| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Polizei Cyber Crime bla bla - ÖsterreichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.09.2012, 12:51
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Polizei Cyber Crime bla bla - Österreich Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.09.2012, 21:32
| #17 |
 | Polizei Cyber Crime bla bla - Österreich Normaler Windowsstart unter User: MARK
__________________Scan ausgeführt -> Log Code:
ATTFilter 22:28:00.0973 3276 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:28:01.0176 3276 ============================================================
22:28:01.0176 3276 Current date / time: 2012/09/24 22:28:01.0176
22:28:01.0176 3276 SystemInfo:
22:28:01.0176 3276
22:28:01.0176 3276 OS Version: 6.1.7601 ServicePack: 1.0
22:28:01.0176 3276 Product type: Workstation
22:28:01.0176 3276 ComputerName: MARK-PC
22:28:01.0176 3276 UserName: Mark
22:28:01.0176 3276 Windows directory: C:\Windows
22:28:01.0176 3276 System windows directory: C:\Windows
22:28:01.0176 3276 Running under WOW64
22:28:01.0176 3276 Processor architecture: Intel x64
22:28:01.0176 3276 Number of processors: 2
22:28:01.0176 3276 Page size: 0x1000
22:28:01.0176 3276 Boot type: Normal boot
22:28:01.0176 3276 ============================================================
22:28:01.0739 3276 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
22:28:01.0759 3276 Drive \Device\Harddisk0\DR0 - Size: 0xE8E1300000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:28:01.0759 3276 ============================================================
22:28:01.0759 3276 \Device\Harddisk1\DR1:
22:28:01.0759 3276 MBR partitions:
22:28:01.0759 3276 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:28:01.0759 3276 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
22:28:01.0759 3276 \Device\Harddisk0\DR0:
22:28:01.0759 3276 MBR partitions:
22:28:01.0759 3276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74708800
22:28:01.0759 3276 ============================================================
22:28:01.0769 3276 C: <-> \Device\Harddisk1\DR1\Partition2
22:28:01.0849 3276 D: <-> \Device\Harddisk0\DR0\Partition1
22:28:01.0849 3276 ============================================================
22:28:01.0849 3276 Initialize success
22:28:01.0849 3276 ============================================================
22:28:43.0449 2692 ============================================================
22:28:43.0449 2692 Scan started
22:28:43.0449 2692 Mode: Manual; SigCheck; TDLFS;
22:28:43.0449 2692 ============================================================
22:28:43.0698 2692 ================ Scan system memory ========================
22:28:43.0698 2692 System memory - ok
22:28:43.0698 2692 ================ Scan services =============================
22:28:43.0745 2692 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:28:43.0776 2692 1394ohci - ok
22:28:43.0792 2692 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:28:43.0792 2692 ACPI - ok
22:28:43.0808 2692 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:28:43.0823 2692 AcpiPmi - ok
22:28:43.0823 2692 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:28:43.0839 2692 AdobeARMservice - ok
22:28:43.0854 2692 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:28:43.0870 2692 AdobeFlashPlayerUpdateSvc - ok
22:28:43.0886 2692 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:28:43.0886 2692 adp94xx - ok
22:28:43.0901 2692 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:28:43.0917 2692 adpahci - ok
22:28:43.0917 2692 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:28:43.0932 2692 adpu320 - ok
22:28:43.0932 2692 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:28:43.0995 2692 AeLookupSvc - ok
22:28:44.0010 2692 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:28:44.0026 2692 AFD - ok
22:28:44.0026 2692 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:28:44.0026 2692 agp440 - ok
22:28:44.0042 2692 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:28:44.0057 2692 ALG - ok
22:28:44.0057 2692 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:28:44.0057 2692 aliide - ok
22:28:44.0057 2692 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:28:44.0073 2692 amdide - ok
22:28:44.0073 2692 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:28:44.0088 2692 AmdK8 - ok
22:28:44.0088 2692 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:28:44.0104 2692 AmdPPM - ok
22:28:44.0104 2692 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:28:44.0104 2692 amdsata - ok
22:28:44.0120 2692 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:28:44.0120 2692 amdsbs - ok
22:28:44.0135 2692 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:28:44.0135 2692 amdxata - ok
22:28:44.0135 2692 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:28:44.0151 2692 AntiVirSchedulerService - ok
22:28:44.0151 2692 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:28:44.0166 2692 AntiVirService - ok
22:28:44.0166 2692 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:28:44.0229 2692 AppID - ok
22:28:44.0229 2692 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:28:44.0244 2692 AppIDSvc - ok
22:28:44.0260 2692 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:28:44.0276 2692 Appinfo - ok
22:28:44.0291 2692 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:28:44.0291 2692 AppMgmt - ok
22:28:44.0307 2692 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:28:44.0307 2692 arc - ok
22:28:44.0307 2692 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:28:44.0322 2692 arcsas - ok
22:28:44.0322 2692 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:28:44.0354 2692 AsyncMac - ok
22:28:44.0354 2692 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:28:44.0369 2692 atapi - ok
22:28:44.0369 2692 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:28:44.0400 2692 AudioEndpointBuilder - ok
22:28:44.0416 2692 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:28:44.0447 2692 AudioSrv - ok
22:28:44.0447 2692 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:28:44.0463 2692 avgntflt - ok
22:28:44.0478 2692 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:28:44.0478 2692 avipbb - ok
22:28:44.0478 2692 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:28:44.0494 2692 avkmgr - ok
22:28:44.0494 2692 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:28:44.0510 2692 AxInstSV - ok
22:28:44.0525 2692 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:28:44.0525 2692 b06bdrv - ok
22:28:44.0541 2692 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:28:44.0556 2692 b57nd60a - ok
22:28:44.0556 2692 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:28:44.0572 2692 BDESVC - ok
22:28:44.0572 2692 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:28:44.0588 2692 Beep - ok
22:28:44.0619 2692 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:28:44.0650 2692 BFE - ok
22:28:44.0666 2692 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:28:44.0697 2692 BITS - ok
22:28:44.0697 2692 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:28:44.0712 2692 blbdrive - ok
22:28:44.0712 2692 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:28:44.0728 2692 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
22:28:44.0728 2692 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
22:28:44.0728 2692 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:28:44.0744 2692 bowser - ok
22:28:44.0744 2692 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:28:44.0744 2692 BrFiltLo - ok
22:28:44.0759 2692 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:28:44.0759 2692 BrFiltUp - ok
22:28:44.0775 2692 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
22:28:44.0790 2692 Browser - ok
22:28:44.0806 2692 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:28:44.0806 2692 Brserid - ok
22:28:44.0822 2692 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:28:44.0822 2692 BrSerWdm - ok
22:28:44.0837 2692 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:28:44.0837 2692 BrUsbMdm - ok
22:28:44.0853 2692 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:28:44.0853 2692 BrUsbSer - ok
22:28:44.0853 2692 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:28:44.0868 2692 BTHMODEM - ok
22:28:44.0868 2692 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:28:44.0900 2692 bthserv - ok
22:28:44.0900 2692 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:28:44.0931 2692 cdfs - ok
22:28:44.0931 2692 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:28:44.0946 2692 cdrom - ok
22:28:44.0946 2692 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:28:44.0978 2692 CertPropSvc - ok
22:28:44.0978 2692 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:28:44.0993 2692 circlass - ok
22:28:44.0993 2692 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:28:45.0009 2692 CLFS - ok
22:28:45.0009 2692 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:28:45.0024 2692 clr_optimization_v2.0.50727_32 - ok
22:28:45.0024 2692 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:28:45.0040 2692 clr_optimization_v2.0.50727_64 - ok
22:28:45.0040 2692 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:28:45.0056 2692 clr_optimization_v4.0.30319_32 - ok
22:28:45.0056 2692 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:28:45.0071 2692 clr_optimization_v4.0.30319_64 - ok
22:28:45.0071 2692 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:28:45.0071 2692 CmBatt - ok
22:28:45.0087 2692 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:28:45.0087 2692 cmdide - ok
22:28:45.0102 2692 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
22:28:45.0118 2692 CNG - ok
22:28:45.0118 2692 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:28:45.0134 2692 Compbatt - ok
22:28:45.0134 2692 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:28:45.0149 2692 CompositeBus - ok
22:28:45.0149 2692 COMSysApp - ok
22:28:45.0149 2692 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:28:45.0165 2692 crcdisk - ok
22:28:45.0165 2692 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:28:45.0196 2692 CryptSvc - ok
22:28:45.0196 2692 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:28:45.0212 2692 CSC - ok
22:28:45.0227 2692 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:28:45.0243 2692 CscService - ok
22:28:45.0258 2692 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:28:45.0290 2692 DcomLaunch - ok
22:28:45.0290 2692 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:28:45.0321 2692 defragsvc - ok
22:28:45.0321 2692 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:28:45.0352 2692 DfsC - ok
22:28:45.0352 2692 [ 113212D25D0C9BB8901A9833774DA97F ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
22:28:45.0352 2692 dg_ssudbus - ok
22:28:45.0368 2692 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:28:45.0399 2692 Dhcp - ok
22:28:45.0399 2692 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:28:45.0414 2692 discache - ok
22:28:45.0430 2692 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:28:45.0430 2692 Disk - ok
22:28:45.0430 2692 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
22:28:45.0446 2692 dmvsc - ok
22:28:45.0446 2692 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:28:45.0461 2692 Dnscache - ok
22:28:45.0461 2692 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:28:45.0492 2692 dot3svc - ok
22:28:45.0492 2692 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:28:45.0524 2692 DPS - ok
