|
Plagegeister aller Art und deren Bekämpfung: Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.06.2012, 21:51 | #1 |
| Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Hallo allerseits, Ich habe "eigentlich" keine konkreten Probleme (außer dass mir etwa einmal in der Woche die Kiste einfriert weil der ESet Virenscanner über Stunden 100% CPU verbraucht und durch nichts abzulenken ist). Wir sprechen über ein Win7 /Home 64-Bit. Jedenfalls habe ich dieses Wochenende wieder einmal die aktuelle Desinfec't laufenlassen, und sie hat tatsächlich einiges gefunden. Der Betriebsmodus war:
So oder so, hier ist das Logfile von Kaspersky/Desinfec't: Code:
ATTFilter 2012-06-10 00:07:40 Scan_Objects$0006 starting 1% ; --- Settings --- ; Action on detect: Disinfect automatically ; Scan objects: All objects ; Try disinfect: No ; Try delete: No ; Try delete container: No ; Exclude by mask: No ; Include by mask: No ; Objects to scan: ; "/media" Enable=Yes Recursive=Yes ; ------------------ 2012-06-10 00:07:40 Scan_Objects$0006 running 1% 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.reg password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.ini password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts.zip//sbRecovery.ini password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts1.zip//sbRecovery.ini password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.reg password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.ini password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts3.zip//sbRecovery.ini password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts4.zip//sbRecovery.ini password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.reg password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.ini password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.reg password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.ini password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.reg password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.ini password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.reg password protected 2012-06-10 01:15:28 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.ini password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.reg password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.ini password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.reg password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.ini password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.reg password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.ini password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.reg password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.ini password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.reg password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.ini password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.reg password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.ini password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.reg password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.ini password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.reg password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.ini password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.reg password protected 2012-06-10 01:15:29 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.ini password protected 2012-06-10 02:07:02 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/autocorrect.pxp//phrases.pxp password protected 2012-06-10 02:07:02 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp//phrases.pxp password protected 2012-06-10 02:07:02 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp.bak//phrases.pxp password protected 2012-06-10 02:07:02 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp//phrases.pxp password protected 2012-06-10 02:07:02 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp.bak//phrases.pxp password protected 2012-06-10 02:07:02 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp//phrases.pxp password protected 2012-06-10 02:07:02 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp.bak//phrases.pxp password protected 2012-06-10 02:07:02 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/words.pal//words.pal password protected 2012-06-10 03:43:10 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/44bc4adf-4a8465f7//Dot.class detected Exploit.Java.CVE-2011-3544.mm 2012-06-10 03:43:10 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/44bc4adf-4a8465f7//Dot.class skipped 2012-06-10 03:43:11 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Help.class detected Exploit.Java.CVE-2011-3544.mb 2012-06-10 03:43:11 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Help.class skipped 2012-06-10 03:43:11 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Test.class detected Exploit.Java.CVE-2011-3544.mb 2012-06-10 03:43:11 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Test.class skipped 2012-06-10 03:43:23 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_a.class detected Exploit.Java.CVE-2011-3544.mc 2012-06-10 03:43:23 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_a.class skipped 2012-06-10 03:43:23 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//Inc.class detected Exploit.Java.CVE-2011-3544.ma 2012-06-10 03:43:23 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//Inc.class skipped 2012-06-10 03:43:23 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_b.class detected Exploit.Java.CVE-2011-3544.md 2012-06-10 03:43:23 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_b.class skipped 2012-06-10 03:43:27 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/ta.class detected Exploit.Java.CVE-2012-0507.iz 2012-06-10 03:43:27 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/ta.class skipped 2012-06-10 03:43:27 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/L.class detected Exploit.Java.CVE-2012-0507.in 2012-06-10 03:43:27 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/L.class skipped 2012-06-10 03:43:28 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/7e5d3dba-2469828c//Dot.class detected Exploit.Java.CVE-2011-3544.mm 2012-06-10 03:43:28 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/7e5d3dba-2469828c//Dot.class skipped 2012-06-10 03:43:28 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/59/4ca9867b-52cf019c//a/a.class detected Exploit.Java.CVE-2011-3544.mu 2012-06-10 03:43:28 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/59/4ca9867b-52cf019c//a/a.class skipped 2012-06-10 03:43:29 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Help.class detected Exploit.Java.CVE-2011-3544.mb 2012-06-10 03:43:29 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Help.class skipped 2012-06-10 03:43:29 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Test.class detected Exploit.Java.CVE-2011-3544.mb 2012-06-10 03:43:29 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Test.class skipped 2012-06-10 03:43:34 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Help.class detected Exploit.Java.CVE-2011-3544.lt 2012-06-10 03:43:34 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Help.class skipped 2012-06-10 03:43:34 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Test.class detected Exploit.Java.CVE-2011-3544.lt 2012-06-10 03:43:34 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Test.class skipped 2012-06-10 04:32:00 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/autocorrect.pxp//phrases.pxp password protected 2012-06-10 04:32:03 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp.bak//phrases.pxp password protected 2012-06-10 04:32:03 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp//phrases.pxp password protected 2012-06-10 04:32:04 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp//phrases.pxp password protected 2012-06-10 04:32:04 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp.bak//phrases.pxp password protected 2012-06-10 04:32:04 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp//phrases.pxp password protected 2012-06-10 04:32:04 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp.bak//phrases.pxp password protected 2012-06-10 04:32:04 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/words.pal//words.pal password protected 2012-06-10 07:00:53 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.reg password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.ini password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts.zip//sbRecovery.ini password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts1.zip//sbRecovery.ini password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.reg password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.ini password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts3.zip//sbRecovery.ini password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts4.zip//sbRecovery.ini password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.reg password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.ini password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.reg password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.ini password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.reg password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.ini password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.reg password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.ini password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.reg password protected 2012-06-10 07:00:57 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.ini password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.reg password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.ini password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.reg password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.ini password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.reg password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.ini password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.reg password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.ini password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.reg password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.ini password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.reg password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.ini password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.reg password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.ini password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.reg password protected 2012-06-10 07:00:58 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.ini password protected 2012-06-10 07:31:12 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/autocorrect.pxp//phrases.pxp password protected 2012-06-10 07:31:12 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp//phrases.pxp password protected 2012-06-10 07:31:12 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp.bak//phrases.pxp password protected 2012-06-10 07:31:12 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp//phrases.pxp password protected 2012-06-10 07:31:12 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp.bak//phrases.pxp password protected 2012-06-10 07:31:12 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp//phrases.pxp password protected 2012-06-10 07:31:12 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp.bak//phrases.pxp password protected 2012-06-10 07:31:12 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/words.pal//words.pal password protected 2012-06-10 08:53:53 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/44bc4adf-4a8465f7//Dot.class detected Exploit.Java.CVE-2011-3544.mm 2012-06-10 08:53:53 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/44bc4adf-4a8465f7//Dot.class skipped 2012-06-10 08:53:55 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Help.class detected Exploit.Java.CVE-2011-3544.mb 2012-06-10 08:53:55 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Help.class skipped 2012-06-10 08:53:56 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Test.class detected Exploit.Java.CVE-2011-3544.mb 2012-06-10 08:53:56 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Test.class skipped 2012-06-10 08:54:07 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_a.class detected Exploit.Java.CVE-2011-3544.mc 2012-06-10 08:54:07 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_a.class skipped 2012-06-10 08:54:07 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//Inc.class detected Exploit.Java.CVE-2011-3544.ma 2012-06-10 08:54:07 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//Inc.class skipped 2012-06-10 08:54:07 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_b.class detected Exploit.Java.CVE-2011-3544.md 2012-06-10 08:54:07 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_b.class skipped 2012-06-10 08:54:12 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/ta.class detected Exploit.Java.CVE-2012-0507.iz 2012-06-10 08:54:12 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/ta.class skipped 2012-06-10 08:54:12 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/L.class detected Exploit.Java.CVE-2012-0507.in 2012-06-10 08:54:12 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/L.class skipped 2012-06-10 08:54:12 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/7e5d3dba-2469828c//Dot.class detected Exploit.Java.CVE-2011-3544.mm 2012-06-10 08:54:12 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/7e5d3dba-2469828c//Dot.class skipped 2012-06-10 08:54:13 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/59/4ca9867b-52cf019c//a/a.class detected Exploit.Java.CVE-2011-3544.mu 2012-06-10 08:54:13 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/59/4ca9867b-52cf019c//a/a.class skipped 2012-06-10 08:54:14 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Help.class detected Exploit.Java.CVE-2011-3544.mb 2012-06-10 08:54:14 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Help.class skipped 2012-06-10 08:54:14 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Test.class detected Exploit.Java.CVE-2011-3544.mb 2012-06-10 08:54:14 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Test.class skipped 2012-06-10 08:54:19 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Help.class detected Exploit.Java.CVE-2011-3544.lt 2012-06-10 08:54:19 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Help.class skipped 2012-06-10 08:54:19 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Test.class detected Exploit.Java.CVE-2011-3544.lt 2012-06-10 08:54:19 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Test.class skipped 2012-06-10 09:40:01 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/autocorrect.pxp//phrases.pxp password protected 2012-06-10 09:40:01 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp//phrases.pxp password protected 2012-06-10 09:40:01 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp.bak//phrases.pxp password protected 2012-06-10 09:40:01 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp.bak//phrases.pxp password protected 2012-06-10 09:40:01 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp//phrases.pxp password protected 2012-06-10 09:40:01 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp//phrases.pxp password protected 2012-06-10 09:40:01 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp.bak//phrases.pxp password protected 2012-06-10 09:40:01 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/words.pal//words.pal password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts1.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts3.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts4.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.ini password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.reg password protected 2012-06-10 13:00:03 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.ini password protected 2012-06-10 13:35:38 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.reg password protected 2012-06-10 13:35:38 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.ini password protected 2012-06-10 13:35:38 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts.zip//sbRecovery.ini password protected 2012-06-10 13:35:38 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts1.zip//sbRecovery.ini password protected 2012-06-10 13:35:38 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.reg password protected 2012-06-10 13:35:38 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.ini password protected 2012-06-10 13:35:38 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts3.zip//sbRecovery.ini password protected 2012-06-10 13:35:38 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts4.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.ini password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.reg password protected 2012-06-10 13:35:39 /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.ini password protected 2012-06-10 14:13:03 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp.bak//phrases.pxp password protected 2012-06-10 14:13:03 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/autocorrect.pxp//phrases.pxp password protected 2012-06-10 14:13:03 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp//phrases.pxp password protected 2012-06-10 14:13:03 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp//phrases.pxp password protected 2012-06-10 14:13:03 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp.bak//phrases.pxp password protected 2012-06-10 14:13:03 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp//phrases.pxp password protected 2012-06-10 14:13:03 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp.bak//phrases.pxp password protected 2012-06-10 14:13:03 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/words.pal//words.pal password protected 2012-06-10 15:35:57 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/44bc4adf-4a8465f7//Dot.class detected Exploit.Java.CVE-2011-3544.mm 2012-06-10 15:35:57 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/44bc4adf-4a8465f7//Dot.class skipped 2012-06-10 15:36:00 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Help.class detected Exploit.Java.CVE-2011-3544.mb 2012-06-10 15:36:00 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Help.class skipped 2012-06-10 15:36:00 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Test.class detected Exploit.Java.CVE-2011-3544.mb 2012-06-10 15:36:00 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Test.class skipped 2012-06-10 15:36:12 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_a.class detected Exploit.Java.CVE-2011-3544.mc 2012-06-10 15:36:12 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_a.class skipped 2012-06-10 15:36:12 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//Inc.class detected Exploit.Java.CVE-2011-3544.ma 2012-06-10 15:36:12 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//Inc.class skipped 2012-06-10 15:36:12 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_b.class detected Exploit.Java.CVE-2011-3544.md 2012-06-10 15:36:12 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_b.class skipped 2012-06-10 15:36:16 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/ta.class detected Exploit.Java.CVE-2012-0507.iz 2012-06-10 15:36:16 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/ta.class skipped 2012-06-10 15:36:16 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/L.class detected Exploit.Java.CVE-2012-0507.in 2012-06-10 15:36:16 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/L.class skipped 2012-06-10 15:36:17 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/7e5d3dba-2469828c//Dot.class detected Exploit.Java.CVE-2011-3544.mm 2012-06-10 15:36:17 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/7e5d3dba-2469828c//Dot.class skipped 2012-06-10 15:36:17 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/59/4ca9867b-52cf019c//a/a.class detected Exploit.Java.CVE-2011-3544.mu 2012-06-10 15:36:17 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/59/4ca9867b-52cf019c//a/a.class skipped 2012-06-10 15:36:19 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Help.class detected Exploit.Java.CVE-2011-3544.mb 2012-06-10 15:36:19 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Help.class skipped 2012-06-10 15:36:19 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Test.class detected Exploit.Java.CVE-2011-3544.mb 2012-06-10 15:36:19 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Test.class skipped 2012-06-10 15:36:24 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Help.class detected Exploit.Java.CVE-2011-3544.lt 2012-06-10 15:36:24 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Help.class skipped 2012-06-10 15:36:24 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Test.class detected Exploit.Java.CVE-2011-3544.lt 2012-06-10 15:36:24 /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Test.class skipped 2012-06-10 16:22:41 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/autocorrect.pxp//phrases.pxp password protected 2012-06-10 16:22:41 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp//phrases.pxp password protected 2012-06-10 16:22:41 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp.bak//phrases.pxp password protected 2012-06-10 16:22:42 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp//phrases.pxp password protected 2012-06-10 16:22:42 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp.bak//phrases.pxp password protected 2012-06-10 16:22:42 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp//phrases.pxp password protected 2012-06-10 16:22:42 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp.bak//phrases.pxp password protected 2012-06-10 16:22:42 /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/words.pal//words.pal password protected Und jetzt lasse ich mich überraschen. Die Walkthroughs bei den anderen waren ja faszinierend detailliert, ich bin gespannt und - soweit es der Anlass hergibt - freue mich darauf, dazuzulernen. Danke und viele Grüße, Bangalorean (der nicht in Bangalore leb) ... und weil's so schön ist, hier noch das Logfile von Malwarebytes Anti Malware. Die drei "Fundsachen" habe ich löschen lassen, sie befinden sich noch in der Quarantäne. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.11.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 (Username) :: SIRIUS [Administrator] Schutz: Aktiviert 11.06.2012 15:26:37 mbam-log-2012-06-11 (15-31-45).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 264288 Laufzeit: 4 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCR\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A} (Trojan.Agent) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Agent) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
13.06.2012, 10:47 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
13.06.2012, 12:11 | #3 |
| Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Hallo Arne,
__________________zuallererst: Vielen, vielen Dank dass Du Dich mit der Sache beschäftigst, ich muss zugeben, ich hatte schon gar nicht mehr daran geglaubt und konsequenterweise wohl ein paar Dummheiten gemacht: Ich habe inzwischen den defogger wieder abgestellt und die verdächtigen Files von Hand entfernt (genau genommen habe ich den kompletten Java-Class-Cache gelöscht). Ich bitte vielmals um Entschuldigung. Weniger dumm finde ich: Die externe Platte läuft gerade nebenan am Laptop durch die vier Virenscanner der Desinfec't 2012 (bisher befundlos, nur Kaspersky stürzt mit Speichermangel ab - der Laptop ist etwas älter...). Ich fange also noch einmal ganz von vorne an:
Ich persönlich bin nach wie vor über den Laptop im Forum erreichbar, falls eines der "oder?"s oben falsch gewesen sein sollte. Der Malwarebytes-Scan wird sowieso ein wenig dauern, vermute ich. Sobald das alles durch ist, melde ich mich hier mit den Logfiles wieder. Nochmal herzlichen Dank !!! Guten morgen, Arne, Guten morgen allerseits! Ohne große Worte, auf geht's: Ich habe zwei "alte" Malwarebytes-Logfiles: Hier ist das von Montag, die drei Registry-Keys habe ich bei Malwarebytes in die Quarantäne gesteckt, und da sind sie auch noch. Es war ein Quick-Scan mit eingeschaltetem defogger (d.h. abgeschalteten Dateisystem-Treibern) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.11.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 (***) :: SIRIUS [Administrator] Schutz: Aktiviert 11.06.2012 15:26:37 mbam-log-2012-06-11 (15-31-45).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 264288 Laufzeit: 4 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCR\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A} (Trojan.Agent) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Agent) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ich habe den Scan dann abgebrochen. Hier ist das Logfile zum abgebrochenen Scan: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.12.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 (***) :: SIRIUS [Administrator] Schutz: Aktiviert 13.06.2012 10:25:16 mbam-log-2012-06-13 (10-25-16).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 575883 Laufzeit: 2 Stunde(n), 21 Minute(n), 53 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Das hier sind die Malwarebytes-Scan-Ergebnisse für die internen Festplatten mit einem Scan nach Deinen Anweisungen (defogger an). Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.13.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 (***) :: SIRIUS [Administrator] Schutz: Aktiviert 13.06.2012 14:33:06 mbam-log-2012-06-13 (14-33-06).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1061015 Laufzeit: 3 Stunde(n), 12 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.13.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 (***) :: SIRIUS [Administrator] Schutz: Aktiviert 13.06.2012 18:16:21 mbam-log-2012-06-13 (18-16-21).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 302891 Laufzeit: 26 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=12 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6d4d091060c5f144a9446dee2c9f732b # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-13 06:02:40 # local_time=2012-06-13 08:02:40 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 31407672 91240235 0 0 # compatibility_mode=8204 39157181 100 73 17857 8486375 0 0 # scanned=100 # found=0 # cleaned=0 # scan_time=174 # nod_component=V3 Build:0x30000000 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6d4d091060c5f144a9446dee2c9f732b # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-13 06:14:53 # local_time=2012-06-13 08:14:53 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 31407893 91240456 0 0 # compatibility_mode=8204 39157181 100 73 69 8486596 0 0 # scanned=100 # found=0 # cleaned=0 # scan_time=687 # nod_component=V3 Build:0x30000000 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6d4d091060c5f144a9446dee2c9f732b # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-14 01:22:30 # local_time=2012-06-14 03:22:30 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 31408629 91241192 0 0 # compatibility_mode=8204 39157181 100 73 805 8487332 0 0 # scanned=906383 # found=1 # cleaned=0 # scan_time=25608 # nod_component=V3 Build:0x30000000 C:\Users\(***)\AppData\Local\Temp\jar_cache1939122487030792993.tmp Java/Exploit.Blacole.AN trojan (unable to clean) 00000000000000000000000000000000 I Viele Grüße! |
