3d9-19c3-4af6794328c3}\U folder moved successfully.
C:\Users\Bleibdoof_2\AppData\Local\{867760fd-04c3-f3d9-19c3-4af6794328c3}\@ moved successfully.
C:\Users\Bleibdoof_2\AppData\Roaming\Ahux folder moved successfully.
C:\Users\Bleibdoof_2\AppData\Roaming\Usyze folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Bleibdoof
->Temp folder emptied: 368055782 bytes
->Temporary Internet Files folder emptied: 45213387 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1135 bytes
User: Bleibdoof_2
->Temp folder emptied: 6326513 bytes
->Temporary Internet Files folder emptied: 237622928 bytes
->Opera cache emptied: 22325359 bytes
->Flash cache emptied: 8276 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 220844638 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 14692711860 bytes
Total Files Cleaned = 14.905,00 mb
[EMPTYFLASH]
User: All Users
User: Bleibdoof
->Flash cache emptied: 0 bytes
User: Bleibdoof_2
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.0 log created on 07212012_191402
Danke mal wieder! |
|
23.07.2012, 13:59
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
23.07.2012, 19:16
| #19 |
| | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Hier das Ergebnis: Code:
ATTFilter 20:10:41.0006 1944 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
20:10:41.0240 1944 ============================================================
20:10:41.0240 1944 Current date / time: 2012/07/23 20:10:41.0240
20:10:41.0240 1944 SystemInfo:
20:10:41.0240 1944
20:10:41.0240 1944 OS Version: 6.1.7601 ServicePack: 1.0
20:10:41.0240 1944 Product type: Workstation
20:10:41.0240 1944 ComputerName: BLEIBDOOF-PC
20:10:41.0240 1944 UserName: Bleibdoof
20:10:41.0240 1944 Windows directory: C:\Windows
20:10:41.0240 1944 System windows directory: C:\Windows
20:10:41.0240 1944 Running under WOW64
20:10:41.0240 1944 Processor architecture: Intel x64
20:10:41.0240 1944 Number of processors: 2
20:10:41.0240 1944 Page size: 0x1000
20:10:41.0240 1944 Boot type: Normal boot
20:10:41.0240 1944 ============================================================
20:10:42.0303 1944 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:42.0318 1944 ============================================================
20:10:42.0318 1944 \Device\Harddisk0\DR0:
20:10:42.0334 1944 MBR partitions:
20:10:42.0334 1944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
20:10:42.0334 1944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x2878C45B
20:10:42.0334 1944 ============================================================
20:10:42.0365 1944 C: <-> \Device\Harddisk0\DR0\Partition0
20:10:42.0381 1944 D: <-> \Device\Harddisk0\DR0\Partition1
20:10:42.0381 1944 ============================================================
20:10:42.0381 1944 Initialize success
20:10:42.0381 1944 ============================================================
20:11:08.0428 3008 ============================================================
20:11:08.0428 3008 Scan started
20:11:08.0428 3008 Mode: Manual; SigCheck; TDLFS;
20:11:08.0428 3008 ============================================================
20:11:09.0287 3008 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:11:09.0365 3008 1394ohci - ok
20:11:09.0412 3008 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:11:09.0428 3008 ACPI - ok
20:11:09.0443 3008 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:11:09.0506 3008 AcpiPmi - ok
20:11:09.0599 3008 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:11:09.0615 3008 AdobeARMservice - ok
20:11:09.0709 3008 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:11:09.0709 3008 AdobeFlashPlayerUpdateSvc - ok
20:11:09.0771 3008 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:11:09.0787 3008 adp94xx - ok
20:11:09.0849 3008 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:11:09.0865 3008 adpahci - ok
20:11:09.0896 3008 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:11:09.0912 3008 adpu320 - ok
20:11:09.0943 3008 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:11:10.0053 3008 AeLookupSvc - ok
20:11:10.0115 3008 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:11:10.0162 3008 AFD - ok
20:11:10.0193 3008 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:11:10.0209 3008 agp440 - ok
20:11:10.0240 3008 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:11:10.0287 3008 ALG - ok
20:11:10.0303 3008 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:11:10.0318 3008 aliide - ok
20:11:10.0365 3008 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
20:11:10.0428 3008 AMD External Events Utility - ok
20:11:10.0443 3008 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:11:10.0443 3008 amdide - ok
20:11:10.0474 3008 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:11:10.0506 3008 AmdK8 - ok
20:11:11.0021 3008 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
20:11:11.0334 3008 amdkmdag - ok
20:11:11.0474 3008 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
20:11:11.0506 3008 amdkmdap - ok
20:11:11.0537 3008 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:11:11.0568 3008 AmdPPM - ok
20:11:11.0584 3008 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:11:11.0599 3008 amdsata - ok
20:11:11.0631 3008 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:11:11.0646 3008 amdsbs - ok
20:11:11.0662 3008 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:11:11.0662 3008 amdxata - ok
20:11:11.0693 3008 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:11:11.0834 3008 AppID - ok
20:11:11.0849 3008 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:11:11.0896 3008 AppIDSvc - ok
20:11:11.0912 3008 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:11:11.0974 3008 Appinfo - ok
20:11:12.0006 3008 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:11:12.0021 3008 arc - ok
20:11:12.0037 3008 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:11:12.0053 3008 arcsas - ok
20:11:12.0131 3008 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:11:12.0146 3008 aspnet_state - ok
20:11:12.0178 3008 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:11:12.0224 3008 AsyncMac - ok
20:11:12.0240 3008 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:11:12.0240 3008 atapi - ok
20:11:12.0303 3008 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
20:11:12.0318 3008 AtiHDAudioService - ok
20:11:12.0396 3008 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:11:12.0459 3008 AudioEndpointBuilder - ok
20:11:12.0459 3008 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:11:12.0490 3008 AudioSrv - ok
20:11:12.0521 3008 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:11:12.0599 3008 AxInstSV - ok
20:11:12.0662 3008 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:11:12.0693 3008 b06bdrv - ok
20:11:12.0740 3008 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:11:12.0771 3008 b57nd60a - ok
20:11:12.0818 3008 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:11:12.0849 3008 BDESVC - ok
20:11:12.0865 3008 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:11:12.0928 3008 Beep - ok
20:11:13.0021 3008 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:11:13.0084 3008 BFE - ok
20:11:13.0146 3008 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:11:13.0224 3008 BITS - ok
20:11:13.0271 3008 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:11:13.0303 3008 blbdrive - ok
20:11:13.0334 3008 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:11:13.0381 3008 bowser - ok
20:11:13.0396 3008 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:11:13.0428 3008 BrFiltLo - ok
20:11:13.0443 3008 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:11:13.0459 3008 BrFiltUp - ok
20:11:13.0490 3008 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:11:13.0537 3008 Browser - ok
20:11:13.0568 3008 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:11:13.0615 3008 Brserid - ok
20:11:13.0615 3008 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:11:13.0646 3008 BrSerWdm - ok
20:11:13.0662 3008 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:11:13.0693 3008 BrUsbMdm - ok
20:11:13.0709 3008 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:11:13.0724 3008 BrUsbSer - ok
20:11:13.0740 3008 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:11:13.0771 3008 BTHMODEM - ok
20:11:13.0803 3008 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:11:13.0834 3008 bthserv - ok
20:11:13.0849 3008 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:11:13.0881 3008 cdfs - ok
20:11:13.0928 3008 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:11:13.0959 3008 cdrom - ok
20:11:13.0974 3008 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:11:14.0037 3008 CertPropSvc - ok
20:11:14.0068 3008 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:11:14.0084 3008 circlass - ok
20:11:14.0115 3008 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:11:14.0131 3008 CLFS - ok
20:11:14.0193 3008 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:11:14.0209 3008 clr_optimization_v2.0.50727_32 - ok
20:11:14.0256 3008 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:11:14.0256 3008 clr_optimization_v2.0.50727_64 - ok