22:28:45.0524 2692 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:28:45.0539 2692 drmkaud - ok
22:28:45.0539 2692 [ 50AAD2A07BD8B90A8CFB4F6D7A4D165A ] DSI_SiUSBXp_3_1 C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
22:28:45.0555 2692 DSI_SiUSBXp_3_1 - ok
22:28:45.0570 2692 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:28:45.0586 2692 DXGKrnl - ok
22:28:45.0617 2692 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
22:28:45.0617 2692 E1G60 - ok
22:28:45.0617 2692 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:28:45.0648 2692 EapHost - ok
22:28:45.0695 2692 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:28:45.0758 2692 ebdrv - ok
22:28:45.0773 2692 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:28:45.0773 2692 EFS - ok
22:28:45.0789 2692 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:28:45.0804 2692 ehRecvr - ok
22:28:45.0820 2692 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:28:45.0820 2692 ehSched - ok
22:28:45.0836 2692 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:28:45.0851 2692 elxstor - ok
22:28:45.0851 2692 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:28:45.0851 2692 ErrDev - ok
22:28:45.0867 2692 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
22:28:45.0867 2692 esgiguard - ok
22:28:45.0882 2692 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:28:45.0914 2692 EventSystem - ok
22:28:45.0914 2692 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:28:45.0945 2692 exfat - ok
22:28:45.0945 2692 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:28:45.0976 2692 fastfat - ok
22:28:45.0992 2692 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:28:46.0007 2692 Fax - ok
22:28:46.0007 2692 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:28:46.0007 2692 fdc - ok
22:28:46.0023 2692 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:28:46.0038 2692 fdPHost - ok
22:28:46.0054 2692 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:28:46.0070 2692 FDResPub - ok
22:28:46.0085 2692 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:28:46.0085 2692 FileInfo - ok
22:28:46.0085 2692 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:28:46.0116 2692 Filetrace - ok
22:28:46.0132 2692 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:28:46.0132 2692 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:28:46.0132 2692 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:28:46.0148 2692 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:28:46.0148 2692 flpydisk - ok
22:28:46.0163 2692 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:28:46.0163 2692 FltMgr - ok
22:28:46.0179 2692 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:28:46.0210 2692 FontCache - ok
22:28:46.0210 2692 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:28:46.0210 2692 FontCache3.0.0.0 - ok
22:28:46.0226 2692 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:28:46.0226 2692 FsDepends - ok
22:28:46.0226 2692 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:28:46.0241 2692 Fs_Rec - ok
22:28:46.0241 2692 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:28:46.0257 2692 fvevol - ok
22:28:46.0257 2692 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:28:46.0272 2692 gagp30kx - ok
22:28:46.0272 2692 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:28:46.0272 2692 GEARAspiWDM - ok
22:28:46.0272 2692 [ 022807B149127B8FAA3DBEB13A7D9B41 ] GenericMount C:\Windows\system32\DRIVERS\GenericMount.sys
22:28:46.0288 2692 GenericMount - ok
22:28:46.0304 2692 [ 33F0619AFBA455581916B1E3DC84B109 ] GenericMount Helper Service C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
22:28:46.0335 2692 GenericMount Helper Service - ok
22:28:46.0350 2692 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:28:46.0382 2692 gpsvc - ok
22:28:46.0382 2692 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:28:46.0397 2692 gupdate - ok
22:28:46.0397 2692 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:28:46.0397 2692 gupdatem - ok
22:28:46.0413 2692 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:28:46.0413 2692 hcw85cir - ok
22:28:46.0428 2692 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:28:46.0444 2692 HdAudAddService - ok
22:28:46.0444 2692 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:28:46.0460 2692 HDAudBus - ok
22:28:46.0460 2692 [ 62FB29642745DD290910BFD79537FCE0 ] HH10Help.sys C:\Windows\system32\drivers\HH10Help.sys
22:28:46.0460 2692 HH10Help.sys - ok
22:28:46.0460 2692 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:28:46.0475 2692 HidBatt - ok
22:28:46.0475 2692 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:28:46.0491 2692 HidBth - ok
22:28:46.0491 2692 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:28:46.0506 2692 HidIr - ok
22:28:46.0506 2692 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:28:46.0538 2692 hidserv - ok
22:28:46.0538 2692 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:28:46.0553 2692 HidUsb - ok
22:28:46.0553 2692 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:28:46.0584 2692 hkmsvc - ok
22:28:46.0600 2692 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:28:46.0616 2692 HomeGroupListener - ok
22:28:46.0616 2692 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:28:46.0631 2692 HomeGroupProvider - ok
22:28:46.0631 2692 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:28:46.0631 2692 HpSAMD - ok
22:28:46.0647 2692 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:28:46.0678 2692 HTTP - ok
22:28:46.0694 2692 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:28:46.0694 2692 hwpolicy - ok
22:28:46.0694 2692 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:28:46.0709 2692 i8042prt - ok
22:28:46.0709 2692 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:28:46.0725 2692 iaStorV - ok
22:28:46.0740 2692 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:28:46.0756 2692 idsvc - ok
22:28:46.0756 2692 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:28:46.0772 2692 iirsp - ok
22:28:46.0787 2692 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:28:46.0818 2692 IKEEXT - ok
22:28:46.0818 2692 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:28:46.0834 2692 intelide - ok
22:28:46.0834 2692 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:28:46.0850 2692 intelppm - ok
22:28:46.0850 2692 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:28:46.0881 2692 IPBusEnum - ok
22:28:46.0881 2692 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:28:46.0896 2692 IpFilterDriver - ok
22:28:46.0912 2692 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:28:46.0943 2692 iphlpsvc - ok
22:28:46.0943 2692 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:28:46.0959 2692 IPMIDRV - ok
22:28:46.0959 2692 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:28:46.0990 2692 IPNAT - ok
22:28:46.0990 2692 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:28:47.0006 2692 IRENUM - ok
22:28:47.0006 2692 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:28:47.0006 2692 isapnp - ok
22:28:47.0021 2692 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:28:47.0021 2692 iScsiPrt - ok
22:28:47.0037 2692 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:28:47.0037 2692 kbdclass - ok
22:28:47.0037 2692 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:28:47.0052 2692 kbdhid - ok
22:28:47.0052 2692 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:28:47.0068 2692 KeyIso - ok
22:28:47.0068 2692 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:28:47.0068 2692 KSecDD - ok
22:28:47.0084 2692 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:28:47.0084 2692 KSecPkg - ok
22:28:47.0099 2692 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:28:47.0115 2692 ksthunk - ok
22:28:47.0130 2692 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:28:47.0162 2692 KtmRm - ok
22:28:47.0162 2692 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:28:47.0193 2692 LanmanServer - ok
22:28:47.0193 2692 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:28:47.0224 2692 LanmanWorkstation - ok
22:28:47.0255 2692 [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
22:28:47.0318 2692 LiveUpdate - ok
22:28:47.0318 2692 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:28:47.0333 2692 lltdio - ok
22:28:47.0349 2692 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:28:47.0380 2692 lltdsvc - ok
22:28:47.0380 2692 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:28:47.0411 2692 lmhosts - ok
22:28:47.0411 2692 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:28:47.0411 2692 LSI_FC - ok
22:28:47.0427 2692 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:28:47.0427 2692 LSI_SAS - ok
22:28:47.0427 2692 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:28:47.0442 2692 LSI_SAS2 - ok
22:28:47.0442 2692 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:28:47.0458 2692 LSI_SCSI - ok
22:28:47.0458 2692 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:28:47.0489 2692 luafv - ok
22:28:47.0489 2692 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:28:47.0489 2692 Mcx2Svc - ok
22:28:47.0505 2692 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:28:47.0505 2692 megasas - ok
22:28:47.0520 2692 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:28:47.0520 2692 MegaSR - ok
22:28:47.0536 2692 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:28:47.0536 2692 Microsoft Office Groove Audit Service - ok
22:28:47.0536 2692 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:28:47.0567 2692 MMCSS - ok
22:28:47.0567 2692 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:28:47.0598 2692 Modem - ok
22:28:47.0614 2692 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:28:47.0614 2692 monitor - ok
22:28:47.0630 2692 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:28:47.0630 2692 mouclass - ok
22:28:47.0630 2692 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:28:47.0645 2692 mouhid - ok
22:28:47.0645 2692 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:28:47.0661 2692 mountmgr - ok
22:28:47.0661 2692 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:28:47.0661 2692 MozillaMaintenance - ok
22:28:47.0676 2692 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:28:47.0676 2692 mpio - ok
22:28:47.0692 2692 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:28:47.0708 2692 mpsdrv - ok
22:28:47.0723 2692 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:28:47.0754 2692 MpsSvc - ok
22:28:47.0754 2692 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:28:47.0770 2692 MRxDAV - ok
22:28:47.0786 2692 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:28:47.0786 2692 mrxsmb - ok
22:28:47.0801 2692 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:28:47.0801 2692 mrxsmb10 - ok
22:28:47.0817 2692 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:28:47.0817 2692 mrxsmb20 - ok
22:28:47.0817 2692 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:28:47.0832 2692 msahci - ok
22:28:47.0832 2692 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:28:47.0848 2692 msdsm - ok
22:28:47.0848 2692 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:28:47.0864 2692 MSDTC - ok
22:28:47.0864 2692 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:28:47.0895 2692 Msfs - ok
22:28:47.0895 2692 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:28:47.0926 2692 mshidkmdf - ok
22:28:47.0926 2692 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:28:47.0926 2692 msisadrv - ok