18.06.2012, 10:18 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
18.06.2012, 16:43 | #5 |
| Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Na dann los: Der defogger war nach wie vor an, allerdings hatte ich die Anwendung für den Scan beendet, ebenso wie den Browser. Den Virenscanner hatte ich nur abgeschaltet. Hier ist die OTL.txt. Eine "Extras.txt" wurde scheinbar nicht angelegt. OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2012 16:51:03 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\(***)\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,41 Gb Available Physical Memory | 67,57% Memory free 16,00 Gb Paging File | 13,48 Gb Available in Paging File | 84,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,09 Gb Total Space | 38,51 Gb Free Space | 12,92% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 372,06 Gb Free Space | 39,94% Space Free | Partition Type: NTFS Drive L: | 465,63 Gb Total Space | 354,26 Gb Free Space | 76,08% Space Free | Partition Type: NTFS Drive N: | 938,74 Gb Total Space | 901,14 Gb Free Space | 95,99% Space Free | Partition Type: NTFS Computer Name: SIRIUS | User Name: (***) | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.10 19:33:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\(***)\Desktop\OTL.exe PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2011.10.01 12:43:40 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.07.22 18:07:05 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe PRC - [2010.02.01 11:38:24 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe PRC - [2010.02.01 11:37:54 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Input Director\IDWinService.exe PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.07.09 00:44:16 | 000,501,760 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe ========== Modules (No Company Name) ========== MOD - [2012.05.09 22:17:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.09 22:17:05 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012.05.09 22:16:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.09 22:16:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.09 22:16:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.09 22:16:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.09 22:16:32 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.04.24 00:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.03.22 00:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2012.02.11 01:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2012.02.11 01:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll MOD - [2011.10.01 12:43:30 | 000,368,640 | ---- | M] () -- C:\Users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:05 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll MOD - [2009.07.14 19:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.07.14 19:58:23 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2007.07.11 12:27:24 | 000,400,896 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQDEVCL.DLL MOD - [2007.07.09 00:44:16 | 000,501,760 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe MOD - [2007.06.24 15:14:52 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMDLL.DLL ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.11.24 01:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen) SRV - [2012.06.06 15:45:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.14 19:21:52 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate) SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.06.12 22:16:08 | 000,080,256 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ezGOSvc.dll -- (ezGOSvc) SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2010.11.16 02:32:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010.07.22 18:07:05 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010.04.02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.01 11:37:54 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Input Director\IDWinService.exe -- (InputDirector) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.24 01:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\WTouch\WTouchService.exe -- (WTouchService) SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.08 05:15:36 | 000,013,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Input Director\IDVistaService.exe -- (IDVistaService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2012.03.14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2012.03.14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.11.21 13:03:00 | 000,199,752 | ---- | M] (1&1 Mail & Media GmbH) [File_System | System | Running] -- C:\Windows\SysNative\drivers\uiwbrdr.SYS -- (uiwbrdr) DRV:64bit: - [2011.10.01 12:43:36 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio) DRV:64bit: - [2011.08.19 17:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.07.01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.06 13:48:54 | 000,021,968 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHARD64.sys -- (DRHARD64) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.06.16 21:15:56 | 000,096,768 | ---- | M] (Zoom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zmr16usbaudio.sys -- (ZOOM_R16MTR) DRV:64bit: - [2010.04.17 22:02:15 | 000,698,376 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mod7700.sys -- (mod7700) DRV:64bit: - [2010.04.17 22:02:15 | 000,024,200 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\modrc.sys -- (MODRC) DRV:64bit: - [2010.04.16 16:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2009.11.05 11:48:16 | 000,655,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA) DRV:64bit: - [2009.11.05 11:48:16 | 000,624,448 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM) DRV:64bit: - [2009.08.28 00:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2009.08.24 09:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.20 20:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007.05.31 11:22:08 | 000,175,880 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiHF51A.sys -- (SaiHF51A) DRV:64bit: - [2007.05.31 11:22:08 | 000,034,432 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiUF51A.sys -- (SaiUF51A) DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2007.04.23 15:44:12 | 001,533,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camdrv42.sys -- (camdrv42) DRV:64bit: - [2007.02.16 20:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2006.11.16 15:58:46 | 000,031,248 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synUSB64.sys -- (SynasUSB) DRV:64bit: - [2005.09.24 00:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV - [2011.08.19 17:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.08.06 13:48:54 | 000,021,968 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHARD64.sys -- (DRHARD64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.08.02 11:35:46 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ACRUSBTM.SYS -- (ACRUSBTM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 A2 F1 98 08 5B CA 01 [binary data] IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes,DefaultScope = {FC5B11C2-26A9-444D-9AA9-D657B68B6071} IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{9380CA6A-3318-4661-A64A-C6D7EE90E8FC}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms} IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{FC5B11C2-26A9-444D-9AA9-D657B68B6071}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\(***)\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\(***)\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\(***)\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\(***)\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\(***)\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012.06.05 13:49:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 15:45:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 09:48:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.19 09:48:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.06.05 13:49:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\(***)\AppData\Roaming\5059 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 15:45:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 09:48:42 | 000,000,000 | ---D | M] [2011.03.31 19:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(***)\AppData\Roaming\mozilla\Extensions [2009.12.08 22:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(***)\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.03.31 19:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(***)\AppData\Roaming\mozilla\Extensions\{847441a0-668c-4f1e-857f-7fb5fabebdb9} [2012.06.02 19:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions [2010.04.28 12:17:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.16 21:36:57 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2010.12.15 08:52:05 | 000,000,000 | ---D | M] (Niche Watch Tool) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{5c1a272d-6af9-4229-b821-11703c6b5ccf} [2012.03.23 18:23:52 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f} [2012.03.30 14:01:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.11.01 19:46:07 | 000,000,000 | ---D | M] (hideBad) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{be7e016e-4aea-4690-b59f-094890f69cce} [2010.12.14 01:17:52 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2010.03.25 21:55:44 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\ctrl-tab@design-noir.de [2012.01.05 15:20:04 | 000,000,000 | ---D | M] (Springpad Extension) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\ext@sprng.me [2012.05.15 00:04:24 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\fb_add_on@avm.de [2012.04.03 23:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.23 09:19:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.06 15:45:17 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.05.12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010.05.12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010.05.12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010.05.12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2012.03.14 09:11:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.05.12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010.05.12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\(***)\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\(***)\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\(***)\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\(***)\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\(***)\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Reader Library (Enabled) = C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\(***)\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: HootSuite Hootlet = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\1.5_0\ CHR - Extension: trunk.ly favorite = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmgfkgdojgojfgdnojldcnpojocgipim\0.19_0\ CHR - Extension: Cortex = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\decglnkhpfoocpafihfbeodhgofefaoc\1.6.7_0\ CHR - Extension: Antworten und Mehr f\u00FCr Google+ = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea\1.52_0\ CHR - Extension: Instachrome = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldildgghjoohccppflaohodcnmlacpb\1.5.7.1_0\ CHR - Extension: Toggl = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\idlodjlnhgndgamohpahdopfchaepgfl\1_0\ CHR - Extension: Disconnect = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.4.0_0\ CHR - Extension: HootSuite = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\ CHR - Extension: Keyword Eye = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpecgnnihjbhfanlonlcpifjcdhpfhjm\1.1_0\ CHR - Extension: G+me f\u00FCr Google Plus\u2122 = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\oacdcllhgpddmlnhajiacfakhlilbicp\6.0.3_0\ CHR - Extension: Do Share = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf\2.1.4_0\ O1 HOSTS File: ([2012.01.04 18:52:55 | 000,440,010 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15127 more lines... O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Deaktivierungs-Add-on für Browser von Google Analytics) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4 - HKLM..\Run: [ACQTMOUSE] C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKU\S-1-5-21-3760890407-145060311-2719059191-1001..\Run: [AVMUSBFernanschluss] C:\Users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3760890407-145060311-2719059191-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\(***)\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..Trusted Domains: deutschepost.de ([internetmarke] https in Trusted sites) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40118.6503240741 (Update Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECE83CE6-3E5B-4FFB-90BD-DF1CC0D7619B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.mjpg - pvmjpg30.dll File not found Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.13 12:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.13 12:51:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\(***)\Desktop\esetsmartinstaller_enu.exe [2012.06.13 09:16:40 | 000,000,000 | ---D | C] -- C:\Users\(***)\AppData\Local\Macromedia [2012.06.11 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\(***)\AppData\Roaming\Malwarebytes [2012.06.11 15:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.11 15:25:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.11 15:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.11 15:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.10 19:33:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\(***)\Desktop\OTL.exe [2012.06.05 13:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2012.06.05 13:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2012.06.05 13:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.01 00:10:16 | 000,000,000 | ---D | C] -- C:\Users\(***)\iMapping [2012.06.01 00:10:15 | 000,000,000 | ---D | C] -- C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMapping [2012.05.24 14:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\(***)\AppData\Roaming\*.tmp files -> C:\Users\(***)\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.18 16:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job [2012.06.18 16:05:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.18 14:39:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job [2012.06.18 09:29:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job [2012.06.18 08:39:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job [2012.06.17 23:05:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.15 03:04:07 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.15 03:04:07 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 14:13:53 | 000,000,000 | ---- | M] () -- C:\Users\(***)\defogger_reenable [2012.06.13 14:05:19 | 000,452,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 14:05:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.13 14:04:44 | 2147,033,087 | -HS- | M] () -- C:\hiberfil.sys [2012.06.13 13:55:29 | 001,642,296 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 13:55:29 | 000,699,752 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 13:55:29 | 000,655,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 13:55:29 | 000,148,988 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 13:55:29 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 12:51:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\(***)\Desktop\esetsmartinstaller_enu.exe [2012.06.13 09:20:50 | 000,001,303 | ---- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012.06.13 00:39:10 | 000,012,333 | ---- | M] () -- C:\Users\(***)\.bash_history [2012.06.12 06:26:30 | 000,002,407 | ---- | M] () -- C:\Users\(***)\Desktop\Google Chrome.lnk [2012.06.11 15:25:43 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.10 22:55:01 | 000,044,361 | ---- | M] () -- C:\Users\(***)\Desktop\Bangalorean.zip [2012.06.10 19:33:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\(***)\Desktop\OTL.exe [2012.06.09 16:42:12 | 000,000,600 | ---- | M] () -- C:\Users\(***)\AppData\Local\PUTTY.RND [2012.06.05 18:23:33 | 001,091,159 | ---- | M] () -- C:\Users\(***)\Documents\(***).pdf [2012.06.01 00:10:15 | 000,002,032 | ---- | M] () -- C:\Users\(***)\Desktop\iMapping.lnk [2012.05.24 14:56:13 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\(***)\AppData\Roaming\*.tmp files -> C:\Users\(***)\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.13 14:13:53 | 000,000,000 | ---- | C] () -- C:\Users\(***)\defogger_reenable [2012.06.11 15:25:43 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.10 22:55:00 | 000,044,361 | ---- | C] () -- C:\Users\(***)\Desktop\Bangalorean.zip [2012.06.05 18:23:29 | 001,091,159 | ---- | C] () -- C:\Users\(***)\Documents\(***).pdf [2012.06.01 00:10:15 | 000,002,032 | ---- | C] () -- C:\Users\(***)\Desktop\iMapping.lnk [2012.05.24 14:56:13 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2012.05.15 09:28:08 | 000,038,447 | ---- | C] () -- C:\Users\(***)\AppData\Roaming\Comma Separated Values (Windows).ADR [2012.04.17 15:58:12 | 000,138,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2012.04.17 15:58:10 | 000,074,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2012.04.17 15:58:08 | 000,309,616 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2012.04.09 22:12:44 | 000,001,153 | ---- | C] () -- C:\Users\(***)\AppData\Roaming\.ptbt1 [2012.02.27 11:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2011.12.14 18:15:24 | 000,000,018 | ---- | C] () -- C:\Users\(***)\AppData\Roaming\blckdom.res [2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.06.16 08:43:53 | 000,080,256 | ---- | C] () -- C:\Windows\SysWow64\ezGOSvc.dll [2011.06.13 19:00:20 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\ACRUSBTM.SYS [2011.06.10 21:15:43 | 001,598,198 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.01 21:44:18 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys [2011.01.29 13:34:16 | 000,000,435 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2010.10.11 17:06:05 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx151ic.ini [2010.08.22 13:25:15 | 000,012,693 | ---- | C] () -- C:\Windows\scunin.dat [2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll ========== LOP Check ========== [2012.01.12 14:23:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\4Team [2011.12.17 12:26:18 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\AceBIT [2009.12.05 00:52:35 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Amazon [2010.12.29 23:55:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Artisteer [2009.11.03 00:44:24 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ASCOMP Software [2012.03.19 18:41:15 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Audacity [2010.11.21 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Avery [2011.09.27 21:35:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BeautyPilot [2012.04.01 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BitTorrent [2009.11.03 20:05:29 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BlogBridge [2011.06.11 00:47:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\calibre [2010.05.02 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1 [2010.05.26 22:34:18 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2010.12.02 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DataDesign [2012.03.28 17:49:46 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\de.ebuero.air.0BA3C9D95ACADB00E530F4D1E731D855F807BD7D.1 [2009.11.02 08:39:40 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1 [2010.06.19 15:43:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DesktopWebAnalytics.FB5198EFD7978A66B6BD7109FD84E1C1DE681503.1 [2012.05.13 17:19:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DigitalVolcano [2012.06.13 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Dropbox [2010.04.18 10:34:05 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\e-on software [2011.02.27 17:35:13 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\EarMaster [2010.02.20 13:46:05 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ePaperPress [2012.05.06 16:01:07 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FileZilla [2011.11.11 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FRITZ! [2011.10.01 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.01.27 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\GetRightToGo [2012.01.01 04:45:03 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\go [2012.05.06 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\gtk-2.0 [2011.06.18 12:48:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\HandBrake [2011.03.31 19:08:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Haufe Mediengruppe [2010.09.26 19:19:27 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\HDRsoft [2009.11.05 21:50:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Helios [2009.12.19 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ICAClient [2012.01.22 14:38:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ICQ [2012.01.27 13:54:32 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\iJoysoft [2009.11.02 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\IrfanView [2012.05.13 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\IsolatedStorage [2011.07.03 16:11:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\jAlbum [2011.01.05 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\julitec [2011.12.14 18:14:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\kock [2011.03.31 00:47:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Lexware [2012.06.09 00:09:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\MediaMonkey [2012.04.19 23:11:19 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\MysteryStudio [2012.04.02 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\NinjaOA [2011.11.08 18:33:41 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\OpenCandy [2010.10.15 22:51:03 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Opera [2010.05.16 13:48:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\orgAnice Software GmbH [2012.03.23 14:50:29 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PDF Software [2012.06.05 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PhonerLite [2011.12.05 09:27:19 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PhraseExpress [2011.11.09 12:38:17 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PR-Gateway [2012.05.07 12:02:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\QuteCom [2010.02.24 15:08:10 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\RawTherapee [2010.01.05 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Scribus [2010.02.11 08:59:11 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Softland [2009.11.02 09:34:23 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\SoftMaker [2011.04.02 10:02:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Steinberg [2010.01.20 08:48:42 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Subversion [2010.04.17 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TerraTec [2011.08.20 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ThumbsPlus [2009.12.08 22:38:07 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Thunderbird [2011.09.12 23:03:47 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Tropico 3 [2011.12.16 16:53:45 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TuneUpMedia [2011.12.14 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\UAs [2012.04.24 22:47:09 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Ubisoft [2011.09.17 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Viewer2 [2011.01.26 00:03:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\w.bloggar [2010.05.02 00:24:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Wacom [2010.05.02 00:24:30 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2010.11.15 10:18:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WEB.DE [2010.05.02 00:16:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WTouch [2011.03.03 01:52:14 | 000,000,000 | -HSD | M] -- C:\Users\(***)\AppData\Roaming\wyUpdate AU [2011.12.14 18:37:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\xmldm [2010.11.28 00:27:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Wacom [2010.11.28 00:25:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WTouch [2012.06.18 08:39:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job [2012.06.18 14:39:01 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job [2011.04.20 20:11:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.12 14:23:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\4Team [2009.12.20 23:12:41 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ABBYY [2011.12.17 12:26:18 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\AceBIT [2012.01.22 14:21:36 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Adobe [2009.12.05 00:52:35 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Amazon [2012.03.17 13:55:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Apple Computer [2009.12.13 01:03:33 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\AppleTV&More [2010.12.29 23:55:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Artisteer [2009.11.03 00:44:24 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ASCOMP Software [2012.03.19 18:41:15 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Audacity [2010.11.21 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Avery [2011.06.21 07:21:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\AVS4YOU [2011.09.27 21:35:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BeautyPilot [2012.04.01 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BitTorrent [2009.11.03 20:05:29 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BlogBridge [2011.06.11 00:47:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\calibre [2010.05.02 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1 [2010.05.26 22:34:18 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2010.12.02 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DataDesign [2012.03.28 17:49:46 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\de.ebuero.air.0BA3C9D95ACADB00E530F4D1E731D855F807BD7D.1 [2009.11.02 08:39:40 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1 [2010.06.19 15:43:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DesktopWebAnalytics.FB5198EFD7978A66B6BD7109FD84E1C1DE681503.1 [2012.05.13 17:19:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DigitalVolcano [2010.04.28 15:40:33 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DivX [2012.06.13 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Dropbox [2010.04.18 10:34:05 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\e-on software [2011.02.27 17:35:13 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\EarMaster [2010.02.20 13:46:05 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ePaperPress [2012.05.06 16:01:07 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FileZilla [2011.11.11 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FRITZ! [2011.10.01 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.01.27 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\GetRightToGo [2012.01.01 04:45:03 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\go [2012.05.06 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\gtk-2.0 [2011.06.18 12:48:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\HandBrake [2011.03.31 19:08:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Haufe Mediengruppe [2010.09.26 19:19:27 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\HDRsoft [2009.11.05 21:50:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Helios [2012.01.22 14:25:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Help [2009.12.19 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ICAClient [2012.01.22 14:38:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ICQ [2009.11.01 16:43:32 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Identities [2012.01.27 13:54:32 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\iJoysoft [2010.12.02 22:06:00 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\InstallShield [2009.11.02 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\IrfanView [2012.05.13 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\IsolatedStorage [2011.07.03 16:11:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\jAlbum [2011.01.05 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\julitec [2011.12.14 18:14:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\kock [2011.03.31 00:47:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Lexware [2012.01.22 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Macromedia [2012.06.11 15:25:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Malwarebytes [2012.01.22 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Media Center Programs [2012.01.22 14:30:39 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Media Player Classic [2012.06.09 00:09:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\MediaMonkey [2012.05.16 13:51:20 | 000,000,000 | --SD | M] -- C:\Users\(***)\AppData\Roaming\Microsoft [2012.06.17 13:27:31 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Mozilla [2012.04.19 23:11:19 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\MysteryStudio [2011.04.20 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Nero [2012.04.02 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\NinjaOA [2011.10.22 00:23:56 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\NVIDIA [2011.11.08 18:33:41 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\OpenCandy [2010.10.15 22:51:03 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Opera [2010.05.16 13:48:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\orgAnice Software GmbH [2012.03.23 14:50:29 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PDF Software [2012.06.05 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PhonerLite [2011.12.05 09:27:19 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PhraseExpress [2011.11.09 12:38:17 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PR-Gateway [2012.05.07 12:02:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\QuteCom [2010.02.24 15:08:10 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\RawTherapee [2010.01.05 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Scribus [2012.06.04 23:28:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Skype [2011.11.18 09:08:24 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\skypePM [2010.02.11 08:59:11 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Softland [2009.11.02 09:34:23 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\SoftMaker [2011.04.02 10:02:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Steinberg [2010.01.20 08:48:42 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Subversion [2009.11.01 23:03:01 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Talkback [2010.04.17 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TerraTec [2011.08.20 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ThumbsPlus [2009.12.08 22:38:07 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Thunderbird [2011.06.08 23:20:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TortoiseSVN [2011.09.12 23:03:47 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Tropico 3 [2011.12.16 16:53:45 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TuneUpMedia [2011.12.14 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\UAs [2012.04.24 22:47:09 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Ubisoft [2011.09.17 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Viewer2 [2011.01.26 00:03:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\w.bloggar [2010.05.02 00:24:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Wacom [2010.05.02 00:24:30 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2010.11.15 10:18:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WEB.DE [2012.06.13 14:09:27 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WTablet [2010.05.02 00:16:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WTouch [2011.03.03 01:52:14 | 000,000,000 | -HSD | M] -- C:\Users\(***)\AppData\Roaming\wyUpdate AU [2011.12.14 18:37:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\xmldm < %APPDATA%\*.exe /s > [2011.12.18 14:24:49 | 000,284,160 | ---- | M] () -- C:\Users\(***)\AppData\Roaming\AceBIT\ASEOPS 8\Temp\tidy_de.exe [2011.12.18 14:24:49 | 000,282,624 | ---- | M] () -- C:\Users\(***)\AppData\Roaming\AceBIT\ASEOPS 8\Temp\tidy_en.exe [2009.12.29 14:17:06 | 003,014,000 | ---- | M] (ASCOMP Software GmbH ) -- C:\Users\(***)\AppData\Roaming\ASCOMP Software\HDD-Booster\hddboost.exe [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\(***)\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\(***)\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.04.02 08:03:14 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\(***)\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2007.07.17 07:23:00 | 003,553,680 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\(***)\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connectaddin6x5.exe [2010.05.29 21:38:08 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\(***)\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe [2010.12.04 00:08:35 | 000,004,710 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}\ARPPRODUCTICON.exe [2011.07.14 00:27:10 | 000,137,750 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_02506422F3D2BE4CA37487.exe [2011.07.14 00:27:10 | 000,137,750 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_267C690D0AFBAADCB8FC6B.exe [2011.07.14 00:27:10 | 000,010,134 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_4F0256E95A66B02112203A.exe [2011.07.14 00:27:10 | 000,137,750 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_853F67D554F05449430E7E.exe [2009.11.29 19:44:47 | 000,029,926 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe [2012.04.17 19:42:39 | 000,031,232 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{8505C641-422E-4E3C-B6B0-0F070E289FDD}\Icon8505C6411.exe [2011.08.10 00:21:30 | 028,982,144 | ---- | M] (TuneUp Media, Inc.) -- C:\Users\(***)\AppData\Roaming\OpenCandy\30B3F734FEE94F99877E9994E73B89B4\TuneUpInst-2.2.1-cmp218.exe [2012.06.05 16:29:48 | 004,873,272 | ---- | M] (Heiko Sommerfeldt ) -- C:\Users\(***)\AppData\Roaming\PhonerLite\PhonerLiteSetup.exe [2007.11.28 13:03:40 | 000,523,776 | ---- | M] () -- C:\Users\(***)\AppData\Roaming\SoftMaker\smun3250.exe < %SYSTEMDRIVE%\*.exe > [2004.03.10 23:16:33 | 000,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\Windows:E4421082D031DC8B < End of report > |
18.06.2012, 20:54 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 A2 F1 98 08 5B CA 01 [binary data] IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes,DefaultScope = {FC5B11C2-26A9-444D-9AA9-D657B68B6071} IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{9380CA6A-3318-4661-A64A-C6D7EE90E8FC}: "URL" = http://suche.web.de/search/web/?su={searchTerms} IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 FF - user.js - File not found [2010.04.28 12:17:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3760890407-145060311-2719059191-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a [2011.12.14 18:37:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\xmldm [2011.12.14 18:14:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\kock [2011.12.14 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\UAs [2004.03.10 23:16:33 | 000,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe @Alternate Data Stream - 48 bytes -> C:\Windows:E4421082D031DC8B :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** |
18.06.2012, 21:45 | #7 |
| Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** OK, weiter geht's. Hier ist das Logfile nach dem OTL-Fix, nach Neustart: Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully! HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! HKEY_USERS\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9380CA6A-3318-4661-A64A-C6D7EE90E8FC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9380CA6A-3318-4661-A64A-C6D7EE90E8FC}\ not found. Registry key HKEY_USERS\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully. C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully. C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully. C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-21-3760890407-145060311-2719059191-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SoftwareSASGeneration deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found. File L:\LaunchU3.exe -a not found. C:\Users\(***)\AppData\Roaming\xmldm folder moved successfully. C:\Users\(***)\AppData\Roaming\kock folder moved successfully. C:\Users\(***)\AppData\Roaming\UAs folder moved successfully. C:\catgen.exe moved successfully. ADS C:\Windows:E4421082D031DC8B deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: (***) ->Temp folder emptied: 4200640459 bytes ->Temporary Internet Files folder emptied: 357706362 bytes ->Java cache emptied: 122806 bytes ->FireFox cache emptied: 815435857 bytes ->Google Chrome cache emptied: 375436427 bytes ->Apple Safari cache emptied: 4140032 bytes ->Opera cache emptied: 7087512 bytes ->Flash cache emptied: 4022430 bytes User: (****) ->Temp folder emptied: 35300 bytes ->Temporary Internet Files folder emptied: 6845366 bytes ->Flash cache emptied: 56504 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 2035712 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1321786703 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102360 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 736 bytes RecycleBin emptied: 643231284 bytes Total Files Cleaned = 7.380,00 mb [EMPTYFLASH] User: All Users User: AppData User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: (***) ->Flash cache emptied: 0 bytes User: (****) ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.48.0 log created on 06182012_222521 Files\Folders moved on Reboot... C:\Users\(***)\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Ich vermute, jetzt kommt noch irgendein Scan-Lauf, um so gut es geht sicherzustellen, dass alles geklappt hat. Stimmt's? Bangalorean |
18.06.2012, 21:54 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Ja so ungefähr Wir müssen auch noch auf Rootkits prüfen und zB den MBR abklopfen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
18.06.2012, 22:23 | #9 |
| Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Hallo Arne, meinst Du mit "normaler Modus" das Gegenteil vom Admin Modus? d.h. die Benutzerkontensteuerung fragt, ob ich TDSS als Admin ausführen will. Ja oder nein? Danke! Josef Hier ist das Log vom TDSSKiller. Code:
ATTFilter 23:53:15.0756 3492 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 23:53:15.0912 3492 ============================================================ 23:53:15.0912 3492 Current date / time: 2012/06/18 23:53:15.0912 23:53:15.0912 3492 SystemInfo: 23:53:15.0912 3492 23:53:15.0912 3492 OS Version: 6.1.7601 ServicePack: 1.0 23:53:15.0912 3492 Product type: Workstation 23:53:15.0912 3492 ComputerName: SIRIUS 23:53:15.0912 3492 UserName: (***) 23:53:15.0912 3492 Windows directory: C:\Windows 23:53:15.0912 3492 System windows directory: C:\Windows 23:53:15.0912 3492 Running under WOW64 23:53:15.0912 3492 Processor architecture: Intel x64 23:53:15.0912 3492 Number of processors: 2 23:53:15.0912 3492 Page size: 0x1000 23:53:15.0912 3492 Boot type: Normal boot 23:53:15.0912 3492 ============================================================ 23:53:16.0567 3492 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 23:53:16.0567 3492 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 23:53:16.0567 3492 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 23:53:22.0770 3492 ============================================================ 23:53:22.0770 3492 \Device\Harddisk1\DR1: 23:53:22.0770 3492 MBR partitions: 23:53:22.0770 3492 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800 23:53:22.0770 3492 \Device\Harddisk0\DR0: 23:53:22.0770 3492 GPT partitions: 23:53:22.0772 3492 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B47BB0D5-BBC4-46F3-A7F0-ECF8CC0BCDAD}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000 23:53:22.0772 3492 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6B5596DD-494A-41E4-B3B6-FDFFB75C3619}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x3A345000 23:53:22.0772 3492 MBR partitions: 23:53:22.0772 3492 \Device\Harddisk2\DR2: 23:53:24.0710 3492 MBR partitions: 23:53:24.0710 3492 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1 23:53:24.0710 3492 ============================================================ 23:53:24.0803 3492 C: <-> \Device\Harddisk1\DR1\Partition0 23:53:24.0913 3492 E: <-> \Device\Harddisk2\DR2\Partition0 23:53:24.0913 3492 L: <-> \Device\Harddisk0\DR0\Partition1 23:53:24.0913 3492 ============================================================ 23:53:24.0913 3492 Initialize success 23:53:24.0913 3492 ============================================================ 23:53:52.0797 4612 ============================================================ 23:53:52.0797 4612 Scan started 23:53:52.0797 4612 Mode: Manual; SigCheck; TDLFS; 23:53:52.0797 4612 ============================================================ 23:53:53.0795 4612 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 23:53:53.0889 4612 1394ohci - ok 23:53:54.0076 4612 ABBYY.Licensing.FineReader.Professional.10.0 (309e130e78baf666d65395d950f30885) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe 23:53:54.0091 4612 ABBYY.Licensing.FineReader.Professional.10.0 - ok 23:53:54.0169 4612 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 23:53:54.0185 4612 ACPI - ok 23:53:54.0232 4612 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 23:53:54.0325 4612 AcpiPmi - ok 23:53:54.0357 4612 ACRUSBTM - ok 23:53:54.0450 4612 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 23:53:54.0466 4612 AdobeARMservice - ok 23:53:54.0544 4612 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 23:53:54.0575 4612 adp94xx - ok 23:53:54.0606 4612 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 23:53:54.0622 4612 adpahci - ok 23:53:54.0653 4612 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 23:53:54.0653 4612 adpu320 - ok 23:53:54.0715 4612 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 23:53:54.0856 4612 AeLookupSvc - ok 23:53:54.0949 4612 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 23:53:55.0012 4612 AFD - ok 23:53:55.0059 4612 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 23:53:55.0059 4612 agp440 - ok 23:53:55.0090 4612 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 23:53:55.0152 4612 ALG - ok 23:53:55.0199 4612 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 23:53:55.0199 4612 aliide - ok 23:53:55.0215 4612 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 23:53:55.0230 4612 amdide - ok 23:53:55.0293 4612 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 23:53:55.0324 4612 AmdK8 - ok 23:53:55.0324 4612 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 23:53:55.0355 4612 AmdPPM - ok 23:53:55.0433 4612 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 23:53:55.0449 4612 amdsata - ok 23:53:55.0464 4612 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 23:53:55.0480 4612 amdsbs - ok 23:53:55.0527 4612 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 23:53:55.0527 4612 amdxata - ok 23:53:55.0589 4612 AnyDVD (2c4a05fcef72ef614dcd11d0872498c9) C:\Windows\system32\Drivers\AnyDVD.sys 23:53:55.0620 4612 AnyDVD - ok 23:53:55.0683 4612 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 23:53:55.0839 4612 AppID - ok 23:53:55.0870 4612 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 23:53:55.0948 4612 AppIDSvc - ok 23:53:56.0010 4612 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 23:53:56.0057 4612 Appinfo - ok 23:53:56.0244 4612 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 23:53:56.0260 4612 Apple Mobile Device - ok 23:53:56.0307 4612 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 23:53:56.0307 4612 arc - ok 23:53:56.0322 4612 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 23:53:56.0338 4612 arcsas - ok 23:53:56.0556 4612 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 23:53:56.0587 4612 aspnet_state - ok 23:53:56.0619 4612 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 23:53:56.0681 4612 AsyncMac - ok 23:53:56.0712 4612 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 23:53:56.0728 4612 atapi - ok 23:53:56.0806 4612 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 23:53:56.0868 4612 AudioEndpointBuilder - ok 23:53:56.0884 4612 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 23:53:56.0915 4612 AudioSrv - ok 23:53:56.0993 4612 avmaudio (bd39d7cfd9d6a73396b618113a8e8d57) C:\Windows\system32\DRIVERS\avmaudio.sys 23:53:57.0055 4612 avmaudio - ok 23:53:57.0118 4612 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 23:53:57.0196 4612 AxInstSV - ok 23:53:57.0258 4612 azvusb (9f4320ba8e7ce2342517b182a2f2c0e6) C:\Windows\system32\DRIVERS\azvusb.sys 23:53:57.0305 4612 azvusb - ok 23:53:57.0367 4612 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 23:53:57.0414 4612 b06bdrv - ok 23:53:57.0508 4612 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 23:53:57.0555 4612 b57nd60a - ok 23:53:57.0633 4612 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 23:53:57.0648 4612 BDESVC - ok 23:53:57.0679 4612 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 23:53:57.0742 4612 Beep - ok 23:53:57.0820 4612 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 23:53:57.0867 4612 BFE - ok 23:53:57.0946 4612 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 23:53:58.0008 4612 BITS - ok 23:53:58.0086 4612 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 23:53:58.0117 4612 blbdrive - ok 23:53:58.0289 4612 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 23:53:58.0304 4612 Bonjour Service - ok 23:53:58.0351 4612 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 23:53:58.0414 4612 bowser - ok 23:53:58.0460 4612 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:53:58.0492 4612 BrFiltLo - ok 23:53:58.0507 4612 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:53:58.0523 4612 BrFiltUp - ok 23:53:58.0570 4612 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 23:53:58.0632 4612 Browser - ok 23:53:58.0663 4612 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 23:53:58.0741 4612 Brserid - ok 23:53:58.0741 4612 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 23:53:58.0788 4612 BrSerWdm - ok 23:53:58.0804 4612 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 23:53:58.0835 4612 BrUsbMdm - ok 23:53:58.0850 4612 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 23:53:58.0897 4612 BrUsbSer - ok 23:53:58.0913 4612 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 23:53:58.0944 4612 BTHMODEM - ok 23:53:59.0006 4612 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 23:53:59.0053 4612 bthserv - ok 23:53:59.0178 4612 camdrv42 (19c8e65dc74d8240c3c8be0f8751b17e) C:\Windows\system32\DRIVERS\camdrv42.sys 23:53:59.0240 4612 camdrv42 - ok 23:53:59.0412 4612 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 23:53:59.0443 4612 cdfs - ok 23:53:59.0506 4612 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 23:53:59.0537 4612 cdrom - ok 23:53:59.0599 4612 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 23:53:59.0662 4612 CertPropSvc - ok 23:53:59.0693 4612 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 23:53:59.0724 4612 circlass - ok 23:53:59.0771 4612 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 23:53:59.0786 4612 CLFS - ok 23:53:59.0896 4612 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:53:59.0911 4612 clr_optimization_v2.0.50727_32 - ok 23:53:59.0942 4612 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 23:53:59.0958 4612 clr_optimization_v2.0.50727_64 - ok 23:54:00.0036 4612 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:54:00.0114 4612 clr_optimization_v4.0.30319_32 - ok 23:54:00.0161 4612 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 23:54:00.0192 4612 clr_optimization_v4.0.30319_64 - ok 23:54:00.0270 4612 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 23:54:00.0286 4612 CmBatt - ok 23:54:00.0332 4612 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 23:54:00.0348 4612 cmdide - ok 23:54:00.0410 4612 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 23:54:00.0426 4612 CNG - ok 23:54:00.0457 4612 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 23:54:00.0473 4612 Compbatt - ok 23:54:00.0520 4612 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 23:54:00.0551 4612 CompositeBus - ok 23:54:00.0551 4612 COMSysApp - ok 23:54:00.0566 4612 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 23:54:00.0582 4612 crcdisk - ok 23:54:00.0644 4612 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 23:54:00.0691 4612 CryptSvc - ok 23:54:00.0769 4612 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys 23:54:00.0769 4612 ctxusbm - ok 23:54:00.0847 4612 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 23:54:00.0910 4612 DcomLaunch - ok 23:54:00.0956 4612 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 23:54:01.0003 4612 defragsvc - ok 23:54:01.0066 4612 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 