20:11:14.0334 3008 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:11:14.0349 3008 clr_optimization_v4.0.30319_32 - ok
20:11:14.0553 3008 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:11:14.0553 3008 clr_optimization_v4.0.30319_64 - ok
20:11:14.0584 3008 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:11:14.0599 3008 CmBatt - ok
20:11:14.0615 3008 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:11:14.0631 3008 cmdide - ok
20:11:14.0678 3008 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:11:14.0724 3008 CNG - ok
20:11:14.0740 3008 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:11:14.0740 3008 Compbatt - ok
20:11:14.0787 3008 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:11:14.0803 3008 CompositeBus - ok
20:11:14.0818 3008 COMSysApp - ok
20:11:14.0818 3008 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:11:14.0834 3008 crcdisk - ok
20:11:14.0865 3008 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:11:14.0896 3008 CryptSvc - ok
20:11:14.0943 3008 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:11:14.0990 3008 DcomLaunch - ok
20:11:15.0021 3008 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:11:15.0084 3008 defragsvc - ok
20:11:15.0115 3008 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:11:15.0162 3008 DfsC - ok
20:11:15.0193 3008 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:11:15.0240 3008 Dhcp - ok
20:11:15.0240 3008 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:11:15.0287 3008 discache - ok
20:11:15.0318 3008 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:11:15.0318 3008 Disk - ok
20:11:15.0349 3008 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:11:15.0396 3008 Dnscache - ok
20:11:15.0412 3008 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:11:15.0459 3008 dot3svc - ok
20:11:15.0474 3008 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:11:15.0521 3008 DPS - ok
20:11:15.0553 3008 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:11:15.0584 3008 drmkaud - ok
20:11:15.0631 3008 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:11:15.0631 3008 dtsoftbus01 - ok
20:11:15.0709 3008 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:11:15.0724 3008 DXGKrnl - ok
20:11:15.0756 3008 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:11:15.0803 3008 EapHost - ok
20:11:15.0974 3008 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:11:16.0037 3008 ebdrv - ok
20:11:16.0131 3008 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:11:16.0178 3008 EFS - ok
20:11:16.0256 3008 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:11:16.0303 3008 ehRecvr - ok
20:11:16.0334 3008 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:11:16.0349 3008 ehSched - ok
20:11:16.0428 3008 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:11:16.0459 3008 elxstor - ok
20:11:16.0474 3008 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:11:16.0490 3008 ErrDev - ok
20:11:16.0537 3008 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:11:16.0584 3008 EventSystem - ok
20:11:16.0615 3008 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:11:16.0646 3008 exfat - ok
20:11:16.0662 3008 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:11:16.0709 3008 fastfat - ok
20:11:16.0771 3008 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:11:16.0803 3008 Fax - ok
20:11:16.0834 3008 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:11:16.0849 3008 fdc - ok
20:11:16.0896 3008 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:11:16.0943 3008 fdPHost - ok
20:11:16.0959 3008 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:11:17.0006 3008 FDResPub - ok
20:11:17.0037 3008 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:11:17.0037 3008 FileInfo - ok
20:11:17.0053 3008 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:11:17.0084 3008 Filetrace - ok
20:11:17.0115 3008 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:11:17.0131 3008 flpydisk - ok
20:11:17.0146 3008 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:11:17.0162 3008 FltMgr - ok
20:11:17.0240 3008 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:11:17.0287 3008 FontCache - ok
20:11:17.0334 3008 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:11:17.0349 3008 FontCache3.0.0.0 - ok
20:11:17.0412 3008 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:11:17.0412 3008 FsDepends - ok
20:11:17.0459 3008 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:11:17.0459 3008 Fs_Rec - ok
20:11:17.0506 3008 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:11:17.0521 3008 fvevol - ok
20:11:17.0537 3008 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:11:17.0553 3008 gagp30kx - ok
20:11:17.0615 3008 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:11:17.0662 3008 gpsvc - ok
20:11:17.0756 3008 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:17.0771 3008 gupdate - ok
20:11:17.0771 3008 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:17.0771 3008 gupdatem - ok
20:11:17.0818 3008 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:11:17.0834 3008 gusvc - ok
20:11:17.0865 3008 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:11:17.0896 3008 hcw85cir - ok
20:11:17.0974 3008 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:11:18.0006 3008 HdAudAddService - ok
20:11:18.0037 3008 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:11:18.0068 3008 HDAudBus - ok
20:11:18.0068 3008 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:11:18.0084 3008 HidBatt - ok
20:11:18.0115 3008 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:11:18.0131 3008 HidBth - ok
20:11:18.0146 3008 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:11:18.0162 3008 HidIr - ok
20:11:18.0193 3008 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:11:18.0240 3008 hidserv - ok
20:11:18.0271 3008 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:11:18.0287 3008 HidUsb - ok
20:11:18.0318 3008 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:11:18.0381 3008 hkmsvc - ok
20:11:18.0412 3008 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:11:18.0459 3008 HomeGroupListener - ok
20:11:18.0490 3008 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:11:18.0506 3008 HomeGroupProvider - ok
20:11:18.0537 3008 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:11:18.0553 3008 HpSAMD - ok
20:11:18.0599 3008 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:11:18.0678 3008 HTTP - ok
20:11:18.0693 3008 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:11:18.0693 3008 hwpolicy - ok
20:11:18.0740 3008 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:11:18.0740 3008 i8042prt - ok
20:11:18.0803 3008 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:11:18.0818 3008 iaStorV - ok
20:11:18.0928 3008 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:11:18.0959 3008 idsvc - ok
20:11:18.0974 3008 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:11:18.0990 3008 iirsp - ok
20:11:19.0053 3008 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:11:19.0115 3008 IKEEXT - ok
20:11:19.0334 3008 IntcAzAudAddService (5f6a3ea5bd7ca861863a3a06cecc115c) C:\Windows\system32\drivers\RTKVHD64.sys
20:11:19.0396 3008 IntcAzAudAddService - ok
20:11:19.0646 3008 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:11:19.0662 3008 intelide - ok
20:11:19.0693 3008 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:11:19.0709 3008 intelppm - ok
20:11:19.0740 3008 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:11:19.0787 3008 IPBusEnum - ok
20:11:19.0803 3008 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:11:19.0834 3008 IpFilterDriver - ok
20:11:19.0881 3008 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:11:19.0928 3008 iphlpsvc - ok
20:11:19.0928 3008 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:11:19.0943 3008 IPMIDRV - ok
20:11:19.0959 3008 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:11:19.0990 3008 IPNAT - ok
20:11:20.0021 3008 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:11:20.0053 3008 IRENUM - ok
20:11:20.0053 3008 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:11:20.0068 3008 isapnp - ok
20:11:20.0099 3008 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:11:20.0115 3008 iScsiPrt - ok
20:11:20.0178 3008 JRAID (c0d9ba660a41ee8a269ef804e6cd0d7b) C:\Windows\system32\DRIVERS\jraid.sys
20:11:20.0193 3008 JRAID - ok
20:11:20.0224 3008 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:11:20.0240 3008 kbdclass - ok
20:11:20.0271 3008 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:11:20.0303 3008 kbdhid - ok
20:11:20.0318 3008 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:11:20.0334 3008 KeyIso - ok
20:11:20.0365 3008 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:11:20.0365 3008 KSecDD - ok
20:11:20.0396 3008 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:11:20.0412 3008 KSecPkg - ok
20:11:20.0443 3008 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:11:20.0490 3008 ksthunk - ok
20:11:20.0537 3008 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:11:20.0584 3008 KtmRm - ok
20:11:20.0631 3008 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:11:20.0678 3008 LanmanServer - ok