22:28:47.0942 2692 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:28:47.0957 2692 MSiSCSI - ok
22:28:47.0957 2692 msiserver - ok
22:28:47.0973 2692 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:28:47.0988 2692 MSKSSRV - ok
22:28:47.0988 2692 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:28:48.0020 2692 MSPCLOCK - ok
22:28:48.0020 2692 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:28:48.0051 2692 MSPQM - ok
22:28:48.0051 2692 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:28:48.0066 2692 MsRPC - ok
22:28:48.0066 2692 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:28:48.0082 2692 mssmbios - ok
22:28:48.0082 2692 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:28:48.0113 2692 MSTEE - ok
22:28:48.0113 2692 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:28:48.0113 2692 MTConfig - ok
22:28:48.0129 2692 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:28:48.0129 2692 MTsensor - ok
22:28:48.0129 2692 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:28:48.0144 2692 Mup - ok
22:28:48.0144 2692 [ 42AB117AB98AC93F487B2913EE4FBDD8 ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys
22:28:48.0160 2692 mv61xx - ok
22:28:48.0160 2692 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:28:48.0191 2692 napagent - ok
22:28:48.0191 2692 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:28:48.0207 2692 NativeWifiP - ok
22:28:48.0222 2692 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:28:48.0254 2692 NDIS - ok
22:28:48.0254 2692 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:28:48.0269 2692 NdisCap - ok
22:28:48.0285 2692 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:28:48.0300 2692 NdisTapi - ok
22:28:48.0300 2692 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:28:48.0332 2692 Ndisuio - ok
22:28:48.0332 2692 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:28:48.0363 2692 NdisWan - ok
22:28:48.0363 2692 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:28:48.0394 2692 NDProxy - ok
22:28:48.0394 2692 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:28:48.0425 2692 NetBIOS - ok
22:28:48.0425 2692 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:28:48.0456 2692 NetBT - ok
22:28:48.0456 2692 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:28:48.0456 2692 Netlogon - ok
22:28:48.0472 2692 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:28:48.0503 2692 Netman - ok
22:28:48.0503 2692 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:28:48.0534 2692 netprofm - ok
22:28:48.0534 2692 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:28:48.0550 2692 NetTcpPortSharing - ok
22:28:48.0550 2692 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:28:48.0566 2692 nfrd960 - ok
22:28:48.0566 2692 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:28:48.0597 2692 NlaSvc - ok
22:28:48.0659 2692 [ 4AD196A3CFA4D546068E24477A720948 ] Norton Ghost C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
22:28:48.0706 2692 Norton Ghost - ok
22:28:48.0722 2692 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:28:48.0737 2692 Npfs - ok
22:28:48.0737 2692 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:28:48.0768 2692 nsi - ok
22:28:48.0768 2692 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:28:48.0800 2692 nsiproxy - ok
22:28:48.0815 2692 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:28:48.0862 2692 Ntfs - ok
22:28:48.0862 2692 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:28:48.0878 2692 Null - ok
22:28:49.0065 2692 [ B34E9BFBD9C61048EF6281C3E7EC210A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:28:49.0205 2692 nvlddmkm - ok
22:28:49.0205 2692 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:28:49.0221 2692 nvraid - ok
22:28:49.0221 2692 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:28:49.0236 2692 nvstor - ok
22:28:49.0252 2692 [ DFDA089BB2CD0FF7E789E2EF6BA1E4BA ] nvsvc C:\Windows\system32\nvvsvc.exe
22:28:49.0268 2692 nvsvc - ok
22:28:49.0299 2692 [ E7818CD4FB51284C948D68A7A85A69B8 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:28:49.0330 2692 nvUpdatusService - ok
22:28:49.0330 2692 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:28:49.0346 2692 nv_agp - ok
22:28:49.0346 2692 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:28:49.0361 2692 odserv - ok
22:28:49.0361 2692 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:28:49.0377 2692 ohci1394 - ok
22:28:49.0377 2692 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:28:49.0392 2692 ose - ok
22:28:49.0424 2692 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:28:49.0455 2692 p2pimsvc - ok
22:28:49.0470 2692 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:28:49.0486 2692 p2psvc - ok
22:28:49.0502 2692 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:28:49.0502 2692 Parport - ok
22:28:49.0502 2692 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:28:49.0517 2692 partmgr - ok
22:28:49.0517 2692 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:28:49.0533 2692 PcaSvc - ok
22:28:49.0548 2692 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:28:49.0548 2692 pci - ok
22:28:49.0548 2692 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:28:49.0564 2692 pciide - ok
22:28:49.0564 2692 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:28:49.0580 2692 pcmcia - ok
22:28:49.0595 2692 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:28:49.0595 2692 pcw - ok
22:28:49.0611 2692 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:28:49.0642 2692 PEAUTH - ok
22:28:49.0673 2692 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:28:49.0689 2692 PeerDistSvc - ok
22:28:49.0720 2692 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:28:49.0736 2692 PerfHost - ok
22:28:49.0751 2692 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:28:49.0798 2692 pla - ok
22:28:49.0798 2692 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:28:49.0814 2692 PlugPlay - ok
22:28:49.0829 2692 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:28:49.0829 2692 PNRPAutoReg - ok
22:28:49.0845 2692 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:28:49.0845 2692 PNRPsvc - ok
22:28:49.0860 2692 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:28:49.0892 2692 PolicyAgent - ok
22:28:49.0892 2692 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:28:49.0923 2692 Power - ok
22:28:49.0923 2692 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:28:49.0954 2692 PptpMiniport - ok
22:28:49.0954 2692 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:28:49.0970 2692 Processor - ok
22:28:49.0970 2692 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
22:28:50.0001 2692 ProfSvc - ok
22:28:50.0001 2692 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:28:50.0016 2692 ProtectedStorage - ok
22:28:50.0016 2692 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:28:50.0032 2692 Psched - ok
22:28:50.0063 2692 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:28:50.0094 2692 ql2300 - ok
22:28:50.0094 2692 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:28:50.0110 2692 ql40xx - ok
22:28:50.0110 2692 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:28:50.0126 2692 QWAVE - ok
22:28:50.0126 2692 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:28:50.0141 2692 QWAVEdrv - ok
22:28:50.0141 2692 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:28:50.0172 2692 RasAcd - ok
22:28:50.0172 2692 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:28:50.0204 2692 RasAgileVpn - ok
22:28:50.0204 2692 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:28:50.0235 2692 RasAuto - ok
22:28:50.0235 2692 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:28:50.0266 2692 Rasl2tp - ok
22:28:50.0266 2692 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:28:50.0297 2692 RasMan - ok
22:28:50.0297 2692 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:28:50.0328 2692 RasPppoe - ok
22:28:50.0328 2692 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:28:50.0360 2692 RasSstp - ok
22:28:50.0360 2692 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:28:50.0391 2692 rdbss - ok
22:28:50.0391 2692 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:28:50.0406 2692 rdpbus - ok
22:28:50.0406 2692 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:28:50.0422 2692 RDPCDD - ok
22:28:50.0438 2692 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:28:50.0438 2692 RDPDR - ok
22:28:50.0453 2692 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:28:50.0469 2692 RDPENCDD - ok
22:28:50.0469 2692 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:28:50.0500 2692 RDPREFMP - ok
22:28:50.0500 2692 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:28:50.0516 2692 RdpVideoMiniport - ok
22:28:50.0516 2692 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:28:50.0547 2692 RDPWD - ok
22:28:50.0547 2692 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:28:50.0562 2692 rdyboost - ok
22:28:50.0562 2692 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:28:50.0594 2692 RemoteAccess - ok
22:28:50.0609 2692 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:28:50.0640 2692 RemoteRegistry - ok
22:28:50.0640 2692 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:28:50.0672 2692 RpcEptMapper - ok
22:28:50.0672 2692 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:28:50.0687 2692 RpcLocator - ok
22:28:50.0687 2692 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:28:50.0718 2692 RpcSs - ok
22:28:50.0718 2692 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:28:50.0750 2692 rspndr - ok
22:28:50.0750 2692 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:28:50.0765 2692 s3cap - ok
22:28:50.0765 2692 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:28:50.0765 2692 SamSs - ok
22:28:50.0781 2692 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:28:50.0781 2692 sbp2port - ok
22:28:50.0781 2692 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:28:50.0812 2692 SCardSvr - ok
22:28:50.0812 2692 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:28:50.0843 2692 scfilter - ok
22:28:50.0859 2692 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:28:50.0890 2692 Schedule - ok
22:28:50.0906 2692 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:28:50.0921 2692 SCPolicySvc - ok
22:28:50.0921 2692 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:28:50.0937 2692 SDRSVC - ok
22:28:50.0937 2692 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:28:50.0968 2692 secdrv - ok
22:28:50.0968 2692 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:28:50.0999 2692 seclogon - ok
22:28:50.0999 2692 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:28:51.0030 2692 SENS - ok
22:28:51.0030 2692 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:28:51.0030 2692 SensrSvc - ok
22:28:51.0046 2692 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:28:51.0046 2692 Serenum - ok
22:28:51.0046 2692 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:28:51.0062 2692 Serial - ok
22:28:51.0062 2692 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:28:51.0077 2692 sermouse - ok
22:28:51.0077 2692 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:28:51.0108 2692 SessionEnv - ok
22:28:51.0108 2692 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:28:51.0124 2692 sffdisk - ok
22:28:51.0124 2692 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:28:51.0140 2692 sffp_mmc - ok
22:28:51.0140 2692 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:28:51.0155 2692 sffp_sd - ok