23:54:01.0128 4612 DfsC - ok 23:54:01.0190 4612 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 23:54:01.0222 4612 Dhcp - ok 23:54:01.0268 4612 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 23:54:01.0331 4612 discache - ok 23:54:01.0378 4612 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 23:54:01.0393 4612 Disk - ok 23:54:01.0409 4612 DlinkUDSMBus - ok 23:54:01.0471 4612 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 23:54:01.0534 4612 Dnscache - ok 23:54:01.0596 4612 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 23:54:01.0690 4612 dot3svc - ok 23:54:01.0736 4612 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 23:54:01.0768 4612 Dot4 - ok 23:54:01.0846 4612 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys 23:54:01.0861 4612 Dot4Print - ok 23:54:01.0908 4612 Dot4Scan (488669cd1cd3bdcfdd9a5fda72209069) C:\Windows\system32\DRIVERS\Dot4Scan.sys 23:54:01.0939 4612 Dot4Scan - ok 23:54:01.0986 4612 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 23:54:02.0017 4612 dot4usb - ok 23:54:02.0064 4612 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 23:54:02.0111 4612 DPS - ok 23:54:02.0142 4612 DRHARD - ok 23:54:02.0220 4612 DRHARD64 (d62d1103d49f115b2ff765e638aab36e) C:\Windows\system32\drivers\DRHARD64.sys 23:54:02.0236 4612 DRHARD64 - ok 23:54:02.0251 4612 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 23:54:02.0282 4612 drmkaud - ok 23:54:02.0376 4612 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 23:54:02.0392 4612 DXGKrnl - ok 23:54:02.0470 4612 eamonm (d00eae9c735a7dee8049e50d73d25434) C:\Windows\system32\DRIVERS\eamonm.sys 23:54:02.0470 4612 eamonm - ok 23:54:02.0516 4612 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 23:54:02.0579 4612 EapHost - ok 23:54:02.0735 4612 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 23:54:02.0813 4612 ebdrv - ok 23:54:02.0953 4612 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 23:54:03.0016 4612 EFS - ok 23:54:03.0125 4612 ehdrv (e5edde3c8158dd0cbc5812f201dcded0) C:\Windows\system32\DRIVERS\ehdrv.sys 23:54:03.0140 4612 ehdrv - ok 23:54:03.0218 4612 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 23:54:03.0250 4612 ehRecvr - ok 23:54:03.0312 4612 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 23:54:03.0343 4612 ehSched - ok 23:54:03.0546 4612 ekrn (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe 23:54:03.0562 4612 ekrn - ok 23:54:03.0733 4612 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys 23:54:03.0749 4612 ElbyCDIO - ok 23:54:03.0811 4612 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 23:54:03.0842 4612 elxstor - ok 23:54:03.0889 4612 epfwwfpr (3ebb7fd3c605262b942868a1d840f4f1) C:\Windows\system32\DRIVERS\epfwwfpr.sys 23:54:03.0905 4612 epfwwfpr - ok 23:54:03.0936 4612 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 23:54:03.0967 4612 ErrDev - ok 23:54:04.0045 4612 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 23:54:04.0092 4612 EventSystem - ok 23:54:04.0108 4612 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 23:54:04.0170 4612 exfat - ok 23:54:04.0326 4612 ezGOSvc (bc680dc833672e54db07f5f39d259b03) C:\Windows\SysWOW64\ezGOSvc.dll 23:54:04.0342 4612 ezGOSvc - ok 23:54:04.0357 4612 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 23:54:04.0420 4612 fastfat - ok 23:54:04.0513 4612 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 23:54:04.0560 4612 Fax - ok 23:54:04.0560 4612 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 23:54:04.0576 4612 fdc - ok 23:54:04.0622 4612 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 23:54:04.0685 4612 fdPHost - ok 23:54:04.0716 4612 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 23:54:04.0763 4612 FDResPub - ok 23:54:04.0794 4612 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 23:54:04.0794 4612 FileInfo - ok 23:54:04.0810 4612 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 23:54:04.0872 4612 Filetrace - ok 23:54:04.0903 4612 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 23:54:04.0919 4612 flpydisk - ok 23:54:04.0966 4612 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 23:54:04.0981 4612 FltMgr - ok 23:54:05.0075 4612 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 23:54:05.0153 4612 FontCache - ok 23:54:05.0309 4612 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 23:54:05.0324 4612 FontCache3.0.0.0 - ok 23:54:05.0418 4612 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 23:54:05.0434 4612 FsDepends - ok 23:54:05.0480 4612 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 23:54:05.0480 4612 Fs_Rec - ok 23:54:05.0543 4612 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 23:54:05.0558 4612 fvevol - ok 23:54:05.0590 4612 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 23:54:05.0605 4612 gagp30kx - ok 23:54:05.0652 4612 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 23:54:05.0668 4612 GEARAspiWDM - ok 23:54:05.0730 4612 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 23:54:05.0792 4612 gpsvc - ok 23:54:05.0964 4612 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:54:05.0980 4612 gupdate - ok 23:54:06.0011 4612 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:54:06.0011 4612 gupdatem - ok 23:54:06.0042 4612 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 23:54:06.0058 4612 hcw85cir - ok 23:54:06.0136 4612 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 23:54:06.0151 4612 HdAudAddService - ok 23:54:06.0214 4612 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 23:54:06.0260 4612 HDAudBus - ok 23:54:06.0276 4612 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 23:54:06.0307 4612 HidBatt - ok 23:54:06.0323 4612 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 23:54:06.0370 4612 HidBth - ok 23:54:06.0385 4612 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 23:54:06.0432 4612 HidIr - ok 23:54:06.0463 4612 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 23:54:06.0510 4612 hidserv - ok 23:54:06.0572 4612 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 23:54:06.0588 4612 HidUsb - ok 23:54:06.0635 4612 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 23:54:06.0682 4612 hkmsvc - ok 23:54:06.0744 4612 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 23:54:06.0775 4612 HomeGroupListener - ok 23:54:06.0838 4612 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 23:54:06.0853 4612 HomeGroupProvider - ok 23:54:06.0931 4612 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 23:54:06.0947 4612 HpSAMD - ok 23:54:07.0025 4612 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 23:54:07.0087 4612 HTTP - ok 23:54:07.0118 4612 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 23:54:07.0134 4612 hwpolicy - ok 23:54:07.0181 4612 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 23:54:07.0196 4612 i8042prt - ok 23:54:07.0259 4612 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 23:54:07.0274 4612 iaStorV - ok 23:54:07.0446 4612 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 23:54:07.0477 4612 IDriverT ( UnsignedFile.Multi.Generic ) - warning 23:54:07.0477 4612 IDriverT - detected UnsignedFile.Multi.Generic (1) 23:54:07.0618 4612 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 23:54:07.0649 4612 idsvc - ok 23:54:07.0742 4612 IDVistaService (704c3164cf06a67886c305ea3677510b) C:\Program Files (x86)\Input Director\IDVistaService.exe 23:54:07.0758 4612 IDVistaService ( UnsignedFile.Multi.Generic ) - warning 23:54:07.0758 4612 IDVistaService - detected UnsignedFile.Multi.Generic (1) 23:54:07.0945 4612 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 23:54:07.0945 4612 iirsp - ok 23:54:08.0023 4612 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 23:54:08.0117 4612 IKEEXT - ok 23:54:08.0148 4612 InputDirector (fb7f9fad063ae5269a6147e3a48acd03) C:\Program Files (x86)\Input Director\IDWinService.exe 23:54:08.0164 4612 InputDirector ( UnsignedFile.Multi.Generic ) - warning 23:54:08.0164 4612 InputDirector - detected UnsignedFile.Multi.Generic (1) 23:54:08.0210 4612 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 23:54:08.0210 4612 intelide - ok 23:54:08.0242 4612 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 23:54:08.0273 4612 intelppm - ok 23:54:08.0304 4612 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 23:54:08.0366 4612 IPBusEnum - ok 23:54:08.0398 4612 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:54:08.0429 4612 IpFilterDriver - ok 23:54:08.0507 4612 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 23:54:08.0554 4612 iphlpsvc - ok 23:54:08.0600 4612 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 23:54:08.0600 4612 IPMIDRV - ok 23:54:08.0616 4612 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 23:54:08.0678 4612 IPNAT - ok 23:54:08.0866 4612 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 23:54:08.0881 4612 iPod Service - ok 23:54:08.0912 4612 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 23:54:08.0944 4612 IRENUM - ok 23:54:08.0975 4612 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 23:54:08.0990 4612 isapnp - ok 23:54:09.0006 4612 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 23:54:09.0022 4612 iScsiPrt - ok 23:54:09.0053 4612 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 23:54:09.0068 4612 kbdclass - ok 23:54:09.0131 4612 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 23:54:09.0131 4612 kbdhid - ok 23:54:09.0178 4612 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:54:09.0193 4612 KeyIso - ok 23:54:09.0209 4612 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 23:54:09.0209 4612 KSecDD - ok 23:54:09.0224 4612 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 23:54:09.0240 4612 KSecPkg - ok 23:54:09.0240 4612 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 23:54:09.0302 4612 ksthunk - ok 23:54:09.0334 4612 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 23:54:09.0396 4612 KtmRm - ok 23:54:09.0443 4612 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 23:54:09.0490 4612 LanmanServer - ok 23:54:09.0536 4612 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 23:54:09.0583 4612 LanmanWorkstation - ok 23:54:09.0614 4612 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 23:54:09.0677 4612 lltdio - ok 23:54:09.0724 4612 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 23:54:09.0770 4612 lltdsvc - ok 23:54:09.0802 4612 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 23:54:09.0833 4612 lmhosts - ok 23:54:09.0895 4612 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 23:54:09.0895 4612 LSI_FC - ok 23:54:09.0926 4612 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 23:54:09.0926 4612 LSI_SAS - ok 23:54:09.0942 4612 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:54:09.0958 4612 LSI_SAS2 - ok 23:54:09.0973 4612 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:54:09.0989 4612 LSI_SCSI - ok 23:54:10.0020 4612 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 23:54:10.0051 4612 luafv - ok 23:54:10.0114 4612 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys 23:54:10.0145 4612 MarvinBus - ok 23:54:10.0301 4612 MatSvc (17f118a3123a566a538341a62e4d8d35) C:\Program Files\Microsoft Fix it Center\Matsvc.exe 23:54:10.0316 4612 MatSvc - ok 23:54:10.0410 4612 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 23:54:10.0426 4612 MBAMProtector - ok 23:54:10.0519 4612 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 23:54:10.0535 4612 MBAMService - ok 23:54:10.0582 4612 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 23:54:10.0613 4612 Mcx2Svc - ok 23:54:10.0660 4612 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 23:54:10.0660 4612 megasas - ok 23:54:10.0691 4612 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 23:54:10.0706 4612 MegaSR - ok 23:54:10.0769 4612 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 23:54:10.0816 4612 MMCSS - ok 23:54:10.0878 4612 mod7700 (7ab7e3009b17e13c5bafc57ec5724ccf) C:\Windows\system32\DRIVERS\mod7700.sys 23:54:10.0894 4612 mod7700 - ok 23:54:10.0909 4612 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 23:54:10.0956 4612 Modem - ok 23:54:11.0003 4612 MODRC (7071044fbcb23b47177e866a4f2ee802) C:\Windows\system32\DRIVERS\modrc.sys 23:54:11.0018 4612 MODRC - ok 23:54:11.0065 4612 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 23:54:11.0096 4612 monitor - ok 23:54:11.0174 4612 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 23:54:11.0174 4612 mouclass - ok 23:54:11.0252 4612 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 23:54:11.0268 4612 mouhid - ok 23:54:11.0315 4612 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 23:54:11.0315 4612 mountmgr - ok 23:54:11.0440 4612 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 23:54:11.0455 4612 MozillaMaintenance - ok 23:54:11.0502 4612 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 23:54:11.0502 4612 mpio - ok 23:54:11.0533 4612 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 23:54:11.0564 4612 mpsdrv - ok 23:54:11.0658 4612 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 23:54:11.0720 4612 MpsSvc - ok 23:54:11.0767 4612 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 23:54:11.0798 4612 MRxDAV - ok 23:54:11.0830 4612 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 23:54:11.0892 4612 mrxsmb - ok 23:54:11.0954 4612 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:54:12.0001 4612 mrxsmb10 - ok 23:54:12.0048 4612 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:54:12.0048 4612 mrxsmb20 - ok 23:54:12.0110 4612 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 23:54:12.0110 4612 msahci - ok 23:54:12.0157 4612 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 23:54:12.0173 4612 msdsm - ok 23:54:12.0220 4612 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 23:54:12.0235 4612 MSDTC - ok 23:54:12.0282 4612 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 23:54:12.0329 4612 Msfs - ok 23:54:12.0329 4612 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 23:54:12.0376 4612 mshidkmdf - ok 23:54:12.0407 4612 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 23:54:12.0422 4612 msisadrv - ok 23:54:12.0485 4612 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 23:54:12.0516 4612 MSiSCSI - ok 23:54:12.0532 4612 msiserver - ok 23:54:12.0547 4612 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 23:54:12.0610 4612 MSKSSRV - ok 23:54:12.0641 4612 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 23:54:12.0688 4612 MSPCLOCK - ok 23:54:12.0719 4612 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 23:54:12.0781 4612 MSPQM - ok 23:54:12.0828 4612 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 23:54:12.0844 4612 MsRPC - ok 23:54:12.0859 4612 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 23:54:12.0875 4612 mssmbios - ok 23:54:12.0875 4612 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 23:54:12.0937 4612 MSTEE - ok 23:54:12.0953 4612 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 23:54:12.0968 4612 MTConfig - ok 23:54:12.0984 4612 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 23:54:13.0000 4612 Mup - ok 23:54:13.0078 4612 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 23:54:13.0124 4612 napagent - ok 23:54:13.0171 4612 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 23:54:13.0218 4612 NativeWifiP - ok 23:54:13.0452 4612 NAUpdate (13aa2130f2a104dd775ead0f0ee5417b) C:\Program Files (x86)\Nero\Update\NASvc.exe 23:54:13.0468 4612 NAUpdate - ok 23:54:13.0530 4612 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 23:54:13.0561 4612 NDIS - ok 23:54:13.0577 4612 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 23:54:13.0624 4612 NdisCap - ok 23:54:13.0639 4612 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 23:54:13.0702 4612 NdisTapi - ok 23:54:13.0733 4612 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 23:54:13.0795 4612 Ndisuio - ok 23:54:13.0842 4612 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 23:54:13.0889 4612 NdisWan - ok 23:54:13.0936 4612 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 23:54:13.0982 4612 NDProxy - ok 23:54:14.0170 4612 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 23:54:14.0201 4612 Nero BackItUp Scheduler 4.0 - ok 23:54:14.0263 4612 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll 23:54:14.0279 4612 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 23:54:14.0279 4612 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 23:54:14.0341 4612 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 23:54:14.0404 4612 NetBIOS - ok 23:54:14.0450 4612 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 23:54:14.0497 4612 NetBT - ok 23:54:14.0528 4612 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:54:14.0544 4612 Netlogon - ok 23:54:14.0606 4612 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 23:54:14.0653 4612 Netman - ok 23:54:14.0778 4612 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:54:14.0778 4612 NetMsmqActivator - ok 23:54:14.0794 4612 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:54:14.0794 4612 NetPipeActivator - ok 23:54:14.0825 4612 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 23:54:14.0887 4612 netprofm - ok 23:54:14.0887 4612 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:54:14.0903 4612 NetTcpActivator - ok 23:54:14.0903 4612 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:54:14.0918 4612 NetTcpPortSharing - ok 23:54:15.0028 4612 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 23:54:15.0043 4612 nfrd960 - ok 23:54:15.0106 4612 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 23:54:15.0152 4612 NlaSvc - ok 23:54:15.0215 4612 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys 23:54:15.0230 4612 NPF - ok 23:54:15.0246 4612 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 23:54:15.0277 4612 Npfs - ok 23:54:15.0324 4612 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 23:54:15.0386 4612 nsi - ok 23:54:15.0418 4612 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 23:54:15.0464 4612 nsiproxy - ok 23:54:15.0574 4612 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 23:54:15.0620 4612 Ntfs - ok 23:54:15.0776 4612 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 23:54:15.0839 4612 Null - ok 23:54:16.0447 4612 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys 23:54:16.0634 4612 nvlddmkm - ok 23:54:16.0744 4612 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 23:54:16.0759 4612 nvraid - ok 23:54:16.0806 4612 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 23:54:16.0822 4612 nvstor - ok 23:54:16.0915 4612 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe 23:54:16.0931 4612 nvsvc - ok 23:54:17.0134 4612 nvUpdatusService (4e5c5d88eb0a8d21824d5a3eb7327e69) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 23:54:17.0165 4612 nvUpdatusService - ok 23:54:17.0305 4612 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 23:54:17.0321 4612 nv_agp - ok 23:54:17.0368 4612 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 23:54:17.0383 4612 ohci1394 - ok 23:54:17.0492 4612 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:54:17.0508 4612 ose - ok 23:54:17.0804 4612 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 23:54:17.0882 4612 osppsvc - ok 23:54:18.0023 4612 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 23:54:18.0070 4612 p2pimsvc - ok 23:54:18.0132 4612 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 23:54:18.0148 4612 p2psvc - ok 23:54:18.0210 4612 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 23:54:18.0241 4612 Parport - ok 23:54:18.0288 4612 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 23:54:18.0288 4612 partmgr - ok 23:54:18.0319 4612 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 23:54:18.0350 4612 PcaSvc - ok 23:54:18.0366 4612 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 23:54:18.0382 4612 pci - ok 23:54:18.0413 4612 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 23:54:18.0413 4612 pciide - ok 23:54:18.0444 4612 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 23:54:18.0460 4612 pcmcia - ok 23:54:18.0475 4612 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 23:54:18.0491 4612 pcw - ok 23:54:18.0522 4612 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 23:54:18.0584 4612 PEAUTH - ok 23:54:18.0694 4612 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 23:54:18.0725 4612 PerfHost - ok 23:54:18.0881 4612 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 23:54:18.0943 4612 pla - ok 23:54:19.0037 4612 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 23:54:19.0052 4612 PlugPlay - ok 23:54:19.0130 4612 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll 23:54:19.0146 4612 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 23:54:19.0146 4612 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 23:54:19.0193 4612 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 23:54:19.0224 4612 PNRPAutoReg - ok 23:54:19.0271 4612 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 23:54:19.0286 4612 PNRPsvc - ok 23:54:19.0349 4612 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 23:54:19.0411 4612 PolicyAgent - ok 23:54:19.0458 4612 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 23:54:19.0520 4612 Power - ok 23:54:19.0630 4612 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 23:54:19.0661 4612 PptpMiniport - ok 23:54:19.0708 4612 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 23:54:19.0739 4612 Processor - ok 23:54:19.0817 4612 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 23:54:19.0879 4612 ProfSvc - ok 23:54:19.0910 4612 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:54:19.0926 4612 ProtectedStorage - ok 23:54:19.0988 4612 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 23:54:20.0035 4612 Psched - ok 23:54:20.0113 4612 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 23:54:20.0160 4612 ql2300 - ok 23:54:20.0332 4612 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 23:54:20.0347 4612 ql40xx - ok 23:54:20.0394 4612 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 23:54:20.0425 4612 QWAVE - ok 23:54:20.0441 4612 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 23:54:20.0472 4612 QWAVEdrv - ok 23:54:20.0488 4612 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 23:54:20.0534 4612 RasAcd - ok 23:54:20.0597 4612 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 23:54:20.0644 4612 RasAgileVpn - ok 23:54:20.0675 4612 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 23:54:20.0722 4612 RasAuto - ok 23:54:20.0768 4612 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 23:54:20.0815 4612 Rasl2tp - ok 23:54:20.0831 4612 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 23:54:20.0878 4612 RasMan - ok 23:54:20.0924 4612 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 23:54:21.0018 4612 RasPppoe - ok 23:54:21.0080 4612 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 23:54:21.0127 4612 RasSstp - ok 23:54:21.0190 4612 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 23:54:21.0221 4612 rdbss - ok 23:54:21.0236 4612 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 23:54:21.0268 4612 rdpbus - ok 23:54:21.0299 4612 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 23:54:21.0330 4612 RDPCDD - ok 23:54:21.0346 4612 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 23:54:21.0408 4612 RDPENCDD - ok 23:54:21.0408 4612 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 23:54:21.0439 4612 RDPREFMP - ok 23:54:21.0486 4612 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 23:54:21.0517 4612 RDPWD - ok 23:54:21.0564 4612 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 23:54:21.0580 4612 rdyboost - ok 23:54:21.0642 4612 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 23:54:21.0689 4612 RemoteAccess - ok 23:54:21.0736 4612 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 23:54:21.0798 4612 RemoteRegistry - ok 23:54:21.0829 4612 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys 23:54:21.0876 4612 RimUsb - ok 23:54:21.0970 4612 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe 23:54:21.0985 4612 rpcapd - ok 23:54:22.0048 4612 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 23:54:22.0094 4612 RpcEptMapper - ok 23:54:22.0110 4612 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 23:54:22.0141 4612 RpcLocator - ok 23:54:22.0204 4612 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 23:54:22.0235 4612 RpcSs - ok 23:54:22.0297 4612 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 23:54:22.0328 4612 rspndr - ok 23:54:22.0375 4612 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys 23:54:22.0391 4612 RTL8167 - ok 23:54:22.0453 4612 SaiHF51A (6571f3e998dbfed96b2e00902657b7dd) C:\Windows\system32\DRIVERS\SaiHF51A.sys 23:54:22.0469 4612 SaiHF51A - ok 23:54:22.0531 4612 SaiUF51A (eabba7b9299a07bcc36c8f814c2a2bc5) C:\Windows\system32\DRIVERS\SaiUF51A.sys 23:54:22.0578 4612 SaiUF51A - ok 23:54:22.0609 4612 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:54:22.0625 4612 SamSs - ok 23:54:22.0672 4612 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 23:54:22.0687 4612 sbp2port - ok 23:54:22.0843 4612 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 23:54:22.0874 4612 SBSDWSCService - ok 23:54:22.0921 4612 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 23:54:22.0968 4612 SCardSvr - ok 23:54:23.0062 4612 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 23:54:23.0124 4612 scfilter - ok 23:54:23.0218 4612 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 23:54:23.0264 4612 Schedule - ok 23:54:23.0327 4612 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 23:54:23.0358 4612 SCPolicySvc - ok 23:54:23.0405 4612 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 23:54:23.0452 4612 SDRSVC - ok 23:54:23.0514 