20:11:20.0709 3008 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:11:20.0740 3008 LanmanWorkstation - ok
20:11:20.0771 3008 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:11:20.0818 3008 lltdio - ok
20:11:20.0849 3008 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:11:20.0896 3008 lltdsvc - ok
20:11:20.0912 3008 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:11:20.0943 3008 lmhosts - ok
20:11:20.0990 3008 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:11:21.0006 3008 LSI_FC - ok
20:11:21.0021 3008 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:11:21.0037 3008 LSI_SAS - ok
20:11:21.0053 3008 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:11:21.0068 3008 LSI_SAS2 - ok
20:11:21.0084 3008 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:11:21.0099 3008 LSI_SCSI - ok
20:11:21.0131 3008 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:11:21.0178 3008 luafv - ok
20:11:21.0193 3008 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:11:21.0224 3008 Mcx2Svc - ok
20:11:21.0240 3008 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:11:21.0256 3008 megasas - ok
20:11:21.0287 3008 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:11:21.0303 3008 MegaSR - ok
20:11:21.0334 3008 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:11:21.0365 3008 MMCSS - ok
20:11:21.0381 3008 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:11:21.0428 3008 Modem - ok
20:11:21.0459 3008 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:11:21.0490 3008 monitor - ok
20:11:21.0506 3008 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:11:21.0521 3008 mouclass - ok
20:11:21.0553 3008 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:11:21.0568 3008 mouhid - ok
20:11:21.0584 3008 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:11:21.0599 3008 mountmgr - ok
20:11:21.0646 3008 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:11:21.0662 3008 MpFilter - ok
20:11:21.0693 3008 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:11:21.0709 3008 mpio - ok
20:11:21.0724 3008 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:11:21.0756 3008 mpsdrv - ok
20:11:21.0818 3008 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:11:21.0865 3008 MpsSvc - ok
20:11:21.0881 3008 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:11:21.0912 3008 MRxDAV - ok
20:11:21.0943 3008 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:11:21.0974 3008 mrxsmb - ok
20:11:22.0006 3008 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:11:22.0037 3008 mrxsmb10 - ok
20:11:22.0053 3008 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:11:22.0053 3008 mrxsmb20 - ok
20:11:22.0084 3008 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:11:22.0099 3008 msahci - ok
20:11:22.0115 3008 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:11:22.0131 3008 msdsm - ok
20:11:22.0162 3008 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:11:22.0193 3008 MSDTC - ok
20:11:22.0209 3008 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:11:22.0256 3008 Msfs - ok
20:11:22.0271 3008 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:11:22.0318 3008 mshidkmdf - ok
20:11:22.0318 3008 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:11:22.0334 3008 msisadrv - ok
20:11:22.0381 3008 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:11:22.0428 3008 MSiSCSI - ok
20:11:22.0428 3008 msiserver - ok
20:11:22.0459 3008 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:11:22.0506 3008 MSKSSRV - ok
20:11:22.0584 3008 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:11:22.0599 3008 MsMpSvc - ok
20:11:22.0615 3008 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:11:22.0662 3008 MSPCLOCK - ok
20:11:22.0678 3008 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:11:22.0724 3008 MSPQM - ok
20:11:22.0756 3008 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:11:22.0771 3008 MsRPC - ok
20:11:22.0787 3008 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:11:22.0803 3008 mssmbios - ok
20:11:22.0803 3008 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:11:22.0834 3008 MSTEE - ok
20:11:22.0849 3008 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:11:22.0865 3008 MTConfig - ok
20:11:22.0881 3008 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:11:22.0896 3008 Mup - ok
20:11:22.0928 3008 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:11:22.0974 3008 napagent - ok
20:11:23.0021 3008 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:11:23.0053 3008 NativeWifiP - ok
20:11:23.0115 3008 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:11:23.0146 3008 NDIS - ok
20:11:23.0162 3008 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:11:23.0209 3008 NdisCap - ok
20:11:23.0240 3008 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:11:23.0271 3008 NdisTapi - ok
20:11:23.0287 3008 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:11:23.0334 3008 Ndisuio - ok
20:11:23.0349 3008 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:11:23.0396 3008 NdisWan - ok
20:11:23.0412 3008 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:11:23.0459 3008 NDProxy - ok
20:11:23.0474 3008 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:11:23.0521 3008 NetBIOS - ok
20:11:23.0553 3008 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:11:23.0584 3008 NetBT - ok
20:11:23.0615 3008 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:11:23.0631 3008 Netlogon - ok
20:11:23.0678 3008 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:11:23.0724 3008 Netman - ok
20:11:23.0803 3008 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:23.0818 3008 NetMsmqActivator - ok
20:11:23.0834 3008 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:23.0834 3008 NetPipeActivator - ok
20:11:23.0865 3008 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:11:23.0912 3008 netprofm - ok
20:11:23.0928 3008 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:23.0943 3008 NetTcpActivator - ok
20:11:23.0943 3008 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:23.0943 3008 NetTcpPortSharing - ok
20:11:24.0006 3008 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:11:24.0021 3008 nfrd960 - ok
20:11:24.0084 3008 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:11:24.0099 3008 NisDrv - ok
20:11:24.0178 3008 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
20:11:24.0193 3008 NisSrv - ok
20:11:24.0240 3008 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:11:24.0287 3008 NlaSvc - ok
20:11:24.0303 3008 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:11:24.0334 3008 Npfs - ok
20:11:24.0349 3008 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:11:24.0396 3008 nsi - ok
20:11:24.0428 3008 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:11:24.0459 3008 nsiproxy - ok
20:11:24.0568 3008 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:11:24.0599 3008 Ntfs - ok
20:11:24.0787 3008 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:11:24.0834 3008 Null - ok
20:11:24.0865 3008 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:11:24.0881 3008 nvraid - ok
20:11:24.0896 3008 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:11:24.0912 3008 nvstor - ok
20:11:24.0928 3008 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:11:24.0943 3008 nv_agp - ok
20:11:24.0959 3008 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:11:24.0974 3008 ohci1394 - ok
20:11:25.0037 3008 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:11:25.0053 3008 ose - ok
20:11:25.0084 3008 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:11:25.0131 3008 p2pimsvc - ok
20:11:25.0178 3008 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:11:25.0193 3008 p2psvc - ok
20:11:25.0224 3008 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:11:25.0256 3008 Parport - ok
20:11:25.0271 3008 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:11:25.0287 3008 partmgr - ok
20:11:25.0303 3008 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:11:25.0334 3008 PcaSvc - ok
20:11:25.0365 3008 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:11:25.0381 3008 pci - ok
20:11:25.0381 3008 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:11:25.0396 3008 pciide - ok
20:11:25.0428 3008 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:11:25.0443 3008 pcmcia - ok
20:11:25.0459 3008 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:11:25.0459 3008 pcw - ok
20:11:25.0506 3008 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:11:25.0553 3008 PEAUTH - ok
20:11:25.0631 3008 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:11:25.0646 3008 PerfHost - ok
20:11:25.0740 3008 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:11:25.0803 3008 pla - ok
20:11:25.0865 3008 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:11:25.0896 3008 PlugPlay - ok
20:11:25.0912 3008 PnkBstrA - ok
20:11:25.0928 3008 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:11:25.0959 3008 PNRPAutoReg - ok
20:11:25.0990 3008 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:11:26.0006 3008 PNRPsvc - ok
20:11:26.0053 3008 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:11:26.0099 3008 PolicyAgent - ok