22:28:51.0155 2692 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:28:51.0171 2692 sfloppy - ok
22:28:51.0171 2692 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:28:51.0202 2692 SharedAccess - ok
22:28:51.0202 2692 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:28:51.0233 2692 ShellHWDetection - ok
22:28:51.0233 2692 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:28:51.0249 2692 SiSRaid2 - ok
22:28:51.0249 2692 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:28:51.0249 2692 SiSRaid4 - ok
22:28:51.0264 2692 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:28:51.0280 2692 Smb - ok
22:28:51.0296 2692 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:28:51.0296 2692 SNMPTRAP - ok
22:28:51.0311 2692 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:28:51.0311 2692 spldr - ok
22:28:51.0327 2692 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
22:28:51.0342 2692 Spooler - ok
22:28:51.0405 2692 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:28:51.0452 2692 sppsvc - ok
22:28:51.0467 2692 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:28:51.0483 2692 sppuinotify - ok
22:28:51.0498 2692 [ 2ED464C8CBC399E69FBF776A8EBC3302 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
22:28:51.0514 2692 SpyHunter 4 Service - ok
22:28:51.0530 2692 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:28:51.0545 2692 srv - ok
22:28:51.0545 2692 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:28:51.0561 2692 srv2 - ok
22:28:51.0561 2692 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:28:51.0576 2692 srvnet - ok
22:28:51.0576 2692 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:28:51.0608 2692 SSDPSRV - ok
22:28:51.0623 2692 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:28:51.0639 2692 SstpSvc - ok
22:28:51.0654 2692 [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
22:28:51.0654 2692 ssudmdm - ok
22:28:51.0654 2692 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:28:51.0670 2692 stexstor - ok
22:28:51.0670 2692 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:28:51.0701 2692 stisvc - ok
22:28:51.0701 2692 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:28:51.0701 2692 storflt - ok
22:28:51.0717 2692 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:28:51.0717 2692 StorSvc - ok
22:28:51.0732 2692 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:28:51.0732 2692 storvsc - ok
22:28:51.0732 2692 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:28:51.0748 2692 swenum - ok
22:28:51.0748 2692 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:28:51.0779 2692 swprv - ok
22:28:51.0795 2692 Symantec SymSnap VSS Provider - ok
22:28:51.0795 2692 [ 2D9B2746F7DEA46D1572B84A06311566 ] symsnap C:\Windows\system32\DRIVERS\symsnap.sys
22:28:51.0795 2692 symsnap - ok
22:28:51.0842 2692 [ EA1A479651CA2E0409C29D586C91901D ] SymSnapService C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
22:28:51.0888 2692 SymSnapService - ok
22:28:51.0904 2692 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
22:28:51.0904 2692 Synth3dVsc - ok
22:28:51.0935 2692 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:28:51.0966 2692 SysMain - ok
22:28:51.0966 2692 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:28:51.0982 2692 TabletInputService - ok
22:28:51.0998 2692 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:28:52.0013 2692 TapiSrv - ok
22:28:52.0029 2692 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:28:52.0044 2692 TBS - ok
22:28:52.0076 2692 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:28:52.0107 2692 Tcpip - ok
22:28:52.0138 2692 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:28:52.0169 2692 TCPIP6 - ok
22:28:52.0169 2692 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:28:52.0185 2692 tcpipreg - ok
22:28:52.0200 2692 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:28:52.0216 2692 TDPIPE - ok
22:28:52.0232 2692 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:28:52.0247 2692 TDTCP - ok
22:28:52.0247 2692 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:28:52.0278 2692 tdx - ok
22:28:52.0278 2692 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:28:52.0294 2692 TermDD - ok
22:28:52.0294 2692 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
22:28:52.0310 2692 terminpt - ok
22:28:52.0310 2692 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:28:52.0341 2692 TermService - ok
22:28:52.0356 2692 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:28:52.0356 2692 Themes - ok
22:28:52.0372 2692 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:28:52.0388 2692 THREADORDER - ok
22:28:52.0403 2692 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:28:52.0419 2692 TrkWks - ok
22:28:52.0434 2692 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:28:52.0450 2692 TrustedInstaller - ok
22:28:52.0466 2692 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:28:52.0481 2692 tssecsrv - ok
22:28:52.0481 2692 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:28:52.0497 2692 TsUsbFlt - ok
22:28:52.0497 2692 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:28:52.0512 2692 TsUsbGD - ok
22:28:52.0512 2692 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
22:28:52.0528 2692 tsusbhub - ok
22:28:52.0528 2692 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:28:52.0544 2692 tunnel - ok
22:28:52.0559 2692 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:28:52.0559 2692 uagp35 - ok
22:28:52.0575 2692 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:28:52.0590 2692 udfs - ok
22:28:52.0606 2692 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:28:52.0622 2692 UI0Detect - ok
22:28:52.0622 2692 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:28:52.0637 2692 uliagpkx - ok
22:28:52.0637 2692 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:28:52.0637 2692 umbus - ok
22:28:52.0653 2692 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:28:52.0653 2692 UmPass - ok
22:28:52.0668 2692 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:28:52.0668 2692 UmRdpService - ok
22:28:52.0684 2692 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:28:52.0715 2692 upnphost - ok
22:28:52.0715 2692 [ 6C2722BE0F364A712EAE2D044D154AFA ] USB28xxBGA C:\Windows\system32\DRIVERS\emBDA64.sys
22:28:52.0731 2692 USB28xxBGA - ok
22:28:52.0746 2692 [ A6B0331E9C839F6A671FC240D5027DBD ] USB28xxOEM C:\Windows\system32\DRIVERS\emOEM64.sys
22:28:52.0762 2692 USB28xxOEM - ok
22:28:52.0762 2692 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:28:52.0778 2692 usbaudio - ok
22:28:52.0778 2692 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:28:52.0793 2692 usbccgp - ok
22:28:52.0793 2692 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:28:52.0809 2692 usbcir - ok
22:28:52.0809 2692 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:28:52.0824 2692 usbehci - ok
22:28:52.0824 2692 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:28:52.0840 2692 usbhub - ok
22:28:52.0840 2692 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:28:52.0856 2692 usbohci - ok
22:28:52.0856 2692 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:28:52.0871 2692 usbprint - ok
22:28:52.0871 2692 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:28:52.0871 2692 USBSTOR - ok
22:28:52.0887 2692 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:28:52.0887 2692 usbuhci - ok
22:28:52.0902 2692 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:28:52.0918 2692 UxSms - ok
22:28:52.0918 2692 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:28:52.0934 2692 VaultSvc - ok
22:28:52.0934 2692 [ 30CCEB1007F68D3EB80D4751D2A6BA86 ] VC10SecS C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
22:28:52.0949 2692 VC10SecS - ok
22:28:52.0949 2692 [ F0FAF3FB9B138F8CAFB65ECFFE9F4AB6 ] vcd10bus C:\Windows\system32\DRIVERS\vcd10bus.sys
22:28:52.0949 2692 vcd10bus - ok
22:28:52.0965 2692 Suspicious service (NoAccess): vdrv1000
22:28:52.0965 2692 [ 1AC97D99886D17004FF97823331CC9D6 ] vdrv1000 C:\Windows\system32\DRIVERS\vdrv1000.sys
22:28:52.0965 2692 vdrv1000 ( LockedService.Multi.Generic ) - warning
22:28:52.0965 2692 vdrv1000 - detected LockedService.Multi.Generic (1)
22:28:52.0965 2692 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:28:52.0980 2692 vdrvroot - ok
22:28:52.0980 2692 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:28:53.0012 2692 vds - ok
22:28:53.0012 2692 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:28:53.0027 2692 vga - ok
22:28:53.0027 2692 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:28:53.0058 2692 VgaSave - ok
22:28:53.0058 2692 VGPU - ok
22:28:53.0058 2692 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:28:53.0074 2692 vhdmp - ok
22:28:53.0074 2692 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:28:53.0090 2692 viaide - ok
22:28:53.0090 2692 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:28:53.0105 2692 vmbus - ok
22:28:53.0105 2692 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:28:53.0105 2692 VMBusHID - ok
22:28:53.0121 2692 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:28:53.0121 2692 volmgr - ok
22:28:53.0136 2692 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:28:53.0136 2692 volmgrx - ok
22:28:53.0152 2692 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:28:53.0152 2692 volsnap - ok
22:28:53.0168 2692 [ 8B7454930230DB4BC4BA35A467BE09AA ] VProEventMonitor C:\Windows\system32\DRIVERS\vproeventmonitor.sys
22:28:53.0168 2692 VProEventMonitor - ok
22:28:53.0168 2692 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:28:53.0183 2692 vsmraid - ok
22:28:53.0199 2692 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:28:53.0246 2692 VSS - ok
22:28:53.0246 2692 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:28:53.0261 2692 vwifibus - ok
22:28:53.0277 2692 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:28:53.0308 2692 W32Time - ok
22:28:53.0308 2692 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:28:53.0308 2692 WacomPen - ok
22:28:53.0324 2692 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:28:53.0339 2692 WANARP - ok
22:28:53.0339 2692 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:28:53.0370 2692 Wanarpv6 - ok
22:28:53.0386 2692 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:28:53.0417 2692 WatAdminSvc - ok
22:28:53.0433 2692 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:28:53.0464 2692 wbengine - ok
22:28:53.0480 2692 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:28:53.0480 2692 WbioSrvc - ok
22:28:53.0495 2692 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:28:53.0511 2692 wcncsvc - ok
22:28:53.0511 2692 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:28:53.0526 2692 WcsPlugInService - ok
22:28:53.0526 2692 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:28:53.0542 2692 Wd - ok
22:28:53.0542 2692 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:28:53.0573 2692 Wdf01000 - ok
22:28:53.0573 2692 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:28:53.0604 2692 WdiServiceHost - ok
22:28:53.0604 2692 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:28:53.0620 2692 WdiSystemHost - ok
22:28:53.0636 2692 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:28:53.0651 2692 WebClient - ok
22:28:53.0651 2692 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:28:53.0682 2692 Wecsvc - ok
22:28:53.0682 2692 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:28:53.0714 2692 wercplsupport - ok
22:28:53.0714 2692 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:28:53.0745 2692 WerSvc - ok