4612 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 23:54:23.0561 4612 secdrv - ok 23:54:23.0608 4612 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 23:54:23.0654 4612 seclogon - ok 23:54:23.0686 4612 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 23:54:23.0748 4612 SENS - ok 23:54:23.0748 4612 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 23:54:23.0795 4612 SensrSvc - ok 23:54:23.0826 4612 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 23:54:23.0842 4612 Serenum - ok 23:54:23.0857 4612 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 23:54:23.0888 4612 Serial - ok 23:54:23.0935 4612 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 23:54:23.0935 4612 sermouse - ok 23:54:23.0998 4612 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 23:54:24.0044 4612 SessionEnv - ok 23:54:24.0091 4612 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 23:54:24.0122 4612 sffdisk - ok 23:54:24.0138 4612 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 23:54:24.0154 4612 sffp_mmc - ok 23:54:24.0169 4612 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 23:54:24.0200 4612 sffp_sd - ok 23:54:24.0216 4612 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 23:54:24.0247 4612 sfloppy - ok 23:54:24.0310 4612 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 23:54:24.0372 4612 SharedAccess - ok 23:54:24.0434 4612 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 23:54:24.0466 4612 ShellHWDetection - ok 23:54:24.0497 4612 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:54:24.0497 4612 SiSRaid2 - ok 23:54:24.0528 4612 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 23:54:24.0528 4612 SiSRaid4 - ok 23:54:24.0637 4612 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 23:54:24.0653 4612 SkypeUpdate - ok 23:54:24.0684 4612 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 23:54:24.0715 4612 Smb - ok 23:54:24.0778 4612 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 23:54:24.0809 4612 SNMPTRAP - ok 23:54:24.0887 4612 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe 23:54:24.0918 4612 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning 23:54:24.0918 4612 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1) 23:54:24.0934 4612 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 23:54:24.0949 4612 spldr - ok 23:54:25.0027 4612 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 23:54:25.0058 4612 Spooler - ok 23:54:25.0246 4612 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 23:54:25.0339 4612 sppsvc - ok 23:54:25.0464 4612 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 23:54:25.0511 4612 sppuinotify - ok 23:54:25.0620 4612 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 23:54:25.0667 4612 srv - ok 23:54:25.0729 4612 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 23:54:25.0776 4612 srv2 - ok 23:54:25.0807 4612 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 23:54:25.0854 4612 srvnet - ok 23:54:25.0901 4612 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 23:54:25.0948 4612 SSDPSRV - ok 23:54:25.0979 4612 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 23:54:26.0010 4612 SstpSvc - ok 23:54:26.0182 4612 StarMoney 7.0 OnlineUpdate (e8606bf6be3b7481d95f1dd2e4f3fcba) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe 23:54:26.0197 4612 StarMoney 7.0 OnlineUpdate - ok 23:54:26.0369 4612 StarMoney 8.0 OnlineUpdate (7e784dc5c7ce2c6f3c392ad320f5f2c0) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe 23:54:26.0400 4612 StarMoney 8.0 OnlineUpdate - ok 23:54:26.0431 4612 Steam Client Service - ok 23:54:26.0540 4612 Stereo Service (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 23:54:26.0556 4612 Stereo Service - ok 23:54:26.0743 4612 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 23:54:26.0759 4612 stexstor - ok 23:54:26.0837 4612 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 23:54:26.0884 4612 stisvc - ok 23:54:26.0930 4612 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 23:54:26.0930 4612 swenum - ok 23:54:26.0993 4612 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 23:54:27.0055 4612 swprv - ok 23:54:27.0118 4612 SynasUSB (512231ba47975f3f1a67b11f271bb49d) C:\Windows\system32\drivers\SynUSB64.sys 23:54:27.0133 4612 SynasUSB - ok 23:54:27.0242 4612 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 23:54:27.0289 4612 SysMain - ok 23:54:27.0445 4612 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 23:54:27.0476 4612 TabletInputService - ok 23:54:27.0788 4612 TabletServicePen (b5b736216ff7c71d320bf493825752a1) C:\Windows\system32\Pen_Tablet.exe 23:54:27.0898 4612 TabletServicePen - ok 23:54:28.0022 4612 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys 23:54:28.0038 4612 tap0901 - ok 23:54:28.0069 4612 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 23:54:28.0132 4612 TapiSrv - ok 23:54:28.0147 4612 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 23:54:28.0210 4612 TBS - ok 23:54:28.0334 4612 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 23:54:28.0381 4612 Tcpip - ok 23:54:28.0506 4612 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 23:54:28.0537 4612 TCPIP6 - ok 23:54:28.0615 4612 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 23:54:28.0662 4612 tcpipreg - ok 23:54:28.0693 4612 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 23:54:28.0740 4612 TDPIPE - ok 23:54:28.0787 4612 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 23:54:28.0818 4612 TDTCP - ok 23:54:28.0880 4612 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 23:54:28.0943 4612 tdx - ok 23:54:28.0974 4612 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 23:54:28.0990 4612 TermDD - ok 23:54:29.0068 4612 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 23:54:29.0130 4612 TermService - ok 23:54:29.0161 4612 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 23:54:29.0192 4612 Themes - ok 23:54:29.0239 4612 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 23:54:29.0270 4612 THREADORDER - ok 23:54:29.0286 4612 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 23:54:29.0348 4612 TrkWks - ok 23:54:29.0426 4612 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 23:54:29.0489 4612 TrustedInstaller - ok 23:54:29.0520 4612 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 23:54:29.0551 4612 tssecsrv - ok 23:54:29.0629 4612 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 23:54:29.0676 4612 TsUsbFlt - ok 23:54:29.0754 4612 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 23:54:29.0801 4612 tunnel - ok 23:54:29.0848 4612 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 23:54:29.0863 4612 uagp35 - ok 23:54:29.0910 4612 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 23:54:29.0957 4612 udfs - ok 23:54:29.0988 4612 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 23:54:30.0019 4612 UI0Detect - ok 23:54:30.0066 4612 uiwbrdr (795a7905a23bac7205fbd3004c415ff8) C:\Windows\system32\DRIVERS\uiwbrdr.sys 23:54:30.0082 4612 uiwbrdr - ok 23:54:30.0144 4612 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 23:54:30.0160 4612 uliagpkx - ok 23:54:30.0206 4612 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 23:54:30.0222 4612 umbus - ok 23:54:30.0238 4612 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 23:54:30.0238 4612 UmPass - ok 23:54:30.0284 4612 UnlockerDriver5 - ok 23:54:30.0316 4612 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 23:54:30.0378 4612 upnphost - ok 23:54:30.0440 4612 USB28xxBGA (189c5eea2b204055e4bc8cf62eebff11) C:\Windows\system32\DRIVERS\emBDA64.sys 23:54:30.0456 4612 USB28xxBGA - ok 23:54:30.0487 4612 USB28xxOEM (2b124cc557fefdd1ac8a585522441afc) C:\Windows\system32\DRIVERS\emOEM64.sys 23:54:30.0518 4612 USB28xxOEM - ok 23:54:30.0565 4612 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 23:54:30.0612 4612 USBAAPL64 - ok 23:54:30.0674 4612 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 23:54:30.0690 4612 usbaudio - ok 23:54:30.0737 4612 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 23:54:30.0799 4612 usbccgp - ok 23:54:30.0815 4612 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 23:54:30.0830 4612 usbcir - ok 23:54:30.0877 4612 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 23:54:30.0908 4612 usbehci - ok 23:54:30.0955 4612 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 23:54:30.0971 4612 usbhub - ok 23:54:30.0986 4612 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 23:54:31.0018 4612 usbohci - ok 23:54:31.0049 4612 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 23:54:31.0080 4612 usbprint - ok 23:54:31.0127 4612 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:54:31.0189 4612 USBSTOR - ok 23:54:31.0205 4612 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 23:54:31.0236 4612 usbuhci - ok 23:54:31.0267 4612 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 23:54:31.0330 4612 UxSms - ok 23:54:31.0361 4612 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:54:31.0376 4612 VaultSvc - ok 23:54:31.0423 4612 VBoxDrv (ba20a718e25228b9d69d72e4f19edeb5) C:\Windows\system32\DRIVERS\VBoxDrv.sys 23:54:31.0439 4612 VBoxDrv - ok 23:54:31.0501 4612 VBoxNetAdp (48630b4530c80aaf3dde9633e4291d8c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 23:54:31.0517 4612 VBoxNetAdp - ok 23:54:31.0564 4612 VBoxNetFlt (8b86a00d13e2dcbfe320061f3435faff) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 23:54:31.0579 4612 VBoxNetFlt - ok 23:54:31.0626 4612 VBoxUSBMon (cec73cea22b7258c0a8f2354dc49d25c) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 23:54:31.0642 4612 VBoxUSBMon - ok 23:54:31.0704 4612 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 23:54:31.0720 4612 vdrvroot - ok 23:54:31.0782 4612 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 23:54:31.0813 4612 vds - ok 23:54:31.0876 4612 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 23:54:31.0891 4612 vga - ok 23:54:31.0907 4612 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 23:54:31.0954 4612 VgaSave - ok 23:54:32.0000 4612 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 23:54:32.0016 4612 vhdmp - ok 23:54:32.0047 4612 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 23:54:32.0063 4612 viaide - ok 23:54:32.0078 4612 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 23:54:32.0094 4612 volmgr - ok 23:54:32.0172 4612 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 23:54:32.0188 4612 volmgrx - ok 23:54:32.0250 4612 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 23:54:32.0266 4612 volsnap - ok 23:54:32.0297 4612 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 23:54:32.0312 4612 vsmraid - ok 23:54:32.0422 4612 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 23:54:32.0500 4612 VSS - ok 23:54:32.0656 4612 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 23:54:32.0687 4612 vwifibus - ok 23:54:32.0734 4612 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 23:54:32.0796 4612 W32Time - ok 23:54:32.0827 4612 wacmoumonitor (6b6718dc4b4597ec10f4f8c614282ee1) C:\Windows\system32\DRIVERS\wacmoumonitor.sys 23:54:32.0843 4612 wacmoumonitor - ok 23:54:32.0890 4612 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys 23:54:32.0905 4612 wacommousefilter - ok 23:54:32.0921 4612 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 23:54:32.0952 4612 WacomPen - ok 23:54:33.0014 4612 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys 23:54:33.0030 4612 wacomvhid - ok 23:54:33.0092 4612 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 23:54:33.0139 4612 WANARP - ok 23:54:33.0155 4612 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 23:54:33.0186 4612 Wanarpv6 - ok 23:54:33.0280 4612 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 23:54:33.0326 4612 wbengine - ok 23:54:33.0498 4612 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 23:54:33.0514 4612 WbioSrvc - ok 23:54:33.0576 4612 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 23:54:33.0623 4612 wcncsvc - ok 23:54:33.0654 4612 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 23:54:33.0685 4612 WcsPlugInService - ok 23:54:33.0763 4612 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 23:54:33.0779 4612 Wd - ok 23:54:33.0826 4612 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 23:54:33.0841 4612 Wdf01000 - ok 23:54:33.0872 4612 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 23:54:33.0919 4612 WdiServiceHost - ok 23:54:33.0919 4612 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 23:54:33.0935 4612 WdiSystemHost - ok 23:54:33.0997 4612 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 23:54:34.0044 4612 WebClient - ok 23:54:34.0075 4612 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 23:54:34.0122 4612 Wecsvc - ok 23:54:34.0138 4612 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 23:54:34.0184 4612 wercplsupport - ok 23:54:34.0200 4612 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 23:54:34.0231 4612 WerSvc - ok 23:54:34.0340 4612 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 23:54:34.0372 4612 WfpLwf - ok 23:54:34.0387 4612 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 23:54:34.0403 4612 WIMMount - ok 23:54:34.0465 4612 WinDefend - ok 23:54:34.0481 4612 WinHttpAutoProxySvc - ok 23:54:34.0559 4612 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 23:54:34.0606 4612 Winmgmt - ok 23:54:34.0715 4612 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 23:54:34.0777 4612 WinRM - ok 23:54:34.0918 4612 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 23:54:34.0949 4612 WinUsb - ok 23:54:35.0027 4612 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 23:54:35.0058 4612 Wlansvc - ok 23:54:35.0214 4612 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:54:35.0261 4612 wlidsvc - ok 23:54:35.0354 4612 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 23:54:35.0354 4612 WmiAcpi - ok 23:54:35.0448 4612 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 23:54:35.0495 4612 wmiApSrv - ok 23:54:35.0526 4612 WMPNetworkSvc - ok 23:54:35.0542 4612 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 23:54:35.0557 4612 WPCSvc - ok 23:54:35.0604 4612 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 23:54:35.0620 4612 WPDBusEnum - ok 23:54:35.0666 4612 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 23:54:35.0713 4612 ws2ifsl - ok 23:54:35.0713 4612 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 23:54:35.0744 4612 wscsvc - ok 23:54:35.0760 4612 WSearch - ok 23:54:35.0885 4612 WTouchService (a2cc9a9bc30c6141ff99d85a4e26d7a7) C:\Program Files\WTouch\WTouchService.exe 23:54:35.0885 4612 WTouchService - ok 23:54:36.0025 4612 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 23:54:36.0119 4612 wuauserv - ok 23:54:36.0290 4612 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 23:54:36.0353 4612 WudfPf - ok 23:54:36.0400 4612 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 23:54:36.0431 4612 WUDFRd - ok 23:54:36.0478 4612 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 23:54:36.0509 4612 wudfsvc - ok 23:54:36.0556 4612 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 23:54:36.0602 4612 WwanSvc - ok 23:54:36.0680 4612 ZOOM_R16MTR (ee1afbad9d66a722e3b2b64577f44119) C:\Windows\system32\Drivers\zmr16usbaudio.sys 23:54:36.0696 4612 ZOOM_R16MTR - ok 23:54:36.0712 4612 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 23:54:36.0992 4612 \Device\Harddisk1\DR1 - ok 23:54:36.0992 4612 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0 23:54:37.0070 4612 \Device\Harddisk0\DR0 - ok 23:54:37.0070 4612 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk2\DR2 23:54:37.0461 4612 \Device\Harddisk2\DR2 - ok 23:54:37.0461 4612 Boot (0x1200) (d2316ff34bfa834fb9b062a3e3e78563) \Device\Harddisk1\DR1\Partition0 23:54:37.0461 4612 \Device\Harddisk1\DR1\Partition0 - ok 23:54:37.0477 4612 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition0 23:54:37.0477 4612 \Device\Harddisk0\DR0\Partition0 - ok 23:54:37.0477 4612 Boot (0x1200) (a0c416bbabd56eace03bb9a5c7a2d356) \Device\Harddisk0\DR0\Partition1 23:54:37.0477 4612 \Device\Harddisk0\DR0\Partition1 - ok 23:54:37.0477 4612 Boot (0x1200) (7e70df8c904c80a0d8aebd1842226e38) \Device\Harddisk2\DR2\Partition0 23:54:37.0477 4612 \Device\Harddisk2\DR2\Partition0 - ok 23:54:37.0493 4612 ============================================================ 23:54:37.0493 4612 Scan finished 23:54:37.0493 4612 ============================================================ 23:54:37.0493 4740 Detected object count: 6 23:54:37.0493 4740 Actual detected object count: 6 23:54:58.0194 4740 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 23:54:58.0194 4740 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:54:58.0194 4740 IDVistaService ( UnsignedFile.Multi.Generic ) - skipped by user 23:54:58.0194 4740 IDVistaService ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:54:58.0194 4740 InputDirector ( UnsignedFile.Multi.Generic ) - skipped by user 23:54:58.0194 4740 InputDirector ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:54:58.0194 4740 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 23:54:58.0194 4740 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:54:58.0194 4740 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 23:54:58.0194 4740 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:54:58.0194 4740 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user 23:54:58.0194 4740 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:55:15.0448 3592 Deinitialize success
Die anderen vier Fundsachen haben sich bei mir nicht vorgestellt. Ich bin gespannt, wie es weitergeht. Viele Grüße, Bangalorean |
19.06.2012, 07:50 | #10 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Nein der normale Modus ist der normale Startmodus und wenn du wo willst das Gegenteil vom Abgesicherten Modus Zitat:
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
19.06.2012, 09:24 | #11 |
| Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Danke für den Hinweis zum "normalen" Modus :-) - ich habe dann gemerkt, dass ich TDSSkiller gar nicht starten kann, ohne admin zu sein... Naja, es war ja schon spät gestern. Hier ist also das Logfile zu ComboFix: Code:
ATTFilter ComboFix 12-06-16.02 - (***) 19.06.2012 9:29.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8191.6303 [GMT 2:00] ausgeführt von:: c:\users\(***)\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\(***)\AppData\Roaming\AcroIEHelpe.txt c:\users\(***)\AppData\Roaming\srvblck2.tmp c:\users\(***)\Documents\Readiris.DUS c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-19 bis 2012-06-19 )))))))))))))))))))))))))))))) . . 2012-06-19 07:41 . 2012-06-19 07:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-18 20:25 . 2012-06-18 20:25 -------- d-----w- C:\_OTL 2012-06-13 11:44 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-13 11:44 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-13 11:44 . 2012-05-18 02:51 174200 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-06-13 11:44 . 2012-05-18 01:57 548864 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-06-13 11:44 . 2012-05-17 23:21 140920 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll 2012-06-13 11:44 . 2012-05-17 22:31 194560 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll 2012-06-13 11:42 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-13 11:42 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-13 10:52 . 2012-06-13 10:52 -------- d-----w- c:\program files (x86)\ESET 2012-06-13 07:16 . 2012-06-13 07:16 -------- d-----w- c:\users\(***)\AppData\Local\Macromedia 2012-06-13 07:16 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 07:16 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 07:16 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 07:16 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 07:16 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 07:16 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-13 07:15 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-13 07:15 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-13 07:15 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 07:15 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-13 07:15 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-13 07:15 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 07:15 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-13 07:15 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 07:15 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 07:15 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-13 07:15 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-11 13:25 . 2012-06-11 13:25 -------- d-----w- c:\users\(***)\AppData\Roaming\Malwarebytes 2012-06-11 13:25 . 2012-06-11 13:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-11 13:25 . 2012-06-11 13:25 -------- d-----w- c:\programdata\Malwarebytes 2012-06-11 13:25 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-06 13:45 . 2012-06-06 13:45 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-06 13:45 . 2012-06-06 13:45 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-05 11:49 . 2012-06-05 11:49 -------- d-----w- c:\program files\ESET 2012-05-31 22:10 . 2012-05-31 22:10 -------- d-----w- c:\users\(***)\iMapping 2012-05-30 16:39 . 2012-05-30 16:39 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin 2012-05-24 12:56 . 2012-05-22 12:26 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-05-24 12:56 . 2012-05-22 12:26 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-05-22 12:26 . 2012-05-22 12:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-05-22 12:25 . 2012-05-22 12:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2012-05-22 12:25 . 2012-05-22 12:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-13 07:01 . 2012-04-03 22:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-13 07:01 . 2011-05-28 08:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-14 19:23 . 2009-12-11 11:11 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2012-05-14 19:23 . 2010-05-28 01:47 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-05-09 20:48 . 2012-05-09 20:48 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-04-17 17:42 . 2012-04-17 17:42 31232 ----a-r- c:\users\(***)\AppData\Roaming\Microsoft\Installer\{8505C641-422E-4E3C-B6B0-0F070E289FDD}\Icon8505C6411.exe 2012-04-17 13:58 . 2012-04-17 13:58 138608 ----a-w- c:\windows\SysWow64\LxDNTvmc100.dll 2012-04-17 13:58 . 2012-04-17 13:58 74608 ----a-w- c:\windows\SysWow64\LxDNTvm100.dll 2012-04-17 13:58 . 2012-04-17 13:58 309616 ----a-w- c:\windows\SysWow64\LxDNT100.dll 2012-03-30 11:35 . 2012-05-09 04:47 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVMUSBFernanschluss"="c:\users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-10-01 147456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-08 1406248] "ACQTMOUSE"="c:\program files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe" [2007-07-08 501760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\(***)\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Nach Updates suchen.lnk.disabled [2010-4-18 2484] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Reader Library Launcher"=c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" /startup "Bonus.SSR.FR10"="c:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun "BambooCore"=c:\program files (x86)\Bamboo Dock\BambooCore.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160] R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-02-23 690352] R3 camdrv42;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv42.sys [x] R3 DRHARD;DRHARD;c:\windows\system32\DRIVERS\DRHARD.SYS [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 136176] R3 IDVistaService;Input Director Vista Service;c:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824] R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 113120] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 SaiHF51A;SaiHF51A;c:\windows\system32\DRIVERS\SaiHF51A.sys [x] R3 SaiUF51A;SaiUF51A;c:\windows\system32\DRIVERS\SaiUF51A.sys [x] R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x] R3 ZOOM_R16MTR;ZOOM R16_R24 Audio Interface;c:\windows\system32\Drivers\zmr16usbaudio.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 uiwbrdr;uiwbrdr;c:\windows\system32\DRIVERS\uiwbrdr.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-07-22 814344] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 DRHARD64;DRHARD64;c:\windows\system32\drivers\DRHARD64.sys [2010-08-06 21968] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 InputDirector;Input Director Service;c:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x] S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784] S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x] S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MODRC;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job - c:\users\(***)\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 06:34] . 2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job - c:\users\(***)\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 06:34] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 21:48] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 21:48] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job - c:\users\(***)\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-09 19:58] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job - c:\users\(***)\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-09 19:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 357888] "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 194560] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezGOSvc . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: deutschepost.de\internetmarke TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\(***)\AppData\Roaming\Mozilla\Firefox\Profiles\blewa984.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.tvtv.de/tvtv/index.vm?lang=de FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . ShellIconOverlayIdentifiers-{C5994560-53D9-4125-87C9-F193FC689CB2} - (no file) ShellIconOverlayIdentifiers-{C5994561-53D9-4125-87C9-F193FC689CB2} - (no file) ShellIconOverlayIdentifiers-{C5994562-53D9-4125-87C9-F193FC689CB2} - (no file) ShellIconOverlayIdentifiers-{C5994563-53D9-4125-87C9-F193FC689CB2} - (no file) ShellIconOverlayIdentifiers-{C5994564-53D9-4125-87C9-F193FC689CB2} - (no file) ShellIconOverlayIdentifiers-{C5994565-53D9-4125-87C9-F193FC689CB2} - (no file) ShellIconOverlayIdentifiers-{C5994566-53D9-4125-87C9-F193FC689CB2} - (no file) ShellIconOverlayIdentifiers-{C5994567-53D9-4125-87C9-F193FC689CB2} - (no file) ShellIconOverlayIdentifiers-{C5994568-53D9-4125-87C9-F193FC689CB2} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-DDR (Professional) Recovery - c:\windows\UnDeployV.exe AddRemove-DDR (Professional) Recovery - Demo - c:\windows\UnDeployV.exe AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe AddRemove-PI14087_HPR_ErfExist - c:\windows\IsUn0407.exe AddRemove-4267777364.d.seesmic.com - c:\program files (x86)\Microsoft Silverlight\4.0.50826.0\Silverlight.Configuration.exe AddRemove-Adobe Acrobat Connect Add-in - c:\users\(***)\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connectaddin6x5.exe AddRemove-ThumbsPlus - c:\users\(***)\AppData\Local\{6217DD66-5859-4D12-8112-F910BABBD2AA}\ThumbsPlus8setup.exe AddRemove-{AD1FE8DD-0A6A-46E7-9B5F-8A70DD75CA93} - c:\users\(***)\AppData\Local\{6217DD66-5859-4D12-8112-F910BABBD2AA}\ThumbsPlus8setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58E30D20-A49B-C319-5E73-4388DB477D4B}*] "namgeocfjjgddjkicebbepkinaac"=hex:6b,61,62,6b,69,64,6f,63,6a,69,69,68,6c,6d, 64,6a,68,6f,6e,70,63,6f,00,00 "oachipbjdagmhaaicdlponopjachhh"=hex:6b,61,62,6b,69,64,6f,63,6a,69,69,68,6c,6d, 64,6a,68,6f,6e,70,63,6f,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Input Director\InputDirectorSessionHelper.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-06-19 09:58:12 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-06-19 07:58 . Vor Suchlauf: 15 Verzeichnis(se), 52.238.999.552 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 52.090.314.752 Bytes frei . - - End Of File - - 58AE84D8757F8B66EEFD4D93AAFE273C Bis bald, Bangalorean |