20:11:26.0146 3008 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:11:26.0178 3008 Power - ok
20:11:26.0256 3008 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:11:26.0287 3008 PptpMiniport - ok
20:11:26.0303 3008 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:11:26.0334 3008 Processor - ok
20:11:26.0365 3008 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:11:26.0396 3008 ProfSvc - ok
20:11:26.0412 3008 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:11:26.0428 3008 ProtectedStorage - ok
20:11:26.0459 3008 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:11:26.0490 3008 Psched - ok
20:11:26.0584 3008 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:11:26.0631 3008 ql2300 - ok
20:11:26.0756 3008 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:11:26.0771 3008 ql40xx - ok
20:11:26.0803 3008 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:11:26.0818 3008 QWAVE - ok
20:11:26.0834 3008 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:11:26.0865 3008 QWAVEdrv - ok
20:11:26.0881 3008 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:11:26.0912 3008 RasAcd - ok
20:11:26.0943 3008 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:11:26.0974 3008 RasAgileVpn - ok
20:11:26.0990 3008 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:11:27.0037 3008 RasAuto - ok
20:11:27.0053 3008 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:11:27.0099 3008 Rasl2tp - ok
20:11:27.0131 3008 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:11:27.0162 3008 RasMan - ok
20:11:27.0193 3008 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:11:27.0240 3008 RasPppoe - ok
20:11:27.0256 3008 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:11:27.0303 3008 RasSstp - ok
20:11:27.0318 3008 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:11:27.0365 3008 rdbss - ok
20:11:27.0381 3008 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:11:27.0396 3008 rdpbus - ok
20:11:27.0412 3008 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:11:27.0459 3008 RDPCDD - ok
20:11:27.0474 3008 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:11:27.0506 3008 RDPENCDD - ok
20:11:27.0521 3008 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:11:27.0553 3008 RDPREFMP - ok
20:11:27.0584 3008 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:11:27.0615 3008 RDPWD - ok
20:11:27.0662 3008 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:11:27.0678 3008 rdyboost - ok
20:11:27.0709 3008 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:11:27.0756 3008 RemoteAccess - ok
20:11:27.0787 3008 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:11:27.0834 3008 RemoteRegistry - ok
20:11:27.0849 3008 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:11:27.0881 3008 RpcEptMapper - ok
20:11:27.0896 3008 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:11:27.0928 3008 RpcLocator - ok
20:11:27.0959 3008 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:11:28.0006 3008 RpcSs - ok
20:11:28.0037 3008 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:11:28.0068 3008 rspndr - ok
20:11:28.0115 3008 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:11:28.0146 3008 RTL8167 - ok
20:11:28.0193 3008 SaiK0CC3 (3c24436f091369ec4b91eb8294f53304) C:\Windows\system32\DRIVERS\SaiK0CC3.sys
20:11:28.0193 3008 SaiK0CC3 - ok
20:11:28.0209 3008 SaiMini (64bc6cc8fd3408df37ea488d88d54a4a) C:\Windows\system32\DRIVERS\SaiMini.sys
20:11:28.0224 3008 SaiMini - ok
20:11:28.0240 3008 SaiNtBus (6a78c024625926cc4b67b3e6ad14910a) C:\Windows\system32\drivers\SaiBus.sys
20:11:28.0240 3008 SaiNtBus - ok
20:11:28.0271 3008 SaiU0CC3 (e99885666b9daf934c353e0681bce7da) C:\Windows\system32\DRIVERS\SaiU0CC3.sys
20:11:28.0287 3008 SaiU0CC3 - ok
20:11:28.0303 3008 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:11:28.0318 3008 SamSs - ok
20:11:28.0349 3008 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:11:28.0365 3008 sbp2port - ok
20:11:28.0490 3008 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:11:28.0521 3008 SBSDWSCService - ok
20:11:28.0553 3008 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:11:28.0584 3008 SCardSvr - ok
20:11:28.0646 3008 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:11:28.0709 3008 scfilter - ok
20:11:28.0771 3008 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:11:28.0849 3008 Schedule - ok
20:11:28.0865 3008 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:11:28.0896 3008 SCPolicySvc - ok
20:11:28.0928 3008 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:11:28.0943 3008 SDRSVC - ok
20:11:29.0006 3008 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:11:29.0068 3008 secdrv - ok
20:11:29.0084 3008 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:11:29.0115 3008 seclogon - ok
20:11:29.0146 3008 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:11:29.0178 3008 SENS - ok
20:11:29.0193 3008 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:11:29.0224 3008 SensrSvc - ok
20:11:29.0256 3008 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:11:29.0271 3008 Serenum - ok
20:11:29.0303 3008 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:11:29.0318 3008 Serial - ok
20:11:29.0334 3008 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:11:29.0349 3008 sermouse - ok
20:11:29.0381 3008 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:11:29.0428 3008 SessionEnv - ok
20:11:29.0428 3008 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:11:29.0443 3008 sffdisk - ok
20:11:29.0443 3008 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:11:29.0474 3008 sffp_mmc - ok
20:11:29.0474 3008 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:11:29.0490 3008 sffp_sd - ok
20:11:29.0490 3008 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:11:29.0521 3008 sfloppy - ok
20:11:29.0568 3008 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:11:29.0631 3008 SharedAccess - ok
20:11:29.0662 3008 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:11:29.0693 3008 ShellHWDetection - ok
20:11:29.0709 3008 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:11:29.0724 3008 SiSRaid2 - ok
20:11:29.0740 3008 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:11:29.0756 3008 SiSRaid4 - ok
20:11:29.0818 3008 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:11:29.0834 3008 SkypeUpdate - ok
20:11:29.0865 3008 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:11:29.0928 3008 Smb - ok
20:11:29.0959 3008 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:11:29.0974 3008 SNMPTRAP - ok
20:11:30.0006 3008 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:11:30.0021 3008 spldr - ok
20:11:30.0053 3008 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:11:30.0099 3008 Spooler - ok
20:11:30.0271 3008 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:11:30.0365 3008 sppsvc - ok
20:11:30.0474 3008 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:11:30.0506 3008 sppuinotify - ok
20:11:30.0584 3008 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:11:30.0615 3008 srv - ok
20:11:30.0646 3008 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:11:30.0678 3008 srv2 - ok
20:11:30.0693 3008 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:11:30.0709 3008 srvnet - ok
20:11:30.0756 3008 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:11:30.0787 3008 SSDPSRV - ok
20:11:30.0803 3008 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:11:30.0849 3008 SstpSvc - ok
20:11:30.0881 3008 Steam Client Service - ok
20:11:30.0896 3008 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:11:30.0912 3008 stexstor - ok
20:11:30.0974 3008 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:11:31.0006 3008 stisvc - ok
20:11:31.0021 3008 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:11:31.0021 3008 swenum - ok
20:11:31.0068 3008 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:11:31.0115 3008 swprv - ok
20:11:31.0209 3008 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:11:31.0256 3008 SysMain - ok
20:11:31.0349 3008 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:11:31.0396 3008 TabletInputService - ok
20:11:31.0412 3008 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:11:31.0474 3008 TapiSrv - ok
20:11:31.0506 3008 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:11:31.0537 3008 TBS - ok
20:11:31.0678 3008 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:11:31.0724 3008 Tcpip - ok
20:11:31.0928 3008 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:11:31.0974 3008 TCPIP6 - ok
20:11:32.0021 3008 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:11:32.0068 3008 tcpipreg - ok
20:11:32.0084 3008 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:11:32.0115 3008 TDPIPE - ok
20:11:32.0146 3008 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:11:32.0162 3008 TDTCP - ok
20:11:32.0178 3008 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:11:32.0224 3008 tdx - ok
20:11:32.0240 3008 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:11:32.0256 3008 TermDD - ok
20:11:32.0303 3008 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:11:32.0349 3008 TermService - ok