22:28:53.0745 2692 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:28:53.0760 2692 WfpLwf - ok
22:28:53.0776 2692 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
22:28:53.0776 2692 WimFltr - ok
22:28:53.0792 2692 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:28:53.0792 2692 WIMMount - ok
22:28:53.0792 2692 WinDefend - ok
22:28:53.0792 2692 WinHttpAutoProxySvc - ok
22:28:53.0807 2692 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:28:53.0838 2692 Winmgmt - ok
22:28:53.0870 2692 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:28:53.0916 2692 WinRM - ok
22:28:53.0916 2692 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:28:53.0932 2692 WinUsb - ok
22:28:53.0948 2692 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:28:53.0963 2692 Wlansvc - ok
22:28:53.0979 2692 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
22:28:53.0979 2692 WmBEnum - ok
22:28:53.0979 2692 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
22:28:53.0994 2692 WmFilter - ok
22:28:53.0994 2692 [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
22:28:53.0994 2692 WmHidLo - ok
22:28:53.0994 2692 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:28:54.0010 2692 WmiAcpi - ok
22:28:54.0010 2692 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:28:54.0026 2692 wmiApSrv - ok
22:28:54.0026 2692 WMPNetworkSvc - ok
22:28:54.0041 2692 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
22:28:54.0041 2692 WmVirHid - ok
22:28:54.0041 2692 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
22:28:54.0041 2692 WmXlCore - ok
22:28:54.0057 2692 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:28:54.0057 2692 WPCSvc - ok
22:28:54.0072 2692 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:28:54.0072 2692 WPDBusEnum - ok
22:28:54.0088 2692 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:28:54.0104 2692 ws2ifsl - ok
22:28:54.0104 2692 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:28:54.0119 2692 wscsvc - ok
22:28:54.0119 2692 WSearch - ok
22:28:54.0166 2692 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:28:54.0213 2692 wuauserv - ok
22:28:54.0213 2692 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:28:54.0244 2692 WudfPf - ok
22:28:54.0244 2692 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:28:54.0275 2692 WUDFRd - ok
22:28:54.0275 2692 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:28:54.0291 2692 wudfsvc - ok
22:28:54.0306 2692 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:28:54.0322 2692 WwanSvc - ok
22:28:54.0322 2692 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:28:54.0338 2692 yukonw7 - ok
22:28:54.0353 2692 ================ Scan global ===============================
22:28:54.0353 2692 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:28:54.0353 2692 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:28:54.0369 2692 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:28:54.0369 2692 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:28:54.0384 2692 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:28:54.0384 2692 [Global] - ok
22:28:54.0384 2692 ================ Scan MBR ==================================
22:28:54.0384 2692 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:28:54.0462 2692 \Device\Harddisk1\DR1 - ok
22:28:54.0494 2692 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:28:54.0743 2692 \Device\Harddisk0\DR0 - ok
22:28:54.0743 2692 ================ Scan VBR ==================================
22:28:54.0743 2692 [ A0DC57DAA0E5AF9CBEC061353A7B257E ] \Device\Harddisk1\DR1\Partition1
22:28:54.0743 2692 \Device\Harddisk1\DR1\Partition1 - ok
22:28:54.0743 2692 [ 05AB4E1F3D5693D7CF518291623941BE ] \Device\Harddisk1\DR1\Partition2
22:28:54.0759 2692 \Device\Harddisk1\DR1\Partition2 - ok
22:28:54.0759 2692 [ 2BD9B8B4BC6B7AF093511B8852DF8247 ] \Device\Harddisk0\DR0\Partition1
22:28:54.0759 2692 \Device\Harddisk0\DR0\Partition1 - ok
22:28:54.0759 2692 ============================================================
22:28:54.0759 2692 Scan finished
22:28:54.0759 2692 ============================================================
22:28:54.0759 1900 Detected object count: 3
22:28:54.0759 1900 Actual detected object count: 3
22:29:12.0730 1900 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:12.0730 1900 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:12.0730 1900 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:12.0730 1900 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:12.0730 1900 vdrv1000 ( LockedService.Multi.Generic ) - skipped by user
22:29:12.0730 1900 vdrv1000 ( LockedService.Multi.Generic ) - User select action: Skip
Grüße Mark |
|
25.09.2012, 10:59
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Cyber Crime bla bla - Österreich Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
25.09.2012, 22:21
| #19 |
| | Polizei Cyber Crime bla bla - Österreich ComboFix durchgeführt. Combofix Logfile: Code:
ATTFilter ComboFix 12-09-24.03 - Mark 25.09.2012 23:08:16.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.43.1031.18.4095.3137 [GMT 2:00]
ausgeführt von:: c:\users\Mark\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\FFSJ
c:\users\Administrator\AppData\Roaming\FFSJ\FFSJ.cfg
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-25 bis 2012-09-25 ))))))))))))))))))))))))))))))
.
.
2012-09-25 21:11 . 2012-09-25 21:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-23 18:09 . 2012-09-23 18:09 -------- d-----w- C:\_OTL
2012-09-21 10:06 . 2012-09-21 10:06 -------- d-----w- c:\program files (x86)\ESET
2012-09-20 19:53 . 2012-09-20 19:53 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2012-09-20 19:53 . 2012-09-20 19:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-20 19:53 . 2012-09-20 19:53 -------- d-----w- c:\programdata\Malwarebytes
2012-09-20 19:53 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 18:35 . 2012-09-20 18:35 -------- d-----w- C:\sh4ldr
2012-09-20 18:35 . 2012-09-20 18:35 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
2012-09-20 18:35 . 2012-09-20 18:35 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
2012-09-20 18:35 . 2012-09-20 18:35 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
2012-09-20 18:35 . 2012-09-20 18:35 -------- d-----w- c:\program files\Enigma Software Group
2012-09-20 18:22 . 2012-09-20 18:22 -------- d-----w- c:\users\Mark\AppData\Local\Macromedia
2012-09-17 20:06 . 2012-09-18 23:02 -------- d-----w- c:\users\Administrator\AppData\Local\PMB Files
2012-09-17 20:06 . 2012-09-17 20:06 -------- d-----w- c:\programdata\PMB Files
2012-09-17 20:05 . 2012-09-17 20:05 -------- d-----w- c:\program files (x86)\Pando Networks
2012-09-16 21:22 . 2012-09-16 21:22 -------- d-----w- c:\program files (x86)\GOG.com
2012-09-16 16:51 . 2012-09-16 16:51 -------- d-----w- c:\windows\system32\appmgmt
2012-09-02 18:20 . 2012-09-02 18:20 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 10:55 . 2012-09-02 10:55 -------- d-----w- c:\programdata\McAfee
2012-09-01 15:58 . 2012-09-01 16:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\Summer Challenge
2012-09-01 15:19 . 2012-09-01 15:23 -------- d-----w- c:\program files (x86)\Summer Challenge
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 15:42 . 2011-10-20 17:15 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-15 15:42 . 2002-01-03 10:28 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-02 18:20 . 2011-11-21 17:48 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-05 20:06 . 2012-07-15 12:15 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2011-12-05 18:51 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-15 348664]
"VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2010-06-17 411464]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2009-10-01 2596712]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-11 296056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 250568]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-21 1571336]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2009-07-09 24088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-20 1255736]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2010-05-21 223256]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2010-06-17 144712]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-21 54320]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-09-21 2963960]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2002-01-03 15:42]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 08:31]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 08:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://orf.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\d64g7yzn.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Gothic - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-25 23:15:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-25 21:15
.
Vor Suchlauf: 17 Verzeichnis(se), 10.026.549.248 Bytes frei
Nach Suchlauf: 9.236.254.720 Bytes frei
.
- - End Of File - - 00CE1F5AC27408189583CEBACF6586E5
|
|
26.09.2012, 14:11
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Cyber Crime bla bla - ÖsterreichCode:
ATTFilter Microsoft Windows 7 Enterprise 6.1.7601.1.1252.43.1031.18.4095.3137 [GMT 2:00]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.09.2012, 14:49
| #21 |
| | Polizei Cyber Crime bla bla - Österreich Warum eigentlich eine Enterprise Edition? Woher hast du die? Warum nicht? Alles unter Prof. kannst im Netzwerkbetrieb ja eh vergessen, Und durch das MSDN-Abo war halt die Enterprise vorhanden. Um nochmal auf eine meiner Fragen zurückzukommen die du mir leider noch nicht beantwortet hast: Gibt es aufgrund des Trojaners Risiken für diverse Passwörter oder nicht? (Wäre doch ein beträchtlicher Aufwand alle zu ändern!) |
|
26.09.2012, 16:13
| #22 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Cyber Crime bla bla - ÖsterreichZitat:
 Ist jetzt twar nicht unbedingt das Thema, aber was bitte kansnst du mit einer HomeEdition vergessen im Netzwerk? Wer brauchst privat das Domänenfeature?  Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.09.2012, 17:30
| #23 |
| | Polizei Cyber Crime bla bla - Österreich Hi, für Home-User die in ihrem "Netzwerk" gerade mal einen Router, einen Drucker und 2-3 Clients betreiben mag ja die Home-Edt. ausreichend sein aber da ich auch Linuxserver betreibe kommt bei mir halt nur etwas ab Prof. in Frage um mich an dem DC anzumelden. Ausserdem gibt es noch einige alte Spielchen und Tools die den XP-Mode benötigen. (bin ja eigentlich in der Linux-Welt zu Hause, aber zum Spielen kommt man an Win einfach nicht vorbei) Aber wie du richtig geschrieben hast gehört dies hier nicht hin! Wie gehts nun weiter? lg mark |
|
27.09.2012, 11:57
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Cyber Crime bla bla - ÖsterreichZitat:
 Enterprise bzw. Professional Edition nur durch den Betrieb eines Linuxservers zu begründen ist so irgendwie auch ein wenig schräg und nicht nachvollziehbar  Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.09.2012, 19:33
| #25 |
| | Polizei Cyber Crime bla bla - Österreich Hallo, alle scans ohne Probleme durchgeführt. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-27 20:19:53
Windows 6.1.7601 Service Pack 1
Running: hir8zrrz.exe
---- Services - GMER 1.0.15 ----
Service system32\DRIVERS\vdrv1000.sys (*** hidden *** ) [SYSTEM] vdrv1000 <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary C:\Windows\system32\drivers\VDRV1000.SYS