19.06.2012, 11:26 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
19.06.2012, 23:31 | #13 |
| Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** So, die nächste Logfile-Sammlung ist fertig. Das hat alles in allem länger gedauert als erwartet. Erst einmal Gmer. Ich bin mir nicht sicher, ob GMER sauber beendet wurde, hier sind die Logfile-Schnippsel, die ich bekommen habe: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-06-19 19:07:57 Windows 6.1.7601 Service Pack 1 Running: ykdd1yfj.exe ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58E30D20-A49B-C319-5E73-4388DB477D4B} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58E30D20-A49B-C319-5E73-4388DB477D4B}@namgeocfjjgddjkicebbepkinaac 0x6B 0x61 0x62 0x6B ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58E30D20-A49B-C319-5E73-4388DB477D4B}@oachipbjdagmhaaicdlponopjachhh 0x6B 0x61 0x62 0x6B ... ---- EOF - GMER 1.0.15 ---- Dann geht's weiter mit OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:02:27 on 19.06.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 13.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job" - "Facebook Inc." - C:\Users\(***)\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job" - "Facebook Inc." - C:\Users\(***)\AppData\Local\Facebook\Update\FacebookUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job" - "Google Inc." - C:\Users\(***)\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job" - "Google Inc." - C:\Users\(***)\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl "PenTablet.cpl" - "Wacom Technology, Corp." - C:\Windows\system32\PenTablet.cpl "zmr16ctrlpanel.cpl" - "Zoom Corporation." - C:\Windows\system32\zmr16ctrlpanel.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACRUSBTM" (ACRUSBTM) - ? - C:\Windows\system32\drivers\ACRUSBTM.SYS (File not found) "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Cinergy HTC USB XS Capture service" (USB28xxBGA) - "eMPIA Technology, Inc." - C:\Windows\System32\DRIVERS\emBDA64.sys "Cinergy HTC USB XS OEM service" (USB28xxOEM) - "eMPIA Technology, Inc." - C:\Windows\System32\DRIVERS\emOEM64.sys "Citrix USB Monitor Driver" (ctxusbm) - "Citrix Systems, Inc." - C:\Windows\System32\DRIVERS\ctxusbm.sys "DRHARD" (DRHARD) - ? - C:\Windows\system32\DRIVERS\DRHARD.SYS (File not found) "DRHARD64" (DRHARD64) - "Licensed for Gebhard Software" - C:\Windows\system32\drivers\DRHARD64.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys "Philips SPC 900NC PC Camera" (camdrv42) - ? - C:\Windows\System32\DRIVERS\camdrv42.sys (File signed by Microsoft | File found, but it contains no detailed information) "SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\Windows\System32\drivers\SynUSB64.sys "uiwbrdr" (uiwbrdr) - "1&1 Mail & Media GmbH" - C:\Windows\System32\DRIVERS\uiwbrdr.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files (x86)\Pinnacle\Studio 14\Programs\BlueShellExt.dll (File found, but it contains no detailed information) {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {B089FE88-FB52-11D3-BDF1-0050DA34150D} "ESET Smart Security - Context Menu Shell Extension" - "ESET" - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\shellExt.dll {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL {42368EF3-D9FE-4bc4-9FD5-01903EB21F53} "ShellContextMenuHandler Class" - "1&1 Mail & Media GmbH" - C:\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\SHNDLERS.DLL {6956CAC6-5674-42C0-A698-77B3F3C9C352} "ShellIconOverlayHandler Class" - "1&1 Mail & Media GmbH" - C:\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\SHNDLERS.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {9F1C11AA-197B-4942-BA54-47A8489BB47F} "Update Class" - "Microsoft Corporation" - C:\Windows\SysWow64\iuctl.dll / hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40118.6503240741 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (File not found) {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "OneNote Lin&ked Notes" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} "Deaktivierungs-Add-on für Browser von Google Analytics" - "Google, Inc." - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\(***)\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "EvernoteClipper.lnk" - "Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041" - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Shortcut exists | File exists) "OneNote 2010 Screen Clipper and Launcher.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Nach Updates suchen.lnk.disabled" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk.disabled -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AVMUSBFernanschluss" - "AVM Berlin" - "C:\Users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ACQTMOUSE" - ? - "C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe" "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NBAgent" - "Nero AG" - "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "WEB.DE SmartDrive" - "1&1 Mail & Media GmbH" - C:\Windows\System32\uiwbnp.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "FRITZ!fax Color Port Monitor" - ? - C:\Windows\system32\FritzColorPort64.dll (File found, but it contains no detailed information) "FRITZ!fax Port Monitor" - ? - C:\Windows\system32\FritzPort64.dll (File found, but it contains no detailed information) "HP Universal Print Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPMPW081.DLL "HPPMOPJL" - "Hewlett-Packard Company" - C:\Windows\system32\hppmopjl.dll "novaPDF Lite Desktop 7 Monitor" - "Softland" - C:\Windows\system32\novamnl7.dll "WEB.DE Fax Monitor" - "WEB.DE GmbH" - C:\Windows\system32\UIWEBMON.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000" (MatSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Fix it Center\Matsvc.exe "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files (x86)\Nero\Update\NASvc.exe "ABBYY FineReader 10 PE Licensing Service" (ABBYY.Licensing.FineReader.Professional.10.0) - "ABBYY" - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Easybits GO Services for Windows" (ezGOSvc) - ? - C:\Windows\SysWOW64\ezGOSvc.dll (File found, but it contains no detailed information) "ESET Service" (ekrn) - "ESET" - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Input Director Service" (InputDirector) - ? - C:\Program Files (x86)\Input Director\IDWinService.exe (File found, but it contains no detailed information) "Input Director Vista Service" (IDVistaService) - ? - C:\Program Files (x86)\Input Director\IDVistaService.exe (File found, but it contains no detailed information) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files (x86)\WinPcap\rpcapd.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Sony SCSI Helper Service" (Sony SCSI Helper Service) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe "StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe "StarMoney 8.0 OnlineUpdate" (StarMoney 8.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "TabletServicePen" (TabletServicePen) - "Wacom Technology, Corp." - C:\Windows\system32\Pen_Tablet.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "WTouch Service" (WTouchService) - "Wacom Technology, Corp." - C:\Program Files\WTouch\WTouchService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Und last but not least, ASWMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-06-19 20:04:12 ----------------------------- 20:04:12.982 OS Version: Windows x64 6.1.7601 Service Pack 1 20:04:12.982 Number of processors: 2 586 0x4303 20:04:12.982 ComputerName: SIRIUS UserName: (***) 20:04:13.858 Initialize success 20:04:55.468 AVAST engine defs: 12061900 20:05:10.157 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 20:05:10.157 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3 20:05:10.173 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 20:05:10.173 Disk 1 Vendor: SAMSUNG_HD321KJ CP100-10 Size: 305245MB BusType: 3 20:05:10.189 Disk 1 MBR read successfully 20:05:10.189 Disk 1 MBR scan 20:05:10.204 Disk 1 Windows 7 default MBR code 20:05:10.204 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048 20:05:10.235 Disk 1 scanning C:\Windows\system32\drivers 20:05:25.944 Service scanning 20:06:01.304 Modules scanning 20:06:01.304 Disk 1 trace - called modules: 20:06:01.319 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys 20:06:01.335 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007999060] 20:06:01.335 3 CLASSPNP.SYS[fffff8800196343f] -> nt!IofCallDriver -> [0xfffffa80075a5580] 20:06:01.335 5 ACPI.sys[fffff88000f307a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80075a2060] 20:06:05.206 AVAST engine scan C:\Windows 20:06:12.327 AVAST engine scan C:\Windows\system32 20:10:12.611 AVAST engine scan C:\Windows\system32\drivers 20:10:33.398 AVAST engine scan C:\Users\(***) 21:58:18.843 AVAST engine scan C:\ProgramData 22:23:15.549 Scan finished successfully 00:25:47.981 Disk 1 MBR has been saved successfully to "C:\Users\(***)\Desktop\MBR.dat" 00:25:47.996 The log file has been saved successfully to "C:\Users\(***)\Desktop\aswMBR.txt" Viele Grüße, Bangalorean |
20.06.2012, 09:09 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Wegen desinfec't spricht dich evtl nochmal W_Dackel an Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
20.06.2012, 23:41 | #15 |
| Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** Endspurt. Hier ist das Log zu MalWareBytes (ich könnte schwören, dass ich das schon gepostet habe... hmmm... ich werde alt... hoffentlich :-)) Also... ich hoffe, ich habe die richtige Log-Datei erwischt. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.20.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 (***) :: SIRIUS [Administrator] Schutz: Aktiviert 20.06.2012 10:39:49 mbam-log-2012-06-20 (10-39-49).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1080244 Laufzeit: 3 Stunde(n), 32 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/20/2012 at 11:11 PM Application Version : 5.1.1002 Core Rules Database Version : 8763 Trace Rules Database Version: 6575 Scan type : Complete Scan Total Scan Time : 08:30:13 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Administrator Memory items scanned : 720 Memory threats detected : 0 Registry items scanned : 73505 Registry threats detected : 0 File items scanned : 639934 File threats detected : 1149 Adware.Tracking Cookie C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@247realmedia[1].txt [ /247realmedia ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@a2.adserver01[1].txt [ /a2.adserver01 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@account.live[2].txt [ /account.live ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad-mngt[1].txt [ /ad-mngt ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad.71i[1].txt [ /ad.71i ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad.adnet[2].txt [ /ad.adnet ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad.bauerverlag[1].txt [ /ad.bauerverlag ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad.labpixies[2].txt [ /ad.labpixies ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad.salebroker[2].txt [ /ad.salebroker ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad.zanox[2].txt [ /ad.zanox ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adbrite[1].txt [ /adbrite ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adfarm1.adition[2].txt [ /adfarm1.adition ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adopt.euroclick[1].txt [ /adopt.euroclick ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adopt.specificclick[2].txt [ /adopt.specificclick ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.ad4game[2].txt [ /ads.ad4game ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.admediate[1].txt [ /ads.admediate ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.mediaflite[1].txt [ /ads.mediaflite ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.mininova[1].txt [ /ads.mininova ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.ookla[2].txt [ /ads.ookla ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.planetactive[1].txt [ /ads.planetactive ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.quartermedia[1].txt [ /ads.quartermedia ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.sun[2].txt [ /ads.sun ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.us.e-planning[1].txt [ /ads.us.e-planning ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adserv.controllingportal[2].txt [ /adserv.controllingportal ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adserver.71i[1].txt [ /adserver.71i ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adserver.easyad[1].txt [ /adserver.easyad ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adserver.konradin[1].txt [ /adserver.konradin ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adserver.trojaner-info[1].txt [ /adserver.trojaner-info ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adsrv.admediate[1].txt [ /adsrv.admediate ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adultfriendfinder[1].txt [ /adultfriendfinder ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@advertising[2].txt [ /advertising ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@as1.falkag[1].txt [ /as1.falkag ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@atdmt[1].txt [ /atdmt ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@autoscout24.112.2o7[1].txt [ /autoscout24.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@axelspringer.122.2o7[1].txt [ /axelspringer.122.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@banner.testberichte[1].txt [ /banner.testberichte ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@bravenet[2].txt [ /bravenet ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@c.gigcount[1].txt [ /c.gigcount ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@chitika[2].txt [ /chitika ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@clickandbuy[1].txt [ /clickandbuy ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@collective-media[1].txt [ /collective-media ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@content.yieldmanager[2].txt [ /content.yieldmanager ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@count.spring[1].txt [ /count.spring ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@counter.msi.com[2].txt [ /counter.msi.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@cpx.mediascale[1].txt [ /cpx.mediascale ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@delivery.ads.coupling-media[1].txt [ /delivery.ads.coupling-media ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@deutschepostag.112.2o7[1].txt [ /deutschepostag.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@dmtracker[1].txt [ /dmtracker ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@e-2dj6wjlyamcpmgo.stats.esomniture[2].txt [ /e-2dj6wjlyamcpmgo.stats.esomniture ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@edge.ru4[2].txt [ /edge.ru4 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@efashionsolutions.122.2o7[1].txt [ /efashionsolutions.122.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@euros4click[2].txt [ /euros4click ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@faq.kochmedia[2].txt [ /faq.kochmedia ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@gcc-08.googleadservices[1].txt [ /gcc-08.googleadservices ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@gtb1.acecounter[1].txt [ /gtb1.acecounter ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@hbxtracking.sueddeutsche[1].txt [ /hbxtracking.sueddeutsche ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@hearstmagazines.112.2o7[1].txt [ /hearstmagazines.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@hmt.connexpromotions[2].txt [ /hmt.connexpromotions ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@im.banner.t-online[1].txt [ /im.banner.t-online ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@imrworldwide[2].txt [ /imrworldwide ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@indextools[2].txt [ /indextools ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@insightexpressai[1].txt [ /insightexpressai ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@kabelbw.112.2o7[1].txt [ /kabelbw.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@kddi.122.2o7[1].txt [ /kddi.122.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@komtrack[1].txt [ /komtrack ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@kontera[2].txt [ /kontera ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@m1.webstats.motigo[2].txt [ /m1.webstats.motigo ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@media6degrees[1].txt [ /media6degrees ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@mediametrics.mpsa[2].txt [ /mediametrics.mpsa ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@microsoftinternetexplorer.112.2o7[1].txt [ /microsoftinternetexplorer.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@microsoftoffice.112.2o7[1].txt [ /microsoftoffice.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@microsoftsto.112.2o7[1].txt [ /microsoftsto.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@msnaccountservices.112.2o7[2].txt [ /msnaccountservices.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@myfamily.112.2o7[1].txt [ /myfamily.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@opodo.122.2o7[1].txt [ /opodo.122.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@overture[1].txt [ /overture ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@partners.webmasterplan[2].txt [ /partners.webmasterplan ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@paypal.112.2o7[1].txt [ /paypal.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@perf.overture[1].txt [ /perf.overture ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@philips.112.2o7[1].txt [ /philips.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@pinnaclesystems.122.2o7[2].txt [ /pinnaclesystems.122.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@questionmarket[3].txt [ /questionmarket ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@realmedia[1].txt [ /realmedia ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@revsci[2].txt [ /revsci ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@richmedia.yahoo[1].txt [ /richmedia.yahoo ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@rotator.adjuggler[1].txt [ /rotator.adjuggler ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@s3.trafficmaxx[2].txt [ /s3.trafficmaxx ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@schuhfinder[1].txt [ /schuhfinder ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@server.iad.liveperson[1].txt [ /server.iad.liveperson ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@smartadserver[2].txt [ /smartadserver ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@specificclick[2].txt [ /specificclick ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@spylog[2].txt [ /spylog ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@stats.bmw[1].txt [ /stats.bmw ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@stats.lukeredpath.co[1].txt [ /stats.lukeredpath.co ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@stats.paypal[2].txt [ /stats.paypal ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@stats.searchtrack[1].txt [ /stats.searchtrack ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@statsweb.bnpparibas[2].txt [ /statsweb.bnpparibas ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@support.kochmedia[1].txt [ /support.kochmedia ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@te.kontera[2].txt [ /te.kontera ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tele2de.112.2o7[1].txt [ /tele2de.112.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@track.webtrekk[1].txt [ /track.webtrekk ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@track.webtrekk[2].txt [ /track.webtrekk ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@track.webtrekk[3].txt [ /track.webtrekk ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tracking.mindshare[2].txt [ /tracking.mindshare ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tracking.mlsat02[1].txt [ /tracking.mlsat02 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tracking.quisma[1].txt [ /tracking.quisma ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@traffictrack[2].txt [ /traffictrack ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tribalfusion[2].txt [ /tribalfusion ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tripod[1].txt [ /tripod ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@truition.122.2o7[1].txt [ /truition.122.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tvtv.122.2o7[1].txt [ /tvtv.122.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@unicreditgroup.122.2o7[1].txt [ /unicreditgroup.122.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@videoegg.adbureau[2].txt [ /videoegg.adbureau ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@vodafonegroup.122.2o7[1].txt [ /vodafonegroup.122.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@weborama[2].txt [ /weborama ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@windowsmedia[2].txt [ /windowsmedia ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@winzip.122.2o7[1].txt [ /winzip.122.2o7 ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ww251.smartadserver[1].txt [ /ww251.smartadserver ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@www.etracker[1].txt [ /www.etracker ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@www.googleadservices[3].txt [ /www.googleadservices ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@www.w3counter[1].txt [ /www.w3counter ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@xiti[1].txt [ /xiti ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@youporn[2].txt [ /youporn ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@zanox-affiliate[1].txt [ /zanox-affiliate ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@zanox[2].txt [ /zanox ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@zbox.zanox[2].txt [ /zbox.zanox ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\O2DEIP2B.txt [ /2o7.net ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\XYKCML7Q.txt [ /eas.apm.emediate.eu ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@de.sitestat[3].txt [ /de.sitestat.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\73UVAZQJ.txt [ /ad2.adfarm1.adition.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\FOIX8POJ.txt [ /ad.yieldmanager.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\O8KJ27PR.txt [ /invitemedia.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\UJ8MHUB9.txt [ /adtech.de ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\0WMAB5BH.txt [ /go.easybitsmedia.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\KQO436L7.txt [ /bs.serving-sys.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\PXPW63W6.txt [ /serving-sys.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@de.sitestat[1].txt [ /de.sitestat.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@de.sitestat[2].txt [ /de.sitestat.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@de.sitestat[5].txt [ /de.sitestat.