20:11:32.0365 3008 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:11:32.0381 3008 Themes - ok
20:11:32.0412 3008 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:11:32.0459 3008 THREADORDER - ok
20:11:32.0474 3008 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:11:32.0506 3008 TrkWks - ok
20:11:32.0568 3008 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:11:32.0615 3008 TrustedInstaller - ok
20:11:32.0631 3008 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:11:32.0678 3008 tssecsrv - ok
20:11:32.0709 3008 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:11:32.0724 3008 TsUsbFlt - ok
20:11:32.0740 3008 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:11:32.0771 3008 TsUsbGD - ok
20:11:32.0787 3008 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:11:32.0818 3008 tunnel - ok
20:11:32.0818 3008 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:11:32.0834 3008 uagp35 - ok
20:11:32.0865 3008 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:11:32.0928 3008 udfs - ok
20:11:32.0959 3008 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:11:32.0974 3008 UI0Detect - ok
20:11:33.0006 3008 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:11:33.0006 3008 uliagpkx - ok
20:11:33.0037 3008 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:11:33.0053 3008 umbus - ok
20:11:33.0099 3008 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:11:33.0115 3008 UmPass - ok
20:11:33.0146 3008 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:11:33.0193 3008 upnphost - ok
20:11:33.0240 3008 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:11:33.0271 3008 usbccgp - ok
20:11:33.0287 3008 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:11:33.0303 3008 usbcir - ok
20:11:33.0334 3008 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:11:33.0349 3008 usbehci - ok
20:11:33.0396 3008 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:11:33.0412 3008 usbhub - ok
20:11:33.0428 3008 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:11:33.0459 3008 usbohci - ok
20:11:33.0474 3008 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:11:33.0490 3008 usbprint - ok
20:11:33.0521 3008 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:11:33.0568 3008 USBSTOR - ok
20:11:33.0584 3008 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:11:33.0599 3008 usbuhci - ok
20:11:33.0615 3008 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:11:33.0662 3008 UxSms - ok
20:11:33.0678 3008 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:11:33.0693 3008 VaultSvc - ok
20:11:33.0724 3008 VBoxNetAdp (01f5ff577ca9d3555941c5c266af4385) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
20:11:33.0740 3008 VBoxNetAdp - ok
20:11:33.0756 3008 VBoxNetFlt - ok
20:11:33.0787 3008 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:11:33.0803 3008 vdrvroot - ok
20:11:33.0849 3008 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:11:33.0896 3008 vds - ok
20:11:33.0912 3008 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:11:33.0928 3008 vga - ok
20:11:33.0943 3008 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:11:33.0974 3008 VgaSave - ok
20:11:33.0990 3008 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:11:34.0006 3008 vhdmp - ok
20:11:34.0021 3008 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:11:34.0021 3008 viaide - ok
20:11:34.0053 3008 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:11:34.0053 3008 volmgr - ok
20:11:34.0099 3008 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:11:34.0115 3008 volmgrx - ok
20:11:34.0131 3008 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:11:34.0146 3008 volsnap - ok
20:11:34.0178 3008 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:11:34.0193 3008 vsmraid - ok
20:11:34.0287 3008 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:11:34.0349 3008 VSS - ok
20:11:34.0474 3008 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:11:34.0490 3008 vwifibus - ok
20:11:34.0537 3008 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:11:34.0568 3008 W32Time - ok
20:11:34.0584 3008 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:11:34.0615 3008 WacomPen - ok
20:11:34.0631 3008 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:34.0678 3008 WANARP - ok
20:11:34.0678 3008 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:34.0709 3008 Wanarpv6 - ok
20:11:34.0818 3008 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:11:34.0865 3008 WatAdminSvc - ok
20:11:34.0959 3008 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:11:35.0021 3008 wbengine - ok
20:11:35.0099 3008 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:11:35.0131 3008 WbioSrvc - ok
20:11:35.0162 3008 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:11:35.0209 3008 wcncsvc - ok
20:11:35.0224 3008 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:11:35.0256 3008 WcsPlugInService - ok
20:11:35.0303 3008 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:11:35.0318 3008 Wd - ok
20:11:35.0365 3008 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:11:35.0381 3008 Wdf01000 - ok
20:11:35.0412 3008 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:11:35.0474 3008 WdiServiceHost - ok
20:11:35.0474 3008 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:11:35.0490 3008 WdiSystemHost - ok
20:11:35.0521 3008 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:11:35.0553 3008 WebClient - ok
20:11:35.0568 3008 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:11:35.0615 3008 Wecsvc - ok
20:11:35.0631 3008 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:11:35.0678 3008 wercplsupport - ok
20:11:35.0693 3008 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:11:35.0724 3008 WerSvc - ok
20:11:35.0787 3008 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:11:35.0818 3008 WfpLwf - ok
20:11:35.0834 3008 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:11:35.0849 3008 WIMMount - ok
20:11:35.0896 3008 WinDefend - ok
20:11:35.0896 3008 WinHttpAutoProxySvc - ok
20:11:35.0974 3008 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:11:36.0006 3008 Winmgmt - ok
20:11:36.0115 3008 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:11:36.0178 3008 WinRM - ok
20:11:36.0318 3008 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:11:36.0365 3008 Wlansvc - ok
20:11:36.0412 3008 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:11:36.0443 3008 WmiAcpi - ok
20:11:36.0506 3008 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:11:36.0537 3008 wmiApSrv - ok
20:11:36.0584 3008 WMPNetworkSvc - ok
20:11:36.0615 3008 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:11:36.0646 3008 WPCSvc - ok
20:11:36.0678 3008 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:11:36.0693 3008 WPDBusEnum - ok
20:11:36.0724 3008 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:11:36.0771 3008 ws2ifsl - ok
20:11:36.0787 3008 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:11:36.0803 3008 wscsvc - ok
20:11:36.0803 3008 WSearch - ok
20:11:36.0959 3008 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:11:37.0021 3008 wuauserv - ok
20:11:37.0146 3008 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:11:37.0193 3008 WudfPf - ok
20:11:37.0240 3008 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:11:37.0271 3008 WUDFRd - ok
20:11:37.0303 3008 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:11:37.0334 3008 wudfsvc - ok
20:11:37.0381 3008 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:11:37.0412 3008 WwanSvc - ok
20:11:37.0443 3008 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:11:37.0646 3008 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:11:37.0646 3008 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:11:37.0678 3008 Boot (0x1200) (17819b15850eb98b560652f58b135142) \Device\Harddisk0\DR0\Partition0
20:11:37.0678 3008 \Device\Harddisk0\DR0\Partition0 - ok
20:11:37.0693 3008 Boot (0x1200) (f4d788bba0afe6d7b986332a4cb9830b) \Device\Harddisk0\DR0\Partition1
20:11:37.0709 3008 \Device\Harddisk0\DR0\Partition1 - ok
20:11:37.0709 3008 ============================================================
20:11:37.0709 3008 Scan finished
20:11:37.0709 3008 ============================================================
20:11:37.0756 0980 Detected object count: 1
20:11:37.0756 0980 Actual detected object count: 1
20:12:17.0724 0980 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:12:17.0724 0980 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
24.07.2012, 14:58
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Ok, da ist noch ein TDSS aktiv, aber den soll man nicht mit dem TDSS-Killer beim ersten Lauf fixen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2012, 20:05
| #21 |
| | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Guten Abend, so nachdem der Rechner auch bei dem Scan stehen geblieben ist, hier nun die Datei. Ich hoffe sie ist soweit vollständing: Code:
ATTFilter ComboFix 12-07-26.03 - Bleibdoof 25.07.2012 17:32:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2816 [GMT 2:00]
ausgeführt von:: c:\users\Bleibdoof_2\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-25 bis 2012-07-25 ))))))))))))))))))))))))))))))
.
.