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group SCSI Miniport
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag 65
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0 {C317464A-8106-4e30-83E6-1825448A5FC3}\VDRV1_HWID\1&21a742e4&0&01
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@ServiceBinary C:\Windows\system32\drivers\VDRV1000.SYS
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Tag 65
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@0 {C317464A-8106-4e30-83E6-1825448A5FC3}\VDRV1_HWID\1&21a742e4&0&01
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface@0 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\security (not active ControlSet)
---- EOF - GMER 1.0.15 ----
OSAM-Log Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-27 20:24:51
-----------------------------
20:24:51.945 OS Version: Windows x64 6.1.7601 Service Pack 1
20:24:51.945 Number of processors: 2 586 0x1706
20:24:51.945 ComputerName: MARK-PC UserName: Mark
20:24:52.211 Initialize success
20:27:32.278 AVAST engine defs: 12092700
20:27:37.770 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:27:37.770 Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8
20:27:37.770 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\mv61xx1Port1Path0Target0Lun0
20:27:37.770 Disk 1 Vendor: PLEXTOR_ Size: 122104MB BusType: 8
20:27:37.770 Disk 1 MBR read successfully
20:27:37.770 Disk 1 MBR scan
20:27:37.785 Disk 1 Windows 7 default MBR code
20:27:37.785 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:27:37.785 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
20:27:37.801 Disk 1 scanning C:\Windows\system32\drivers
20:27:40.702 Service scanning
20:27:46.443 Service vdrv1000 C:\Windows\system32\DRIVERS\vdrv1000.sys **LOCKED**
20:27:47.816 Modules scanning
20:27:47.816 Disk 1 trace - called modules:
20:27:47.832 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll mv61xx.sys
20:27:47.832 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004cc5060]
20:27:47.832 3 CLASSPNP.SYS[fffff88001b7843f] -> nt!IofCallDriver -> \Device\Scsi\mv61xx1Port1Path0Target0Lun0[0xfffffa8003c20050]
20:27:48.159 AVAST engine scan C:\Windows
20:27:48.814 AVAST engine scan C:\Windows\system32
20:28:52.634 AVAST engine scan C:\Windows\system32\drivers
20:28:56.082 AVAST engine scan C:\Users\Mark
20:29:02.977 AVAST engine scan C:\ProgramData
20:29:07.797 Scan finished successfully
20:29:23.897 Disk 1 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
20:29:23.897 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"
|
|
27.09.2012, 20:52
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Cyber Crime bla bla - Österreich Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 14:09
| #27 |
| | Polizei Cyber Crime bla bla - Österreich Hi, beide Scans durchgeführt! mbam-log: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.28.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Mark :: MARK-PC [Administrator] 28.09.2012 13:37:15 mbam-log-2012-09-28 (15-05-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 373239 Laufzeit: 9 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\_OTL\MovedFiles\09232012_200951\C_Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\62abefef-626fe813 (Trojan.Ransom) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/28/2012 at 03:32 AM
Application Version : 5.5.1022
Core Rules Database Version : 9305
Trace Rules Database Version: 7117
Scan type : Complete Scan
Total Scan Time : 02:19:33
Operating System Information
Windows 7 Enterprise 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 551
Memory threats detected : 0
Registry items scanned : 67395
Registry threats detected : 0
File items scanned : 141395
File threats detected : 334
Adware.Tracking Cookie
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\L0F9H6J1.txt [ /ad4.adfarm1.adition.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\94A0K9S4.txt [ /casalemedia.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\HPQWTG17.txt [ /histats.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\GGYE9GF2.txt [ /zanox.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\J4ASPVNB.txt [ /doubleclick.net ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\45BDUK6C.txt [ /adtech.de ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\097S6A32.txt [ /ad.360yield.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\G13IVILB.txt [ /adbrite.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\R4ABYKFD.txt [ /questionmarket.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\08PCOV1F.txt [ /ad.zanox.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\FK8S5XAG.txt [ /rts.pgmediaserve.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\N40CR2VS.txt [ /serving-sys.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\C6UKUJVY.txt [ /mm.chitika.net ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\4AARXTFL.txt [ /tracker.vinsight.de ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\SJY92M0B.txt [ /zedo.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\1SXPBARO.txt [ /ad.yieldmanager.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\4GHPO574.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\T0JYFOO3.txt [ /revsci.net ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\H608HXST.txt [ /mediaplex.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\9PWWG5R7.txt [ /adfarm1.adition.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\V13V1ZM1.txt [ /c.atdmt.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\EZEWY2U6.txt [ /ads.creative-serving.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\H2ZC6RH4.txt [ /adx.chip.de ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\V1O6QIRV.txt [ /webmasterplan.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\A51V8QO2.txt [ /adx2.chip.de ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\HHB1P706.txt [ /fastclick.net ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\8CPEL4K3.txt [ /tradedoubler.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\7YCFU0MW.txt [ /apmebf.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\ILUAHDIK.txt [ /ad.ad-srv.net ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\IFVPHFRX.txt [ /invitemedia.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\O765R8O2.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\T9RRE486.txt [ /www.zanox-affiliate.de ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\HN8T2F41.txt [ /tracking.quisma.com ]
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\XAYSPW5D.txt [ /atdmt.com ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\JQ9I5EHQ.txt [ Cookie:administrator@apmebf.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\9UIKBX6Y.txt [ Cookie:administrator@atdmt.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\JICY1Z1E.txt [ Cookie:administrator@ero-advertising.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\6G5L4O1X.txt [ Cookie:administrator@adtech.de/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\DNNWLYMK.txt [ Cookie:administrator@adviva.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\QEOK41OH.txt [ Cookie:administrator@tradedoubler.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\GFCABZV0.txt [ Cookie:administrator@partypoker.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\VWJ37A53.txt [ Cookie:administrator@xm.xtendmedia.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\K4UBFBN1.txt [ Cookie:administrator@paypal.112.2o7.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\FMACJI50.txt [ Cookie:administrator@ru4.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\C1WV3FU0.txt [ Cookie:administrator@amazon-adsystem.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\Z1ER5UD4.txt [ Cookie:administrator@ad3.adfarm1.adition.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\7A3I9BLH.txt [ Cookie:administrator@partners.webmasterplan.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\J8R29ZDN.txt [ Cookie:administrator@specificclick.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\D0KBUHOD.txt [ Cookie:administrator@ad4.adfarm1.adition.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\S8731703.txt [ Cookie:administrator@revsci.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\RBBW711J.txt [ Cookie:administrator@webmasterplan.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\XS1A4PNP.txt [ Cookie:administrator@ad.zanox.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\DUANQYHX.txt [ Cookie:administrator@tracking.quisma.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\AM6IW8FS.txt [ Cookie:administrator@tacoda.at.atwola.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\93TWPN45.txt [ Cookie:administrator@eas4.emediate.eu/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\61PA6IX0.txt [ Cookie:administrator@yadro.ru/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\YAZU6S3X.txt [ Cookie:administrator@at.atwola.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\ZB8TGV5S.txt [ Cookie:administrator@tomtailor.dyntracker.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\3CJT59AC.txt [ Cookie:administrator@ad.piximedia.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\40QMA4WB.txt [ Cookie:administrator@adultfriendfinder.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\VRQUP0BU.txt [ Cookie:administrator@adfarm1.adition.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\QTX4OURT.txt [ Cookie:administrator@ad2.adfarm1.adition.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\6MKKO6RV.txt [ Cookie:administrator@track.effiliation.com/servlet/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\AAPMXAGA.txt [ Cookie:administrator@im.banner.t-online.de/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\C32CA2WR.txt [ Cookie:administrator@content.yieldmanager.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\TKJCVAMK.txt [ Cookie:administrator@atwola.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\2RA1A1N0.txt [ Cookie:administrator@butlers.traffective-tracking.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\W5UZVB1I.txt [ Cookie:administrator@doubleclick.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\FFRRAXMN.txt [ Cookie:administrator@questionmarket.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\0239GQ7R.txt [ Cookie:administrator@serving-sys.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\WVOH3L3Y.txt [ Cookie:administrator@tracking.mindshare.de/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\K11KYX0A.txt [ Cookie:administrator@ad.adserver01.de/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\EJC2WTAC.txt [ Cookie:administrator@account.frogster-online.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\3OWNCUUG.txt [ Cookie:administrator@conrad.122.2o7.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\1W0ZM1JL.txt [ Cookie:administrator@fastclick.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\0SDWJF3H.txt [ Cookie:administrator@mediaplex.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\GJUH2UPC.txt [ Cookie:administrator@e-2dj6wflokodzcho.stats.esomniture.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\JXYA10I4.txt [ Cookie:administrator@www.zanox-affiliate.de/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\4MDRC40H.txt [ Cookie:administrator@ads.crakmedia.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\SPIPCYI5.txt [ Cookie:administrator@ar.atwola.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\25XZYM47.txt [ Cookie:administrator@zedo.