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\PIJVOUOO.txt [ /advertising.counterpath.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\G039KI2Y.txt [ /track.adform.net ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\6QHFQXZ4.txt [ /webmasterplan.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Y0OP7L3U.txt [ /amazon-adsystem.com ] C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\QN7T494C.txt [ /adform.net ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@eu.battle[2].txt [ Cookie:(***)@eu.battle.net/account ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@admax.quisma[2].txt [ Cookie:(***)@admax.quisma.com/tracking/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@www.latextop50[1].txt [ Cookie:(***)@www.latextop50.com/php/toplist/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@2o7[1].txt [ Cookie:(***)@2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@tribalfusion[2].txt [ Cookie:(***)@tribalfusion.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@indextools[2].txt [ Cookie:(***)@indextools.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@microsoftoffice.112.2o7[1].txt [ Cookie:(***)@microsoftoffice.112.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@rotator.adjuggler[1].txt [ Cookie:(***)@rotator.adjuggler.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@edge.ru4[2].txt [ Cookie:(***)@edge.ru4.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@eas.apm.emediate[1].txt [ Cookie:(***)@eas.apm.emediate.eu/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@truition.122.2o7[1].txt [ Cookie:(***)@truition.122.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\I20EB5KF.txt [ Cookie:(***)@ad3.adfarm1.adition.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@track.webtrekk[3].txt [ Cookie:(***)@track.webtrekk.de/445541762785972/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@traffictrack[2].txt [ Cookie:(***)@traffictrack.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@opodo.122.2o7[1].txt [ Cookie:(***)@opodo.122.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@overture[1].txt [ Cookie:(***)@overture.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@hmt.connexpromotions[2].txt [ Cookie:(***)@hmt.connexpromotions.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@partners.webmasterplan[2].txt [ Cookie:(***)@partners.webmasterplan.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@perf.overture[1].txt [ Cookie:(***)@perf.overture.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@de.sitestat[3].txt [ Cookie:(***)@de.sitestat.com/sueddeutsche/sueddeutsche/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adserver.trojaner-info[1].txt [ Cookie:(***)@adserver.trojaner-info.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@zedo[1].txt [ Cookie:(***)@zedo.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adbrite[1].txt [ Cookie:(***)@adbrite.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@advertising[2].txt [ Cookie:(***)@advertising.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@server.iad.liveperson[1].txt [ Cookie:(***)@server.iad.liveperson.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adopt.specificclick[2].txt [ Cookie:(***)@adopt.specificclick.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@counter.msi.com[2].txt [ Cookie:(***)@counter.msi.com.tw/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@sextracker[2].txt [ Cookie:(***)@sextracker.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@statse.webtrendslive[2].txt [ Cookie:(***)@statse.webtrendslive.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@stats.bmw[1].txt [ Cookie:(***)@stats.bmw.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adserver.konradin[1].txt [ Cookie:(***)@adserver.konradin.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@www.etracker[1].txt [ Cookie:(***)@www.etracker.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@myfamily.112.2o7[1].txt [ Cookie:(***)@myfamily.112.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ads.admediate[1].txt [ Cookie:(***)@ads.admediate.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@schuhfinder[1].txt [ Cookie:(***)@schuhfinder.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@realmedia[1].txt [ Cookie:(***)@realmedia.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@stats.searchtrack[1].txt [ Cookie:(***)@stats.searchtrack.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adopt.euroclick[1].txt [ Cookie:(***)@adopt.euroclick.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ad.yieldmanager[2].txt [ Cookie:(***)@ad.yieldmanager.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@komtrack[1].txt [ Cookie:(***)@komtrack.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@clickandbuy[1].txt [ Cookie:(***)@clickandbuy.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@spylog[2].txt [ Cookie:(***)@spylog.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adtech[3].txt [ Cookie:(***)@adtech.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@mediametrics.mpsa[2].txt [ Cookie:(***)@mediametrics.mpsa.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@msnportal.112.2o7[1].txt [ Cookie:(***)@msnportal.112.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@apmebf[1].txt [ Cookie:(***)@apmebf.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@questionmarket[3].txt [ Cookie:(***)@questionmarket.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@mediaplex[2].txt [ Cookie:(***)@mediaplex.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@count.spring[1].txt [ Cookie:(***)@count.spring.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@bs.serving-sys[2].txt [ Cookie:(***)@bs.serving-sys.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:(***)@microsoftinternetexplorer.112.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\MZW25M33.txt [ Cookie:(***)@adfarm1.adition.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@paypal.112.2o7[1].txt [ Cookie:(***)@paypal.112.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@s3.trafficmaxx[2].txt [ Cookie:(***)@s3.trafficmaxx.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ad.adnet[2].txt [ Cookie:(***)@ad.adnet.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@counter11.sextracker[1].txt [ Cookie:(***)@counter11.sextracker.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@msnaccountservices.112.2o7[2].txt [ Cookie:(***)@msnaccountservices.112.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@revsci[2].txt [ Cookie:(***)@revsci.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@www.latextop50[1].txt [ Cookie:(***)@www.latextop50.com/php/toplist/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@statsweb.bnpparibas[2].txt [ Cookie:(***)@statsweb.bnpparibas.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@fastclick[2].txt [ Cookie:(***)@fastclick.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@faq.kochmedia[2].txt [ Cookie:(***)@faq.kochmedia.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\2P9PNGZT.txt [ Cookie:(***)@atdmt.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@weborama[2].txt [ Cookie:(***)@weborama.fr/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@stats.paypal[2].txt [ Cookie:(***)@stats.paypal.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@track.webtrekk[1].txt [ Cookie:(***)@track.webtrekk.de/565556556123999/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@zanox[1].txt [ Cookie:(***)@zanox.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ad.zanox[2].txt [ Cookie:(***)@ad.zanox.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@media.adrevolver[1].txt [ Cookie:(***)@media.adrevolver.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ads.mediaflite[1].txt [ Cookie:(***)@ads.mediaflite.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@dmtracker[1].txt [ Cookie:(***)@dmtracker.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@track.webtrekk[2].txt [ Cookie:(***)@track.webtrekk.de/717271728474897/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@cpx.mediascale[1].txt [ Cookie:(***)@cpx.mediascale.de/cpx/action/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@te.kontera[2].txt [ Cookie:(***)@te.kontera.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@media.expedia[2].txt [ Cookie:(***)@media.expedia.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@bluestreak[1].txt [ Cookie:(***)@bluestreak.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@kontera[2].txt [ Cookie:(***)@kontera.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@stats.lukeredpath.co[1].txt [ Cookie:(***)@stats.lukeredpath.co.uk/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@microsoftsto.112.2o7[1].txt [ Cookie:(***)@microsoftsto.112.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@clickbank[1].txt [ Cookie:(***)@clickbank.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@deutschepostag.112.2o7[1].txt [ Cookie:(***)@deutschepostag.112.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@tracking.mlsat02[1].txt [ Cookie:(***)@tracking.mlsat02.de/tmobile/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@support.kochmedia[1].txt [ Cookie:(***)@support.kochmedia.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@efashionsolutions.122.2o7[1].txt [ Cookie:(***)@efashionsolutions.122.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@delivery.ads.coupling-media[1].txt [ Cookie:(***)@delivery.ads.coupling-media.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@zbox.zanox[2].txt [ Cookie:(***)@zbox.zanox.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@autoscout24.112.2o7[1].txt [ Cookie:(***)@autoscout24.112.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@de.sitestat[1].txt [ Cookie:(***)@de.sitestat.com/lycos-de/de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@webmasterplan[2].txt [ Cookie:(***)@webmasterplan.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@philips.112.2o7[1].txt [ Cookie:(***)@philips.112.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adviva[2].txt [ Cookie:(***)@adviva.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@videoegg.adbureau[2].txt [ Cookie:(***)@videoegg.adbureau.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@casalemedia[1].txt [ Cookie:(***)@casalemedia.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@winzip.122.2o7[1].txt [ Cookie:(***)@winzip.122.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@content.yieldmanager[2].txt [ Cookie:(***)@content.yieldmanager.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ww251.smartadserver[1].txt [ Cookie:(***)@ww251.smartadserver.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@247realmedia[1].txt [ Cookie:(***)@247realmedia.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@account.live[2].txt [ Cookie:(***)@account.live.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@de.sitestat[2].txt [ Cookie:(***)@de.sitestat.com/lycos-de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ehg-tvtv.hitbox[1].txt [ Cookie:(***)@ehg-tvtv.hitbox.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@tracking.quisma[1].txt [ Cookie:(***)@tracking.quisma.com/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@hbxtracking.sueddeutsche[1].txt [ Cookie:(***)@hbxtracking.sueddeutsche.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@kddi.122.2o7[1].txt [ Cookie:(***)@kddi.122.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@a2.adserver01[1].txt [ Cookie:(***)@a2.adserver01.de/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@pinnaclesystems.122.2o7[2].txt [ Cookie:(***)@pinnaclesystems.122.2o7.net/ ] C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@zanox-affiliate[1].txt [ Cookie:(***)@zanox-affiliate.de/ ] C:\USERS\(***)\Cookies\(***)@windowsmedia[2].txt [ Cookie:(***)@windowsmedia.com/ ] C:\USERS\(***)\Cookies\O2DEIP2B.txt [ Cookie:(***)@2o7.net/ ] C:\USERS\(***)\Cookies\(***)@indextools[2].txt [ Cookie:(***)@indextools.com/ ] C:\USERS\(***)\Cookies\XYKCML7Q.txt [ Cookie:(***)@eas.apm.emediate.eu/ ] C:\USERS\(***)\Cookies\(***)@edge.ru4[2].txt [ Cookie:(***)@edge.ru4.com/ ] C:\USERS\(***)\Cookies\(***)@ad.zanox[2].txt [ Cookie:(***)@ad.zanox.com/ ] C:\USERS\(***)\Cookies\(***)@ads.mediaflite[1].txt [ Cookie:(***)@ads.mediaflite.de/ ] C:\USERS\(***)\Cookies\(***)@hmt.connexpromotions[2].txt [ Cookie:(***)@hmt.connexpromotions.de/ ] C:\USERS\(***)\Cookies\(***)@perf.overture[1].txt [ Cookie:(***)@perf.overture.com/ ] C:\USERS\(***)\Cookies\(***)@de.sitestat[3].txt [ Cookie:(***)@de.sitestat.com/sueddeutsche/sueddeutsche/ ] C:\USERS\(***)\Cookies\(***)@adserver.trojaner-info[1].txt [ Cookie:(***)@adserver.trojaner-info.de/ ] C:\USERS\(***)\Cookies\(***)@cpx.mediascale[1].txt [ Cookie:(***)@cpx.mediascale.de/cpx/action/ ] C:\USERS\(***)\Cookies\(***)@adbrite[1].txt [ Cookie:(***)@adbrite.com/ ] C:\USERS\(***)\Cookies\(***)@advertising[2].txt [ Cookie:(***)@advertising.com/ ] C:\USERS\(***)\Cookies\(***)@adopt.specificclick[2].txt [ Cookie:(***)@adopt.specificclick.net/ ] C:\USERS\(***)\Cookies\(***)@counter.msi.com[2].txt [ Cookie:(***)@counter.msi.com.tw/ ] C:\USERS\(***)\Cookies\(***)@adserver.konradin[1].txt [ Cookie:(***)@adserver.konradin.de/ ] C:\USERS\(***)\Cookies\(***)@deutschepostag.112.2o7[1].txt [ Cookie:(***)@deutschepostag.112.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@ads.admediate[1].txt [ Cookie:(***)@ads.admediate.com/ ] C:\USERS\(***)\Cookies\(***)@a2.adserver01[1].txt [ Cookie:(***)@a2.adserver01.de/ ] C:\USERS\(***)\Cookies\(***)@adopt.euroclick[1].txt [ Cookie:(***)@adopt.euroclick.com/ ] C:\USERS\(***)\Cookies\FOIX8POJ.txt [ Cookie:(***)@ad.yieldmanager.com/ ] C:\USERS\(***)\Cookies\(***)@clickandbuy[1].txt [ Cookie:(***)@clickandbuy.com/ ] C:\USERS\(***)\Cookies\(***)@delivery.ads.coupling-media[1].txt [ Cookie:(***)@delivery.ads.coupling-media.com/ ] C:\USERS\(***)\Cookies\UJ8MHUB9.txt [ Cookie:(***)@adtech.de/ ] C:\USERS\(***)\Cookies\(***)@mediametrics.mpsa[2].txt [ Cookie:(***)@mediametrics.mpsa.com/ ] C:\USERS\(***)\Cookies\(***)@autoscout24.112.2o7[1].txt [ Cookie:(***)@autoscout24.112.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@msnportal.112.2o7[1].txt [ Cookie:(***)@msnportal.112.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@questionmarket[3].txt [ Cookie:(***)@questionmarket.com/ ] C:\USERS\(***)\Cookies\0WMAB5BH.txt [ Cookie:(***)@go.easybitsmedia.com/ ] C:\USERS\(***)\Cookies\KQO436L7.txt [ Cookie:(***)@bs.serving-sys.com/ ] C:\USERS\(***)\Cookies\(***)@bravenet[2].txt [ Cookie:(***)@bravenet.com/ ] C:\USERS\(***)\Cookies\(***)@c.gigcount[1].txt [ Cookie:(***)@c.gigcount.com/ ] C:\USERS\(***)\Cookies\(***)@adfarm1.adition[2].txt [ Cookie:(***)@adfarm1.adition.com/ ] C:\USERS\(***)\Cookies\(***)@paypal.112.2o7[1].txt [ Cookie:(***)@paypal.112.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@ad.adnet[2].txt [ Cookie:(***)@ad.adnet.de/ ] C:\USERS\(***)\Cookies\(***)@s3.trafficmaxx[2].txt [ Cookie:(***)@s3.trafficmaxx.de/ ] C:\USERS\(***)\Cookies\(***)@e-2dj6wjlyamcpmgo.stats.esomniture[2].txt [ Cookie:(***)@e-2dj6wjlyamcpmgo.stats.esomniture.com/ ] C:\USERS\(***)\Cookies\(***)@pinnaclesystems.122.2o7[2].txt [ Cookie:(***)@pinnaclesystems.122.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@de.sitestat[1].txt [ Cookie:(***)@de.sitestat.com/is24-mail/is24-mail/ ] C:\USERS\(***)\Cookies\(***)@tripod[1].txt [ Cookie:(***)@tripod.com/ ] C:\USERS\(***)\Cookies\(***)@247realmedia[1].txt [ Cookie:(***)@247realmedia.com/ ] C:\USERS\(***)\Cookies\(***)@account.live[2].txt [ Cookie:(***)@account.live.com/ ] C:\USERS\(***)\Cookies\(***)@tracking.mindshare[2].txt [ Cookie:(***)@tracking.mindshare.de/ ] C:\USERS\(***)\Cookies\(***)@eu.battle[2].txt [ Cookie:(***)@eu.battle.net/account ] C:\USERS\(***)\Cookies\(***)@de.sitestat[2].txt [ Cookie:(***)@de.sitestat.com/lycos-de/ ] C:\USERS\(***)\Cookies\(***)@faq.kochmedia[2].txt [ Cookie:(***)@faq.kochmedia.com/ ] C:\USERS\(***)\Cookies\(***)@youporn[2].txt [ Cookie:(***)@youporn.com/ ] C:\USERS\(***)\Cookies\(***)@tracking.quisma[1].txt [ Cookie:(***)@tracking.quisma.com/ ] C:\USERS\(***)\Cookies\(***)@weborama[2].txt [ Cookie:(***)@weborama.fr/ ] C:\USERS\(***)\Cookies\(***)@tribalfusion[2].txt [ Cookie:(***)@tribalfusion.com/ ] C:\USERS\(***)\Cookies\(***)@microsoftoffice.112.2o7[1].txt [ Cookie:(***)@microsoftoffice.112.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@rotator.adjuggler[1].txt [ Cookie:(***)@rotator.adjuggler.com/ ] C:\USERS\(***)\Cookies\(***)@truition.122.2o7[1].txt [ Cookie:(***)@truition.122.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@track.webtrekk[3].txt [ Cookie:(***)@track.webtrekk.de/445541762785972/ ] C:\USERS\(***)\Cookies\(***)@traffictrack[2].txt [ Cookie:(***)@traffictrack.de/ ] C:\USERS\(***)\Cookies\(***)@dmtracker[1].txt [ Cookie:(***)@dmtracker.com/ ] C:\USERS\(***)\Cookies\(***)@opodo.122.2o7[1].txt [ Cookie:(***)@opodo.122.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@overture[1].txt [ Cookie:(***)@overture.com/ ] C:\USERS\(***)\Cookies\(***)@partners.webmasterplan[2].txt [ Cookie:(***)@partners.webmasterplan.com/ ] C:\USERS\(***)\Cookies\(***)@te.kontera[2].txt [ Cookie:(***)@te.kontera.com/ ] C:\USERS\(***)\Cookies\(***)@track.webtrekk[2].txt [ Cookie:(***)@track.webtrekk.de/717271728474897/ ] C:\USERS\(***)\Cookies\(***)@kontera[2].txt [ Cookie:(***)@kontera.com/ ] C:\USERS\(***)\Cookies\(***)@server.iad.liveperson[1].txt [ Cookie:(***)@server.iad.liveperson.net/ ] C:\USERS\(***)\Cookies\(***)@microsoftsto.112.2o7[1].txt [ Cookie:(***)@microsoftsto.112.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@stats.bmw[1].txt [ Cookie:(***)@stats.bmw.de/ ] C:\USERS\(***)\Cookies\(***)@www.etracker[1].txt [ Cookie:(***)@www.etracker.de/ ] C:\USERS\(***)\Cookies\(***)@kddi.122.2o7[1].txt [ Cookie:(***)@kddi.122.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@myfamily.112.2o7[1].txt [ Cookie:(***)@myfamily.112.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@realmedia[1].txt [ Cookie:(***)@realmedia.com/ ] C:\USERS\(***)\Cookies\(***)@stats.searchtrack[1].txt [ Cookie:(***)@stats.searchtrack.net/ ] C:\USERS\(***)\Cookies\(***)@tracking.mlsat02[1].txt [ Cookie:(***)@tracking.mlsat02.de/tmobile/ ] C:\USERS\(***)\Cookies\(***)@komtrack[1].txt [ Cookie:(***)@komtrack.com/ ] C:\USERS\(***)\Cookies\(***)@efashionsolutions.122.2o7[1].txt [ Cookie:(***)@efashionsolutions.122.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@spylog[2].txt [ Cookie:(***)@spylog.com/ ] C:\USERS\(***)\Cookies\(***)@zbox.zanox[2].txt [ Cookie:(***)@zbox.zanox.com/ ] C:\USERS\(***)\Cookies\(***)@count.spring[1].txt [ Cookie:(***)@count.spring.de/ ] C:\USERS\(***)\Cookies\(***)@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:(***)@microsoftinternetexplorer.112.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@content.yieldmanager[2].txt [ Cookie:(***)@content.yieldmanager.com/ ] C:\USERS\(***)\Cookies\(***)@admax.quisma[2].txt [ Cookie:(***)@admax.quisma.com/tracking/ ] C:\USERS\(***)\Cookies\(***)@msnaccountservices.112.2o7[2].txt [ Cookie:(***)@msnaccountservices.112.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@revsci[2].txt [ Cookie:(***)@revsci.net/ ] C:\USERS\(***)\Cookies\(***)@statsweb.bnpparibas[2].txt [ Cookie:(***)@statsweb.bnpparibas.com/ ] C:\USERS\(***)\Cookies\(***)@www.latextop50[1].txt [ Cookie:(***)@www.latextop50.com/php/toplist/ ] C:\USERS\(***)\Cookies\(***)@stats.paypal[2].txt [ Cookie:(***)@stats.paypal.com/ ] C:\USERS\(***)\Cookies\(***)@track.webtrekk[1].txt [ Cookie:(***)@track.webtrekk.de/565556556123999/ ] C:\USERS\(***)\Cookies\(***)@zanox[2].txt [ Cookie:(***)@zanox.com/ ] C:\USERS\(***)\Cookies\PIJVOUOO.txt [ Cookie:(***)@advertising.counterpath.com/ ] C:\USERS\(***)\Cookies\(***)@stats.lukeredpath.co[1].txt [ Cookie:(***)@stats.lukeredpath.co.uk/ ] C:\USERS\(***)\Cookies\(***)@schuhfinder[1].txt [ Cookie:(***)@schuhfinder.de/ ] C:\USERS\(***)\Cookies\(***)@support.kochmedia[1].txt [ Cookie:(***)@support.kochmedia.com/ ] C:\USERS\(***)\Cookies\6QHFQXZ4.txt [ Cookie:(***)@webmasterplan.com/ ] C:\USERS\(***)\Cookies\(***)@philips.112.2o7[1].txt [ Cookie:(***)@philips.112.2o7.net/ ] C:\USERS\(***)\Cookies\Y0OP7L3U.txt [ Cookie:(***)@amazon-adsystem.com/ ] C:\USERS\(***)\Cookies\QN7T494C.txt [ Cookie:(***)@adform.net/ ] C:\USERS\(***)\Cookies\(***)@videoegg.adbureau[2].txt [ Cookie:(***)@videoegg.adbureau.net/ ] C:\USERS\(***)\Cookies\(***)@winzip.122.2o7[1].txt [ Cookie:(***)@winzip.122.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@ww251.smartadserver[1].txt [ Cookie:(***)@ww251.smartadserver.com/ ] C:\USERS\(***)\Cookies\(***)@hbxtracking.sueddeutsche[1].txt [ Cookie:(***)@hbxtracking.sueddeutsche.de/ ] C:\USERS\(***)\Cookies\(***)@vodafonegroup.122.2o7[1].txt [ Cookie:(***)@vodafonegroup.122.2o7.net/ ] C:\USERS\(***)\Cookies\(***)@zanox-affiliate[1].txt [ Cookie:(***)@zanox-affiliate.de/ ] C:\USERS\(****)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(****)@server.iad.liveperson[2].txt [ Cookie:(****)@server.iad.liveperson.net/ ] C:\USERS\(****)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(****)@atdmt[1].txt [ Cookie:(****)@atdmt.com/ ] .imrworldwide.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .imrworldwide.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .collective-media.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .advertising.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ru4.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ru4.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .interclick.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .interclick.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adbrite.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adserver.twitpic.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] in.getclicky.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adserver.adtechus.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .kontera.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .at.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .surveymonkey.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .overture.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .247realmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.effiliation.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .readwriteenterprise.disqus.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .xiti.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .allbritton.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .eyewonder.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .im.banner.t-online.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .kantarmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] eas4.emediate.eu [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adxpose.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .paypal.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .dmtracker.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ru4.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .s.clickability.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .guj.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .cmp.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .overture.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .s.clickability.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .legolas-media.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .stats.complex.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .server.cpmstar.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .panthermedia.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .qnsr.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.qsstats.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.qsstats.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atlanticmedia.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .twittercounter.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .spylog.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .usairways.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediadump.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediadump.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .nextag.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .nextag.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .kwikmedia.nero.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .a.revenuemax.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .conrad.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.adserver01.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .p6.mediamolecule.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .secmedia.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] auslieferung.commindo-media-ressourcen.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .clicksor.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .loyaltypartner.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .stats.twtmore.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .stats.twtmore.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mm.chitika.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] dfb.stats.yum.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] s3.trafficmaxx.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] dc.tremormedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .bellglobemediapublishing.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .getclicky.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .static.getclicky.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .stats.paypal.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .legolas-media.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www8.addfreestats.