2012-07-24 17:48 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B88E82-7D14-4517-A407-EF8DAC3DA6DB}\mpengine.dll
2012-07-23 19:52 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-22 19:54 . 2012-07-24 21:11 -------- d-----w- c:\users\Bleibdoof_2\AppData\Roaming\FreeDoko
2012-07-21 17:14 . 2012-07-21 17:14 -------- d-----w- C:\_OTL
2012-07-15 09:24 . 2012-07-21 17:01 -------- d-----w- c:\users\Bleibdoof\AppData\Roaming\Skype
2012-07-15 09:14 . 2012-07-15 09:14 -------- d-----w- c:\program files (x86)\ESET
2012-07-12 19:22 . 2012-07-12 19:22 -------- d-----w- c:\users\Bleibdoof_2\AppData\Roaming\Malwarebytes
2012-07-12 19:07 . 2012-07-12 19:07 -------- d-----w- c:\users\Bleibdoof\AppData\Roaming\Malwarebytes
2012-07-12 19:06 . 2012-07-12 19:06 -------- d-----w- c:\programdata\Malwarebytes
2012-07-12 19:06 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 16:19 . 2012-07-12 16:19 -------- d-----w- c:\program files (x86)\Microsoft
2012-07-12 15:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 21:17 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-11 21:17 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-09 21:15 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-04 09:01 . 2012-04-13 22:08 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2CD22DA1-F366-41DA-BFC7-063144BD571B}\gapaengine.dll
2012-07-02 10:47 . 2012-07-02 10:47 -------- d-----w- c:\program files (x86)\MSECache
2012-07-01 21:09 . 2012-07-01 21:09 -------- d-----w- c:\windows\PCHEALTH
2012-07-01 21:04 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difxe4fc.rra
2012-07-01 21:04 . 2012-07-01 21:04 -------- d-----w- c:\windows\RaidTool
2012-07-01 21:03 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-07-01 21:03 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-07-01 21:03 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-07-01 21:03 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-07-01 21:03 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-07-01 21:03 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-07-01 21:03 . 2012-07-01 21:03 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-07-01 21:03 . 2012-07-01 21:03 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-07-01 20:59 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difx9f59.rra
2012-07-01 20:50 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difx6f92.rra
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:17 . 2012-04-13 21:56 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-11 20:08 . 2012-04-14 15:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 20:08 . 2012-04-14 15:04 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:19 . 2012-06-25 06:02 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 06:03 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-25 06:03 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 06:03 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 06:02 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-25 06:03 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-25 06:02 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-25 06:02 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-25 06:02 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-14 17:32 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-25 06:27 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-14 17:32 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 17:32 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-25 06:27 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-14 17:32 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 17:32 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\tools\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-06-24 144688]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-14 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-20 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 SaiK0CC3;SaiK0CC3;c:\windows\system32\DRIVERS\SaiK0CC3.sys [2010-04-22 171016]
S3 SaiU0CC3;SaiU0CC3;c:\windows\system32\DRIVERS\SaiU0CC3.sys [2010-04-22 41096]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 20:08]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 00:23]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 00:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-04-21 378880]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-04-21 195072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-BitBox - d:\tools\BitBox\BitBoxuninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\users\Bleibdoof_2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-25 20:53:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-25 18:53
.
Vor Suchlauf: 8 Verzeichnis(se), 11.589.177.344 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 11.113.979.904 Bytes frei
.
- - End Of File - - 649249472F3387AC5F1D1DAAB2300F7B
|
|
26.07.2012, 13:37
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.07.2012, 21:35
| #23 |
| | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Moin, ich habe jetzt alle drei Programme ausgeführt: GMER hat kein Log erzeugt, nur eine Meldung, dass keine Modifikationen am System gefunden werden konnten. OSAM Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:58:58 on 26.07.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "VBoxNetFlt Service" (VBoxNetFlt) - ? - C:\Windows\System32\DRIVERS\VBoxNetFlt.sys (File not found) "VirtualBox Host-Only Ethernet Adapter" (VBoxNetAdp) - "Oracle Corporation" - C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_265.ocx / https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Bleibdoof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "D:\Tools\DAEMON Tools Lite\DTLite.exe" -autorun "Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "JMB36X IDE Setup" - ? - C:\Windows\RaidTool\xInsIDE.exe (File found, but it contains no detailed information) "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@%SystemRoot%\System32\shsvcs.dll,-12288" (ShellHWDetection) - "Microsoft Corporation" - C:\Windows\System32\shsvcs.dll (Data mismatch, rootkit activity) "@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\NisSrv.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\MsMpEng.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File not found) "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 21:23:33
-----------------------------
21:23:33.884 OS Version: Windows x64 6.1.7601 Service Pack 1
21:23:33.884 Number of processors: 2 586 0xF06
21:23:33.884 ComputerName: BLEIBDOOF-PC UserName: Bleibdoof
21:23:34.181 Initialize success
21:28:29.206 AVAST engine defs: 12072601
21:28:35.581 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:28:35.581 Disk 0 Vendor: SAMSUNG_HD400LJ ZZ100-15 Size: 381554MB BusType: 3
21:28:35.596 Disk 0 MBR read successfully
21:28:35.596 Disk 0 MBR scan
21:28:35.596 Disk 0 Windows 7 default MBR code
21:28:35.612 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
21:28:35.612 Disk 0 Partition - 00 0F Extended LBA 331544 MB offset 102398310
21:28:35.627 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 331544 MB offset 102398373
21:28:35.643 Disk 0 scanning C:\Windows\system32\drivers
21:28:42.174 Service scanning
21:28:56.909 Modules scanning
21:28:56.909 Disk 0 trace - called modules:
21:28:56.924 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
21:28:56.940 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048ed790]
21:28:56.940 3 CLASSPNP.SYS[fffff8800197e43f] -> nt!IofCallDriver -> [0xfffffa8003958e40]
21:28:56.940 5 ACPI.sys[fffff88000ef07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80047a1680]
21:28:57.206 AVAST engine scan C:\Windows
21:28:58.784 AVAST engine scan C:\Windows\system32
21:30:56.768 AVAST engine scan C:\Windows\system32\drivers
21:31:04.002 AVAST engine scan C:\Users\Bleibdoof
21:31:16.127 File: C:\Users\Bleibdoof\AppData\Local\temp\{5A0389C7-EB2F-4CCE-8F0E-4223065AE3ED}\fpb.tmp **HIDDEN**
21:31:16.252 AVAST engine scan C:\ProgramData
21:32:51.206 Scan finished successfully
21:33:13.581 Disk 0 MBR has been saved successfully to "C:\Users\Bleibdoof\Desktop\MBR.dat"
21:33:13.596 The log file has been saved successfully to "C:\Users\Bleibdoof\Desktop\aswMBR.txt"
|
|
26.07.2012, 23:12
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.07.2012, 22:18
| #25 |
| | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Moin! Hier die Ergebnisse der Logs. MWB: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.29.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bleibdoof :: BLEIBDOOF-PC [Administrator] 29.07.2012 22:17:21 mbam-log-2012-07-29 (23-13-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 447891 Laufzeit: 44 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\_OTL\MovedFiles\07212012_191402\C_Users\Bleibdoof_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\51141ad8-7ab19b28 (Trojan.Agent.H) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/30/2012 at 10:58 PM
Application Version : 5.5.1012
Core Rules Database Version : 8981
Trace Rules Database Version: 6793
Scan type : Complete Scan
Total Scan Time : 01:54:22
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 733
Memory threats detected : 0
Registry items scanned : 71117
Registry threats detected : 0
File items scanned : 241182
File threats detected : 130
Adware.Tracking Cookie
C:\Users\Bleibdoof\AppData\Roaming\Microsoft\Windows\Cookies\3XO0KT0V.txt [ /adfarm1.adition.com ]
C:\Users\Bleibdoof\AppData\Roaming\Microsoft\Windows\Cookies\C4ONCOTO.txt [ /adtech.de ]
C:\Users\Bleibdoof\AppData\Roaming\Microsoft\Windows\Cookies\8P2IXXCP.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Bleibdoof\AppData\Roaming\Microsoft\Windows\Cookies\M0HPDSCN.txt [ /track.effiliation.com ]
C:\Users\Bleibdoof\AppData\Roaming\Microsoft\Windows\Cookies\88241UJ2.txt [ /ad.zanox.com ]
C:\Users\Bleibdoof\AppData\Roaming\Microsoft\Windows\Cookies\T8SC5MM2.txt [ /imrworldwide.com ]
C:\Users\Bleibdoof\AppData\Roaming\Microsoft\Windows\Cookies\XVGHMVE4.txt [ /webmasterplan.com ]
C:\Users\Bleibdoof\AppData\Roaming\Microsoft\Windows\Cookies\O91WCRUP.txt [ /track.effiliation.com ]
C:\Users\Bleibdoof\AppData\Roaming\Microsoft\Windows\Cookies\CI9A6175.txt [ /zanox-affiliate.de ]
C:\Users\Bleibdoof\AppData\Roaming\Microsoft\Windows\Cookies\T380FT47.txt [ /zanox.com ]
C:\USERS\BLEIBDOOF\AppData\Roaming\Microsoft\Windows\Cookies\Low\IC3T1KZ0.txt [ Cookie:bleibdoof@ad.yieldmanager.com/ ]
C:\USERS\BLEIBDOOF\AppData\Roaming\Microsoft\Windows\Cookies\Low\97JAX5IA.txt [ Cookie:bleibdoof@tracking.quisma.com/ ]
C:\USERS\BLEIBDOOF\AppData\Roaming\Microsoft\Windows\Cookies\Low\JI47OGX6.txt [ Cookie:bleibdoof@adfarm1.adition.com/ ]
C:\USERS\BLEIBDOOF\AppData\Roaming\Microsoft\Windows\Cookies\Low\30OP4TN5.txt [ Cookie:bleibdoof@adform.net/ ]
C:\USERS\BLEIBDOOF\AppData\Roaming\Microsoft\Windows\Cookies\Low\5UXJ7GKA.txt [ Cookie:bleibdoof@fl01.ct2.comclick.com/ ]
C:\USERS\BLEIBDOOF\AppData\Roaming\Microsoft\Windows\Cookies\Low\218Q510L.txt [ Cookie:bleibdoof@unitymedia.de/ ]
C:\USERS\BLEIBDOOF\AppData\Roaming\Microsoft\Windows\Cookies\Low\W8H4JS10.txt [ Cookie:bleibdoof@us.battle.net/account ]
C:\USERS\BLEIBDOOF\AppData\Roaming\Microsoft\Windows\Cookies\Low\R3DK4EE3.txt [ Cookie:bleibdoof@imrworldwide.com/cgi-bin ]
C:\USERS\BLEIBDOOF\AppData\Roaming\Microsoft\Windows\Cookies\Low\01S22A74.txt [ Cookie:bleibdoof@webmasterplan.com/ ]
C:\USERS\BLEIBDOOF\AppData\Roaming\Microsoft\Windows\Cookies\Low\737SANS7.txt [ Cookie:bleibdoof@track.adform.net/ ]
C:\USERS\BLEIBDOOF\Cookies\3XO0KT0V.txt [ Cookie:bleibdoof@adfarm1.adition.com/ ]
C:\USERS\BLEIBDOOF\Cookies\C4ONCOTO.txt [ Cookie:bleibdoof@adtech.de/ ]
C:\USERS\BLEIBDOOF\Cookies\8P2IXXCP.txt [ Cookie:bleibdoof@ad2.adfarm1.adition.com/ ]
C:\USERS\BLEIBDOOF\Cookies\M0HPDSCN.txt [ Cookie:bleibdoof@track.effiliation.com/servlet/ ]
C:\USERS\BLEIBDOOF\Cookies\88241UJ2.txt [ Cookie:bleibdoof@ad.zanox.com/ ]
C:\USERS\BLEIBDOOF\Cookies\T8SC5MM2.txt [ Cookie:bleibdoof@imrworldwide.com/cgi-bin ]
C:\USERS\BLEIBDOOF\Cookies\XVGHMVE4.txt [ Cookie:bleibdoof@webmasterplan.com/ ]
C:\USERS\BLEIBDOOF\Cookies\O91WCRUP.txt [ Cookie:bleibdoof@track.effiliation.com/ ]
C:\USERS\BLEIBDOOF\Cookies\CI9A6175.txt [ Cookie:bleibdoof@zanox-affiliate.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\5G0247FX.txt [ Cookie:bleibdoof_2@serving-sys.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\T485UXVS.txt [ Cookie:bleibdoof_2@bs.serving-sys.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\092F4VMO.txt [ Cookie:bleibdoof_2@gs-media.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\EMXNZ1N1.txt [ Cookie:bleibdoof_2@yieldmanager.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\B0JW02UU.txt [ Cookie:bleibdoof_2@atdmt.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\GU4O44T5.txt [ Cookie:bleibdoof_2@philips.112.2o7.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\P5LOF00U.txt [ Cookie:bleibdoof_2@a.revenuemax.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MBA5BF5M.txt [ Cookie:bleibdoof_2@quartermedia.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\R4GLO2A7.txt [ Cookie:bleibdoof_2@ad.yieldmanager.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DJ0U7HWW.txt [ Cookie:bleibdoof_2@deutschepostag.112.2o7.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\PED255GY.txt [ Cookie:bleibdoof_2@track.adform.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\X31YPBG6.txt [ Cookie:bleibdoof_2@eu.battle.net/account/management/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FLVY4MSL.txt [ Cookie:bleibdoof_2@de.sitestat.com/sport1/sport1-de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\J88MJN58.txt [ Cookie:bleibdoof_2@adserver.gb5.motorpresse.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\H8U2JX94.txt [ Cookie:bleibdoof_2@media.quakelive.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7UFCH2XL.txt [ Cookie:bleibdoof_2@server.adformdsp.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YYSRDN8P.txt [ Cookie:bleibdoof_2@tracking.mobile.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\54NJRHM9.txt [ Cookie:bleibdoof_2@serving-sys.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NWLQ5Z71.txt [ Cookie:bleibdoof_2@interclick.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MW6JQAQ0.txt [ Cookie:bleibdoof_2@at.atwola.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XN0Q53Q8.txt [ Cookie:bleibdoof_2@c.atdmt.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\J1XQUWTD.txt [ Cookie:bleibdoof_2@rw.motorpresse-statistik.de/track/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7ULNEYNB.txt [ Cookie:bleibdoof_2@tribalfusion.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3J1RF54Z.txt [ Cookie:bleibdoof_2@adbrite.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7DYTMT0Y.txt [ Cookie:bleibdoof_2@traffictrack.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\HCXJQKGO.txt [ Cookie:bleibdoof_2@webmasterplan.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XWAMHTAP.txt [ Cookie:bleibdoof_2@unitymediaforum.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DPA4265C.txt [ Cookie:bleibdoof_2@adxpose.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YX62ZNCS.txt [ Cookie:bleibdoof_2@zanox.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FBNNPYN1.txt [ Cookie:bleibdoof_2@www.zanox-affiliate.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\E1QI980R.txt [ Cookie:bleibdoof_2@tracking.mindshare.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MDER849T.txt [ Cookie:bleibdoof_2@ad.adserver01.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VJYERCH9.txt [ Cookie:bleibdoof_2@specificclick.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JWT8T7HZ.txt [ Cookie:bleibdoof_2@lucidmedia.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\L2ARC6SZ.txt [ Cookie:bleibdoof_2@stats.paypal.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\36U3F58H.txt [ Cookie:bleibdoof_2@tracking.quisma.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\8UURHWV2.txt [ Cookie:bleibdoof_2@insightexpressai.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\M2WITR51.txt [ Cookie:bleibdoof_2@server.cpmstar.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5I1FU6JL.txt [ Cookie:bleibdoof_2@adx.chip.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\0NH24ARH.txt [ Cookie:bleibdoof_2@lfstmedia.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\0WZFPFRZ.txt [ Cookie:bleibdoof_2@ww251.smartadserver.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\01P7Z4AU.txt [ Cookie:bleibdoof_2@ad2.adfarm1.adition.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\K71M84HX.txt [ Cookie:bleibdoof_2@autoscout24.112.2o7.