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\JQEFASRG.txt [ Cookie:administrator@ad.yieldmanager.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\YPUBJYT3.txt [ Cookie:administrator@www.remedia.biz/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\PSZ1EAZH.txt [ Cookie:administrator@de.partypoker.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\LNJHO3WU.txt [ Cookie:administrator@track.effiliation.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\KQ3WKFKG.txt [ Cookie:administrator@track.adform.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\9FRZ1O4Q.txt [ Cookie:administrator@smartadserver.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\C5T3MZWO.txt [ Cookie:administrator@rts.pgmediaserve.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\SM70Y1HW.txt [ Cookie:administrator@adform.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\XAYU7JWP.txt [ Cookie:administrator@banner.electronic4you.at/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\ZINUR252.txt [ Cookie:administrator@openx.sexsearch.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\79VXIMLR.txt [ Cookie:administrator@fl01.ct2.comclick.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\2UTN9XHW.txt [ Cookie:administrator@media6degrees.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\JI2CVT5D.txt [ Cookie:administrator@adserver.adtechus.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\3KHW6BAM.txt [ Cookie:administrator@xiti.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\OPZQD3QI.txt [ Cookie:administrator@www.googleadservices.com/pagead/conversion/1014923382/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\EB4QQL8V.txt [ Cookie:administrator@adbrite.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\8Y7JO32F.txt [ Cookie:administrator@www.etracker.de/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\MDMREMT1.txt [ Cookie:administrator@e-2dj6wfkokgcpkhq.stats.esomniture.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\WVPFU82B.txt [ Cookie:administrator@ads2.zeusclicks.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\4HSE04FV.txt [ Cookie:administrator@autoscout24.112.2o7.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\2V7LMQWA.txt [ Cookie:administrator@2o7.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\55PNHBHZ.txt [ Cookie:administrator@www.mediamarkt.at/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\25XWGYOF.txt [ Cookie:administrator@adformdsp.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\IHQZLG8R.txt [ Cookie:administrator@server.adformdsp.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\QW00A2O2.txt [ Cookie:administrator@server.adform.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\WCB3KXVS.txt [ Cookie:administrator@eas.apm.emediate.eu/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\IM25Z387.txt [ Cookie:administrator@7.rotator.wigetmedia.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\HEEFSNG1.txt [ Cookie:administrator@welcome.hp.com/country/at/de/cs/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\OFLE2AIA.txt [ Cookie:administrator@labelfinder.vogue.de/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\LFRSO0NQ.txt [ Cookie:administrator@advertising.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\6I9ASW1O.txt [ Cookie:administrator@ad1.adfarm1.adition.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\0AWJPU98.txt [ Cookie:administrator@ww251.smartadserver.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\IFO1XLCF.txt [ Cookie:administrator@stats.paypal.com/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\Z5T2AEOE.txt [ Cookie:administrator@de.sitestat.com/idgcom-de/pcwelt/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\V9QI5G89.txt [ Cookie:administrator@stats.bmw.de/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\DRQ5MCBP.txt [ Cookie:administrator@adnetwork.net/ ]
C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\LR79N3O8.txt [ Cookie:administrator@tracker.vinsight.de/ ]
C:\USERS\ADMINISTRATOR\Cookies\JQ9I5EHQ.txt [ Cookie:administrator@apmebf.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\9UIKBX6Y.txt [ Cookie:administrator@atdmt.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\JICY1Z1E.txt [ Cookie:administrator@ero-advertising.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\6G5L4O1X.txt [ Cookie:administrator@adtech.de/ ]
C:\USERS\ADMINISTRATOR\Cookies\DNNWLYMK.txt [ Cookie:administrator@adviva.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\QEOK41OH.txt [ Cookie:administrator@tradedoubler.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\GFCABZV0.txt [ Cookie:administrator@partypoker.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\VWJ37A53.txt [ Cookie:administrator@xm.xtendmedia.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\K4UBFBN1.txt [ Cookie:administrator@paypal.112.2o7.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\FMACJI50.txt [ Cookie:administrator@ru4.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\C1WV3FU0.txt [ Cookie:administrator@amazon-adsystem.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\Z1ER5UD4.txt [ Cookie:administrator@ad3.adfarm1.adition.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\7A3I9BLH.txt [ Cookie:administrator@partners.webmasterplan.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\J8R29ZDN.txt [ Cookie:administrator@specificclick.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\D0KBUHOD.txt [ Cookie:administrator@ad4.adfarm1.adition.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\S8731703.txt [ Cookie:administrator@revsci.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\RBBW711J.txt [ Cookie:administrator@webmasterplan.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\XS1A4PNP.txt [ Cookie:administrator@ad.zanox.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\DUANQYHX.txt [ Cookie:administrator@tracking.quisma.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\AM6IW8FS.txt [ Cookie:administrator@tacoda.at.atwola.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\93TWPN45.txt [ Cookie:administrator@eas4.emediate.eu/ ]
C:\USERS\ADMINISTRATOR\Cookies\61PA6IX0.txt [ Cookie:administrator@yadro.ru/ ]
C:\USERS\ADMINISTRATOR\Cookies\YAZU6S3X.txt [ Cookie:administrator@at.atwola.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\ZB8TGV5S.txt [ Cookie:administrator@tomtailor.dyntracker.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\3CJT59AC.txt [ Cookie:administrator@ad.piximedia.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\40QMA4WB.txt [ Cookie:administrator@adultfriendfinder.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\VRQUP0BU.txt [ Cookie:administrator@adfarm1.adition.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\QTX4OURT.txt [ Cookie:administrator@ad2.adfarm1.adition.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\6MKKO6RV.txt [ Cookie:administrator@track.effiliation.com/servlet/ ]
C:\USERS\ADMINISTRATOR\Cookies\AAPMXAGA.txt [ Cookie:administrator@im.banner.t-online.de/ ]
C:\USERS\ADMINISTRATOR\Cookies\C32CA2WR.txt [ Cookie:administrator@content.yieldmanager.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\TKJCVAMK.txt [ Cookie:administrator@atwola.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\2RA1A1N0.txt [ Cookie:administrator@butlers.traffective-tracking.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\W5UZVB1I.txt [ Cookie:administrator@doubleclick.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\FFRRAXMN.txt [ Cookie:administrator@questionmarket.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\0239GQ7R.txt [ Cookie:administrator@serving-sys.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\WVOH3L3Y.txt [ Cookie:administrator@tracking.mindshare.de/ ]
C:\USERS\ADMINISTRATOR\Cookies\K11KYX0A.txt [ Cookie:administrator@ad.adserver01.de/ ]
C:\USERS\ADMINISTRATOR\Cookies\EJC2WTAC.txt [ Cookie:administrator@account.frogster-online.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\3OWNCUUG.txt [ Cookie:administrator@conrad.122.2o7.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\1W0ZM1JL.txt [ Cookie:administrator@fastclick.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\0SDWJF3H.txt [ Cookie:administrator@mediaplex.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\GJUH2UPC.txt [ Cookie:administrator@e-2dj6wflokodzcho.stats.esomniture.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\JXYA10I4.txt [ Cookie:administrator@www.zanox-affiliate.de/ ]
C:\USERS\ADMINISTRATOR\Cookies\4MDRC40H.txt [ Cookie:administrator@ads.crakmedia.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\SPIPCYI5.txt [ Cookie:administrator@ar.atwola.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\25XZYM47.txt [ Cookie:administrator@zedo.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\JQEFASRG.txt [ Cookie:administrator@ad.yieldmanager.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\YPUBJYT3.txt [ Cookie:administrator@www.remedia.biz/ ]
C:\USERS\ADMINISTRATOR\Cookies\PSZ1EAZH.txt [ Cookie:administrator@de.partypoker.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\LNJHO3WU.txt [ Cookie:administrator@track.effiliation.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\KQ3WKFKG.txt [ Cookie:administrator@track.adform.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\9FRZ1O4Q.txt [ Cookie:administrator@smartadserver.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\C5T3MZWO.txt [ Cookie:administrator@rts.pgmediaserve.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\SM70Y1HW.txt [ Cookie:administrator@adform.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\XAYU7JWP.txt [ Cookie:administrator@banner.electronic4you.at/ ]
C:\USERS\ADMINISTRATOR\Cookies\ZINUR252.txt [ Cookie:administrator@openx.sexsearch.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\79VXIMLR.txt [ Cookie:administrator@fl01.ct2.comclick.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\2UTN9XHW.txt [ Cookie:administrator@media6degrees.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\JI2CVT5D.txt [ Cookie:administrator@adserver.adtechus.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\3KHW6BAM.txt [ Cookie:administrator@xiti.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\OPZQD3QI.txt [ Cookie:administrator@www.googleadservices.com/pagead/conversion/1014923382/ ]
C:\USERS\ADMINISTRATOR\Cookies\EB4QQL8V.txt [ Cookie:administrator@adbrite.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\8Y7JO32F.txt [ Cookie:administrator@www.etracker.de/ ]
C:\USERS\ADMINISTRATOR\Cookies\MDMREMT1.txt [ Cookie:administrator@e-2dj6wfkokgcpkhq.stats.esomniture.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\WVPFU82B.txt [ Cookie:administrator@ads2.zeusclicks.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\4HSE04FV.txt [ Cookie:administrator@autoscout24.112.2o7.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\2V7LMQWA.txt [ Cookie:administrator@2o7.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\55PNHBHZ.txt [ Cookie:administrator@www.mediamarkt.at/ ]
C:\USERS\ADMINISTRATOR\Cookies\25XWGYOF.txt [ Cookie:administrator@adformdsp.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\IHQZLG8R.txt [ Cookie:administrator@server.adformdsp.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\QW00A2O2.txt [ Cookie:administrator@server.adform.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\WCB3KXVS.txt [ Cookie:administrator@eas.apm.emediate.eu/ ]