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adlegend.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .kabelbw.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adserver.gs [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .cracked.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .cracked.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .cracked.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .cracked.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adx.chip.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .clickfuse.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] auslieferung.commindo-media-ressourcen.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.webtrekk.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .harrenmedianetwork.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .bizrate.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .bizrate.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.bizrate.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .bizrate.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .bizrate.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .rambler.ru [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .yadro.ru [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tns-counter.ru [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .openstat.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] netti.mtvmedia.fi [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] fi.sitestat.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] rotator.adjuggler.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] rotator.adjuggler.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] messagespace.advertserve.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] account.manning.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] stats.ilsemedia.nl [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .bt.ilsemedia.nl [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .accounts.google.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.klicktel.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.klicktel.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] banner.slashcam.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .histats.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .histats.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .realmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .realmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.zanox.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trackalyzer.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.youtube.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adbrite.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .unitymediaforum.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .unitymediaforum.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .unitymediaforum.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .unitymediaforum.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .eyewonder.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.zanox-affiliate.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .traffictrack.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .hightraffic.hugoboss.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .amazon-adsystem.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .amazon-adsystem.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.dc-storm.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trafficmp.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trafficmp.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .interclick.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ru4.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tuneupmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adbrite.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adbrite.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .advertising.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .www.tuneupmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .yieldmanager.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .apmebf.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediaplex.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] stats.vertriebsassistent.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .apmebf.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.google.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.youtube.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.google.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ads.saymedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] pulse-analytics-beacon.reutersmedia.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] banners.webmasterplan.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.zanox.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.zanox.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.mindshare.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.quisma.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .specificclick.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] dg.specificclick.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] oasc11.247realmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.loopinsight.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.loopinsight.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .saymedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.google.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .at.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tacoda.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tacoda.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ar.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zanox.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .weborama.fr [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .weborama.fr [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .weborama.fr [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.google.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .legolas-media.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.quisma.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] server.adformdsp.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adformdsp.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adform.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adform.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adform.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] traffic.brand-wall.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] traffic.brand-wall.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad3.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www4.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad1.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediaplex.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .fastclick.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zanox.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.usenext.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] eas4.emediate.eu [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ww251.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ww251.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad4.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .at.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad2.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adserver.itsfogo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] statse.webtrendslive.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.google.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.google.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adbrite.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .msnbc.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .legolas-media.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .legolas-media.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .legolas-media.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .questionmarket.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .questionmarket.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] mediacdn.disqus.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .microsoftsto.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .advertising.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .advertising.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .statcounter.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] imagesrv.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z7TEXA8N ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AS1.FALKAG[1].TXT [ /AS1.FALKAG ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.OOKLA[2].TXT [ /ADS.OOKLA ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@EHG-ESET.HITBOX[1].TXT [ /EHG-ESET.HITBOX ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@HEARSTMAGAZINES.112.2O7[1].TXT [ /HEARSTMAGAZINES.112.2O7 ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.AD4GAME[2].TXT [ /ADS.AD4GAME ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ZANOX[2].TXT [ /ZANOX ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AD.LABPIXIES[2].TXT [ /AD.LABPIXIES ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@TELE2DE.112.2O7[1].TXT [ /TELE2DE.112.2O7 ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@DOUBLECLICK[1].TXT [ /DOUBLECLICK ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.QUARTERMEDIA[1].TXT [ /ADS.QUARTERMEDIA ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@HITBOX[2].TXT [ /HITBOX ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@MEDIA6DEGREES[1].TXT [ /MEDIA6DEGREES ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@GCC-08.GOOGLEADSERVICES[1].TXT [ /GCC-08.GOOGLEADSERVICES ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@EUROS4CLICK[2].TXT [ /EUROS4CLICK ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@COLLECTIVE-MEDIA[1].TXT [ /COLLECTIVE-MEDIA ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@RICHMEDIA.YAHOO[1].TXT [ /RICHMEDIA.YAHOO ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@FASTCLICK[1].TXT [ /FASTCLICK ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.HEIAS[1].TXT [ /ADS.HEIAS ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AD.BAUERVERLAG[1].TXT [ /AD.BAUERVERLAG ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@SPECIFICCLICK[2].TXT [ /SPECIFICCLICK ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.PLANETACTIVE[1].TXT [ /ADS.PLANETACTIVE ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@COUNTER.HITSLINK[1].TXT [ /COUNTER.HITSLINK ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@INSIGHTEXPRESSAI[1].TXT [ /INSIGHTEXPRESSAI ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AD.SALEBROKER[2].TXT [ /AD.SALEBROKER ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADULTFRIENDFINDER[1].TXT [ /ADULTFRIENDFINDER ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@XITI[1].TXT [ /XITI ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@UNICREDITGROUP.122.2O7[1].TXT [ /UNICREDITGROUP.122.2O7 ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@CHITIKA[2].TXT [ /CHITIKA ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADSERVER.EASYAD[1].TXT [ /ADSERVER.EASYAD ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AD-MNGT[1].TXT [ /AD-MNGT ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.SUN[2].TXT [ /ADS.SUN ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADSERV.CONTROLLINGPORTAL[2].TXT [ /ADSERV.CONTROLLINGPORTAL ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@SMARTADSERVER[2].TXT [ /SMARTADSERVER ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AD.71I[1].TXT [ /AD.71I ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@VODAFONEGROUP.122.2O7[1].TXT [ /VODAFONEGROUP.122.2O7 ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADSRV.ADMEDIATE[1].TXT [ /ADSRV.ADMEDIATE ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADTECH[1].TXT [ /ADTECH ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@GTB1.ACECOUNTER[1].TXT [ /GTB1.ACECOUNTER ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@WWW.W3COUNTER[1].TXT [ /WWW.W3COUNTER ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@BANNER.TESTBERICHTE[1].TXT [ /BANNER.TESTBERICHTE ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@WWW.GOOGLEADSERVICES[3].TXT [ /WWW.GOOGLEADSERVICES ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AXELSPRINGER.122.2O7[1].TXT [ /AXELSPRINGER.122.2O7 ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@TVTV.122.2O7[1].TXT [ /TVTV.122.2O7 ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@BURSTNET[1].TXT [ /BURSTNET ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@M1.WEBSTATS.MOTIGO[2].TXT [ /M1.WEBSTATS.MOTIGO ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@EHG-TECHTARGET.HITBOX[2].TXT [ /EHG-TECHTARGET.HITBOX ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADSERVER.71I[1].TXT [ /ADSERVER.71I ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@SERVING-SYS[1].TXT [ /SERVING-SYS ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@STATCOUNTER[2].TXT [ /STATCOUNTER ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.MININOVA[1].TXT [ /ADS.MININOVA ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADREVOLVER[1].TXT [ /ADREVOLVER ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@COUNTER9.SEXTRACKER[1].TXT [ /COUNTER9.SEXTRACKER ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.US.E-PLANNING[1].TXT [ /ADS.US.E-PLANNING ] C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@KABELBW.112.2O7[1].TXT [ /KABELBW.112.2O7 ] .tvtv.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .paypal.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .liveperson.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .specificclick.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .amazon-adsystem.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .amazon-adsystem.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adbrite.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .microsoftsto.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .eyewonder.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .xiti.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] wstat.wibiya.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .2mdn.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .kontera.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .eyewonder.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .getclicky.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .static.getclicky.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] in.getclicky.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adserver.adtechus.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ru4.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ru4.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .guj.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .uk.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .traffictrack.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .traffictrack.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tto2.traffictrack.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .conrad.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .atlanticmedia.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .deutschepostag.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .blogads.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .blogads.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .nextag.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .247realmedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .mediamonkey.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .mediamonkey.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .mediamonkey.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .usairways.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ad.zanox.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] tracking.mixxt.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] landing.trafficz.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] landing.trafficz.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] landing.trafficz.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] landing.trafficz.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] landing.trafficz.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.findwerk.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.findwerk.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .nextag.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .opodo.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .a.revenuemax.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .sonyeurope.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .liveperson.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ads.saymedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ads.saymedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .technoratimedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .technoratimedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .yadro.ru [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ad.adnet.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .blogads.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] tracking.sim-technik.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] partners.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .interclick.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .advertstream.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ww35.pornbest.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] tracking.publicidees.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] tracking.publicidees.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] tracking.hostgator.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .clicksor.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .clicksor.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .kabelbw.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] s03.flagcounter.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] 2.s03.flagcounter.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .shinystat.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .overture.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.rondostat.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.rondostat.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .xing.solution.weborama.fr [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .sdabocconi.solution.weborama.fr [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .sdabocconi.solution.weborama.fr [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .sdabocconi.solution.weborama.fr [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .sdabocconi.solution.weborama.fr [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .vogelservices.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .traffictrack.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ad.adserver01.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ebusiness.springer-business-media.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .quartermedia.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] clicks.pangora.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] clicks.pangora.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .liveperson.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .s.clickability.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .s.clickability.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tracking.percentmobile.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adxpose.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .unitymediaforum.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .unitymediaforum.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .unitymediaforum.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .unitymediaforum.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] adserver.ip-phone-forum.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .im.banner.t-online.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .socialmediaexaminer.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .www.socialmediaexaminer.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.socialmediaexaminer.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.socialmediaexaminer.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.googleadservices.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .libri.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ad.adnet.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .im.banner.t-online.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] server.adformdsp.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adformdsp.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .olympiaverlag.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] banner.lv.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .infoworldmediagroup.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .questionmarket.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .im.banner.t-online.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .yieldmanager.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tracking.mindshare.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ads2.iweb.cortica.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track71.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track71.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track71.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] eas4.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .clickfuse.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] dc.tremormedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adbrite.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adbrite.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.googleadservices.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] adserv.quality-channel.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] adserv.quality-channel.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.googleadservices.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .saymedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .microsoftwindows.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track1.httptrack.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track2.httptrack.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.usenext.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ad.dyntracker.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .zanox-affiliate.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .zanox.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.zanox-affiliate.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .lucidmedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .im.banner.t-online.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] server.adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] server.adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ad.adnet.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ad.adnet.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ad.zanox.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] adserv.quality-channel.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] www.visitortracklog.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] server.iad.liveperson.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adbrite.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] auslieferung.commindo-media-ressourcen.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] s1.trafficmaxx.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tribalfusion.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .pro-market.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .pro-market.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .pro-market.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .pro-market.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .pro-market.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .tacoda.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .ar.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .kqv.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] stats.united-domains.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .questionmarket.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] eas4.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ad3.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] eas4.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ww251.smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ad4.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] track.adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ad2.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] ad1.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ] C:\USERS\(****)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(****)@SERVING-SYS[2].TXT [ /SERVING-SYS ] C:\USERS\(****)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(****)@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ] C:\USERS\(****)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(****)@LIVEPERSON[1].TXT [ /LIVEPERSON ] C:\USERS\(****)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(****)@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ] Heur.Agent/Gen-WhiteBox C:\USERS\(***)\DOWNLOADS\DUPLICATECLEANER_SETUP (2).EXE Viele Grüße, Josef |
Themen zu Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.** |
100% cpu, dateisystem, desinfec't, exploit.java.cve-2011-3544, exploit.java.cve-2012-0507, heuristiks/extra, heuristiks/shuriken, nicht starten, pup.mywebsearch, win7, win7/64 |