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OTQP3THZ.txt [ Cookie:bleibdoof_2@zanox-affiliate.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JW0BITCD.txt [ Cookie:bleibdoof_2@revsci.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LE0O6B1H.txt [ Cookie:bleibdoof_2@amazon-adsystem.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\UAS70JWB.txt [ Cookie:bleibdoof_2@adform.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2S05N8UJ.txt [ Cookie:bleibdoof_2@ad.dyntracker.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJEY6QXJ.txt [ Cookie:bleibdoof_2@adserver.unitedcolo.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7ZHNNISF.txt [ Cookie:bleibdoof_2@de.sitestat.com/idgcom-de/gamestar/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\GTCEEOFY.txt [ Cookie:bleibdoof_2@unitymedia.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RQ1SA9DH.txt [ Cookie:bleibdoof_2@2o7.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9RV4FCK6.txt [ Cookie:bleibdoof_2@ad3.adfarm1.adition.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\APZQJXM7.txt [ Cookie:bleibdoof_2@banner.testberichte.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RK761VHI.txt [ Cookie:bleibdoof_2@www.live-hobby.de/counter/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\S8MEX7CX.txt [ Cookie:bleibdoof_2@clickfuse.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\860F5BMX.txt [ Cookie:bleibdoof_2@liveperson.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BHZM9M4X.txt [ Cookie:bleibdoof_2@www3.smartadserver.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\B5KFUBK3.txt [ Cookie:bleibdoof_2@tracking982.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DEOH2VSM.txt [ Cookie:bleibdoof_2@clicksor.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MWMMD9J5.txt [ Cookie:bleibdoof_2@adformdsp.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JTF38REH.txt [ Cookie:bleibdoof_2@butlers.traffective-tracking.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DARF9OKN.txt [ Cookie:bleibdoof_2@de.at.atwola.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JE3H4UT3.txt [ Cookie:bleibdoof_2@de.sitestat.com/ndr/ndr/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CBIJE4FJ.txt [ Cookie:bleibdoof_2@adinterax.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0GLONOT.txt [ Cookie:bleibdoof_2@liveperson.net/hc/85950269 ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9N2KA8D8.txt [ Cookie:bleibdoof_2@ox-d.ad.repofadvertising.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\8MF04H2H.txt [ Cookie:bleibdoof_2@de.sitestat.com/ndr/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YJ3VN344.txt [ Cookie:bleibdoof_2@mh.motorpresse-statistik.de/track/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2NATXT36.txt [ Cookie:bleibdoof_2@www.googleadservices.com/pagead/conversion/1066625341/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JJJK1P1W.txt [ Cookie:bleibdoof_2@track.effiliation.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WVX6Q14A.txt [ Cookie:bleibdoof_2@account.nokia.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1X4041WL.txt [ Cookie:bleibdoof_2@ru4.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\F305N9AY.txt [ Cookie:bleibdoof_2@bs.serving-sys.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QGBAV4G8.txt [ Cookie:bleibdoof_2@guj.122.2o7.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\S7Z4AVZ9.txt [ Cookie:bleibdoof_2@ad6media.fr/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\H9GT2PTS.txt [ Cookie:bleibdoof_2@questionmarket.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\N0W2P8ZW.txt [ Cookie:bleibdoof_2@e-2dj6afkyglajolp.stats.esomniture.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ITSQS2BO.txt [ Cookie:bleibdoof_2@urbia.wwe-media.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\0ME8EVCX.txt [ Cookie:bleibdoof_2@ad.adnet.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\29JSEI0E.txt [ Cookie:bleibdoof_2@eas.apm.emediate.eu/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LQRV1I68.txt [ Cookie:bleibdoof_2@nextag.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QFNSY6PG.txt [ Cookie:bleibdoof_2@www.traffective-tracking.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\T0FD0YRH.txt [ Cookie:bleibdoof_2@collective-media.net/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2K9NIKAH.txt [ Cookie:bleibdoof_2@www.republicofadvertising.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FVURY3HZ.txt [ Cookie:bleibdoof_2@e-2dj6wjkywjdjicq.stats.esomniture.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WTUAAV4F.txt [ Cookie:bleibdoof_2@www.usenext.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JT966NLE.txt [ Cookie:bleibdoof_2@in.getclicky.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WS3OMY37.txt [ Cookie:bleibdoof_2@gs-media.de/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4D4SYYA4.txt [ Cookie:bleibdoof_2@partners.webmasterplan.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QIIHAGM3.txt [ Cookie:bleibdoof_2@www.googleadservices.com/pagead/conversion/1024107808/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\M8PCDIXB.txt [ Cookie:bleibdoof_2@track.effiliation.com/servlet/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKHV703B.txt [ Cookie:bleibdoof_2@de-fourmedia.videoplaza.tv/proxy/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\N91JK2BG.txt [ Cookie:bleibdoof_2@www.googleadservices.com/pagead/conversion/1036980325/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9CYW4PQA.txt [ Cookie:bleibdoof_2@tomtailor.dyntracker.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4O00R7IE.txt [ Cookie:bleibdoof_2@kontera.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VG8P0135.txt [ Cookie:bleibdoof_2@myroitracking.com/ ]
C:\USERS\BLEIBDOOF_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\T90D52X3.txt [ Cookie:bleibdoof_2@traveladvertising.com/ ]
C:\USERS\BLEIBDOOF_2\Cookies\5G0247FX.txt [ Cookie:bleibdoof_2@serving-sys.com/ ]
C:\USERS\BLEIBDOOF_2\Cookies\T485UXVS.txt [ Cookie:bleibdoof_2@bs.serving-sys.com/ ]
C:\USERS\BLEIBDOOF_2\Cookies\092F4VMO.txt [ Cookie:bleibdoof_2@gs-media.de/ ]
|
|
31.07.2012, 10:18
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Sieht ok aus, da wurden nur Cookies gefunden, und ein Schädling in der OTL-Q der da gut aufgehoben und so harmlos ist. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.08.2012, 21:54
| #27 |
| | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Moin! Danke für die Hinweise, ich werde den Hinweis mit der Hosts Datei befolgen und weiter hin immer den gesamten Browser löschen lassen. Viel bookmarken usw. tue ich eh nicht und die paar Websiten, die ich besuche, immer wieder einzuhacken, ist echt nicht wild. Ansonsten habe ich keine weiteren Meldung bekommen, alles läuft unauffällig. Eine Frage hätte ich aber noch: Ich habe jetzt ja Unmengen von Programmen installiert /benutzt, die dies und das geprüft haben (bekommt mal als Laie ja kaum zusammen). Macht es Sinn davon einige für regelmäßige Prüfungen installiert zu lassen (zusätzlich zum "Standard" AV Programm)? Wenn ja welche? MWB, Superantispyware, Spybot Search and Destroy... oder gar alle? mfg! |
|
03.08.2012, 18:18
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => http://www.adobe.com/products/flashp...ribution3.html Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.08.2012, 20:03
| #29 |
| | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen Guten Abend! Hatte doch wirklich eine Woche den Rechner nicht an und dadurch die Antwort verpennt! Dann noch mal abschließend vielen Dank für die Hilfe und die Raschläge und Tips. Auch generell beeindruckend wie vielen Leuten hier zeitgleich mit Rat und Tat zur Seite gestanden wird - top  Spende geht raus! |
|
14.08.2012, 14:00
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen |
| autorun, battle.net, call of duty, ebanking, einstellung, excel, fehler, flash player, format, google, home, html/iframe.b.gen, install.exe, langs, ms security essentials, neu aufgesetzt, object, plug-in, realtek, registry, richtlinie, safer networking, scan, searchscopes, security, software, svchost.exe, system, win32/injector.cb, win32/injector.txa, win64/sirefef.ab, win64/sirefef.m, win64/sirefef.w, windows, ändern |
Linear-Darstellung