C:\USERS\ADMINISTRATOR\Cookies\IM25Z387.txt [ Cookie:administrator@7.rotator.wigetmedia.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\HEEFSNG1.txt [ Cookie:administrator@welcome.hp.com/country/at/de/cs/ ]
C:\USERS\ADMINISTRATOR\Cookies\OFLE2AIA.txt [ Cookie:administrator@labelfinder.vogue.de/ ]
C:\USERS\ADMINISTRATOR\Cookies\LFRSO0NQ.txt [ Cookie:administrator@advertising.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\6I9ASW1O.txt [ Cookie:administrator@ad1.adfarm1.adition.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\0AWJPU98.txt [ Cookie:administrator@ww251.smartadserver.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\IFO1XLCF.txt [ Cookie:administrator@stats.paypal.com/ ]
C:\USERS\ADMINISTRATOR\Cookies\Z5T2AEOE.txt [ Cookie:administrator@de.sitestat.com/idgcom-de/pcwelt/ ]
C:\USERS\ADMINISTRATOR\Cookies\V9QI5G89.txt [ Cookie:administrator@stats.bmw.de/ ]
C:\USERS\ADMINISTRATOR\Cookies\DRQ5MCBP.txt [ Cookie:administrator@adnetwork.net/ ]
C:\USERS\ADMINISTRATOR\Cookies\LR79N3O8.txt [ Cookie:administrator@tracker.vinsight.de/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\439T074Q.txt [ Cookie:mark@ad4.adfarm1.adition.com/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\PD7OGYR2.txt [ Cookie:mark@zanox.com/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\YUG4ZNCI.txt [ Cookie:mark@serving-sys.com/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\L9XZ6B4M.txt [ Cookie:mark@xiti.com/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\JZ6GNR57.txt [ Cookie:mark@adform.net/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\LT8RMGNY.txt [ Cookie:mark@ad.yieldmanager.com/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\YFA1WZMV.txt [ Cookie:mark@ad2.adfarm1.adition.com/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\8UK3A5LQ.txt [ Cookie:mark@mediaplex.com/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\14VBX1BI.txt [ Cookie:mark@adfarm1.adition.com/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\CWFDYGDW.txt [ Cookie:mark@skydeutschland.122.2o7.net/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\2SL2A3WW.txt [ Cookie:mark@msnportal.112.2o7.net/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\4G9Q9UI9.txt [ Cookie:mark@tradedoubler.com/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\4H8E0P1I.txt [ Cookie:mark@bs.serving-sys.com/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\L2OAX6BL.txt [ Cookie:mark@invitemedia.com/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\08RODK1F.txt [ Cookie:mark@tracking.quisma.com/ ]
C:\USERS\MARK\AppData\Roaming\Microsoft\Windows\Cookies\Low\KLY8Y2I9.txt [ Cookie:mark@atdmt.com/ ]
C:\USERS\MARK\Cookies\L0F9H6J1.txt [ Cookie:mark@ad4.adfarm1.adition.com/ ]
C:\USERS\MARK\Cookies\94A0K9S4.txt [ Cookie:mark@casalemedia.com/ ]
C:\USERS\MARK\Cookies\GGYE9GF2.txt [ Cookie:mark@zanox.com/ ]
C:\USERS\MARK\Cookies\G13IVILB.txt [ Cookie:mark@adbrite.com/ ]
C:\USERS\MARK\Cookies\R4ABYKFD.txt [ Cookie:mark@questionmarket.com/ ]
C:\USERS\MARK\Cookies\FK8S5XAG.txt [ Cookie:mark@rts.pgmediaserve.com/ ]
C:\USERS\MARK\Cookies\N40CR2VS.txt [ Cookie:mark@serving-sys.com/ ]
C:\USERS\MARK\Cookies\4AARXTFL.txt [ Cookie:mark@tracker.vinsight.de/ ]
C:\USERS\MARK\Cookies\SJY92M0B.txt [ Cookie:mark@zedo.com/ ]
C:\USERS\MARK\Cookies\1SXPBARO.txt [ Cookie:mark@ad.yieldmanager.com/ ]
C:\USERS\MARK\Cookies\4GHPO574.txt [ Cookie:mark@ad2.adfarm1.adition.com/ ]
C:\USERS\MARK\Cookies\T0JYFOO3.txt [ Cookie:mark@revsci.net/ ]
C:\USERS\MARK\Cookies\H608HXST.txt [ Cookie:mark@mediaplex.com/ ]
C:\USERS\MARK\Cookies\9PWWG5R7.txt [ Cookie:mark@adfarm1.adition.com/ ]
C:\USERS\MARK\Cookies\H2ZC6RH4.txt [ Cookie:mark@adx.chip.de/ ]
C:\USERS\MARK\Cookies\V1O6QIRV.txt [ Cookie:mark@webmasterplan.com/ ]
C:\USERS\MARK\Cookies\A51V8QO2.txt [ Cookie:mark@adx2.chip.de/ ]
C:\USERS\MARK\Cookies\HHB1P706.txt [ Cookie:mark@fastclick.net/ ]
C:\USERS\MARK\Cookies\8CPEL4K3.txt [ Cookie:mark@tradedoubler.com/ ]
C:\USERS\MARK\Cookies\YKM5Z3SD.txt [ Cookie:mark@de.youporn.com/ ]
C:\USERS\MARK\Cookies\IFVPHFRX.txt [ Cookie:mark@invitemedia.com/ ]
C:\USERS\MARK\Cookies\O765R8O2.txt [ Cookie:mark@ad3.adfarm1.adition.com/ ]
C:\USERS\MARK\Cookies\T9RRE486.txt [ Cookie:mark@www.zanox-affiliate.de/ ]
C:\USERS\MARK\Cookies\HN8T2F41.txt [ Cookie:mark@tracking.quisma.com/ ]
C:\USERS\MARK\Cookies\XAYSPW5D.txt [ Cookie:mark@atdmt.com/ ]
banners.securedataimages.com [ D:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L8GXQ2KL ]
D:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ADMINISTRATOR@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]
banners.securedataimages.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
cdn1.eyewonder.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
cdn5.specificclick.net [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
de.mediaplanet.streamingbolaget.se [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
ds.serving-sys.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
googleads.g.doubleclick.net [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
ia.media-imdb.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
m1.2mdn.net [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
media.erstebankliga.at [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
media.jaludo.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
media.podaddies.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
media.socialvibe.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
media1.break.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
naiadsystems.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
objects.tremormedia.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
secure-uk.imrworldwide.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
spe.atdmt.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
track.webgains.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
www.euros4click.de [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
www.rondomedia.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
www.youporncams.com [ D:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JRVWYUJ6 ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@247REALMEDIA[2].TXT [ /247REALMEDIA ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@2O7[1].TXT [ /2O7 ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@ATDMT[2].TXT [ /ATDMT ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@BURSTNET[2].TXT [ /BURSTNET ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@FASTCLICK[1].TXT [ /FASTCLICK ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@HIDECLICKS[2].TXT [ /HIDECLICKS ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@HITBOX[1].TXT [ /HITBOX ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@KOMTRACK[1].TXT [ /KOMTRACK ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@KONTERA[1].TXT [ /KONTERA ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@MEDIAFIRE[2].TXT [ /MEDIAFIRE ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@OPTIMIZE.INDIECLICK[2].TXT [ /OPTIMIZE.INDIECLICK ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@REALMEDIA[1].TXT [ /REALMEDIA ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@REVSCI[1].TXT [ /REVSCI ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@TRACK.ASUS[1].TXT [ /TRACK.ASUS ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@XITI[1].TXT [ /XITI ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@YADRO[2].TXT [ /YADRO ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@ZANOX-AFFILIATE[2].TXT [ /ZANOX-AFFILIATE ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@ZANOX[1].TXT [ /ZANOX ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARK@ZEDO[2].TXT [ /ZEDO ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARK@247REALMEDIA[1].TXT [ /247REALMEDIA ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARK@HAMBURGERABENDBLATTDEDEV.122.2O7[1].TXT [ /HAMBURGERABENDBLATTDEDEV.122.2O7 ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARK@LGEEUROPE.122.2O7[1].TXT [ /LGEEUROPE.122.2O7 ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARK@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARK@ROTATION.LINUXNEWMEDIA[1].TXT [ /ROTATION.LINUXNEWMEDIA ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARK@STAT.DEALTIME[2].TXT [ /STAT.DEALTIME ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARK@TRACKING.ONMARKETING[1].TXT [ /TRACKING.ONMARKETING ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARK@USENEXT[1].TXT [ /USENEXT ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARK@VODAFONEGROUP.122.2O7[1].TXT [ /VODAFONEGROUP.122.2O7 ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARK@XITI[1].TXT [ /XITI ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARK@ZANOX-AFFILIATE[2].TXT [ /ZANOX-AFFILIATE ]
D:\USERS\MARK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARK@ZBOX.ZANOX[1].TXT [ /ZBOX.ZANOX ]
cdn1.static.youporn.phncdn.com [ C:\USERS\MARK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SY75PG92 ]
Trojan.Agent/Gen-RogueAV
D:\PROGRAM FILES (X86)\JOWOOD\GOTHIC III\NXCOOKING.DLL
Adware.ClickSpring/Yazzle
D:\SICHERUNG 300GB EXTERN\BACKUP WM-SPIELE\DATEN\STICK - EINGANG - 15052006\DAALT\LEHRPLäNE\HAK\SUDOKUINSTALL.EXE
D:\SICHERUNG 300GB EXTERN\BACKUP WM-SPIELE\GAMEZ\SUDOKU\SUDOKUINSTALL.EXE
Trojan.Agent/Gen-Frauder
D:\SICHERUNG 300GB EXTERN\SCHULE\EDV-TECHNIKER\PROJEKTE\4CET\FOTOS LS19\CDROM\PROJEKT TEAM4\PROJEKT FACHGRUPPE 2 - SERVERMANAGEMENT -NETZWERKANALYSETOOLS\NETZWERK ANALYSE TOOLS\OBSERVER\PROBEKEY.EXE
D:\USERS\MARK\APPDATA\LOCAL\TEMP\TW_AUTOSKIP.EXE
Heur.Agent/Gen-FakeIE
D:\WINDOWS\INSTALLER\{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}\ICON2B0C98582.EXE
D:\WINDOWS\INSTALLER\{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}\ICON2B0C98585.EXE
D:\WINDOWS\INSTALLER\{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}\ICON2B0C98586.EXE
PotentiallyUnwanted.SoftonicDownloader
C:\_OTL\MOVEDFILES\09232012_200951\C_USERS\ADMINISTRATOR\DOWNLOADS\SOFTONICDOWNLOADER_FUER_UNDELETE-PLUS.EXE
|
|
28.09.2012, 15:25
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Cyber Crime bla bla - Österreich Sieht ok aus, da wurden nur Cookies gefunden. Zudme waren da noch Fehlalarme und einige Elemente die in der Q von OTL stecken entdeckt worden, aber das ist völlig ok so. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 18:12
| #29 |
| | Polizei Cyber Crime bla bla - Österreich Sooo, erstmals einen riesengroßen Dank an Dich für dein Bemühen. Du machst hier wirklich tolle Arbeit!  Die Idee mit zwei Browser ist eine wirklich Gute. Werde mir mal den Opera-Browser oder Chromium genauer ansehen neben FF. System funzt wieder 1a. Nur noch zwei Fragen: 1.) Kannst du einschätzen wie ich mir den Trojaner eingefangen habe? Hab ich einfach zu schnell bzw. unachtsam wo draufgeklickt oder gibts/gabs wo eine Sicherheitslücke? 2) Nochmals zu den Passwörtern: Muss / Sollte ich wirklich alle jemals auf diesem System verwendeten/gespeicherten ändern? Nochmals Danke, und weiter so!!! glg Mark |
|
28.09.2012, 19:21
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Cyber Crime bla bla - Österreich War wahrscheinlich eine Lücke in einer alten Java-Version Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Polizei Cyber Crime bla bla - Österreich |
| alten, angemeldet, anmeldung, benutzer, bla, crime, cyber, desktop, durchgeführt, erwischt, folge, folgendes, frage, fragen, heute, install, laufen, meldung, neu, passwörter, schön, troja, trojaner, win, ändern, Österreich |
Linear-Darstellung
