|
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.11.2011, 07:55 | #16 | ||||
/// Helfer-Team | TR/Crypt.XPACK.Gen2Zitat:
Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 2. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
3. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
4. Systemscan mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
5. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 6. Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter Zitat:
Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
29.11.2011, 00:47 | #17 |
| TR/Crypt.XPACK.Gen2 AntiVir Echtzeitscanner ist aktiviert worden, nachdem er das heutige update geladen hatte.
__________________1) Gmer funktionierte nicht richtig und wurde daraufhin geschlossen 2) hat folgendes Ergenbis gebracht: Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net Windows 6.0.6002 Disk: WDC_WD2500BEVS-22UST0 rev.01.01A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 1 ntkrnlpa!IofCallDriver[0x82693912] -> \Device\Harddisk0\DR0[0x8558FAC8] 3 CLASSPNP[0x8073D8B3] -> ntkrnlpa!IofCallDriver[0x82693912] -> [0x85385C10] 5 acpi[0x8060F6BC] -> ntkrnlpa!IofCallDriver[0x82693912] -> \Device\Ide\IdeDeviceP0T0L0-0[0x845AB528] kernel: MBR read successfully user & kernel MBR OK |
01.12.2011, 00:33 | #18 |
| TR/Crypt.XPACK.Gen2 Nummer 3)
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8279 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 01.12.2011 00:31:54 mbam-log-2011-12-01 (00-31-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 390327 Laufzeit: 4 Stunde(n), 30 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully. |
01.12.2011, 16:33 | #19 |
/// Helfer-Team | TR/Crypt.XPACK.Gen2 fehlende Schritte noch, dann schauen wir weiter
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
01.12.2011, 21:10 | #20 |
| TR/Crypt.XPACK.Gen2 ... und weiter geht's: # 4) OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.12.2011 20:18:22 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\D***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 47,86% Memory free 3,98 Gb Paging File | 2,85 Gb Available in Paging File | 71,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147,29 Gb Total Space | 63,18 Gb Free Space | 42,90% Space Free | Partition Type: NTFS Drive D: | 73,64 Gb Total Space | 72,15 Gb Free Space | 97,97% Space Free | Partition Type: NTFS Computer Name: H*** | User Name: D*** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.01 20:16:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\D***\Downloads\OTL.exe PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.29 08:09:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009.10.26 13:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.05.31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe PRC - [2006.12.29 10:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe ========== Modules (No Company Name) ========== MOD - [2011.10.20 21:06:39 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll MOD - [2011.10.20 21:02:00 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll MOD - [2011.10.20 21:01:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll MOD - [2011.10.20 20:59:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MOD - [2011.10.20 20:19:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011.10.20 20:18:14 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011.10.20 20:17:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011.10.20 20:12:56 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011.10.20 20:12:17 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011.09.29 08:09:51 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2009.09.04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.10.31 10:40:26 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2007.10.31 10:40:26 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34534__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2007.10.31 10:40:26 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34592__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2007.10.31 10:40:26 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.34821__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2007.10.31 10:40:26 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.34808__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2007.10.31 10:40:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34570__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2007.10.31 10:40:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34591__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2007.10.31 10:40:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2007.10.31 10:40:26 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.34693__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2007.10.31 10:40:25 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.34761__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2007.10.31 10:40:24 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.34851__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2007.10.31 10:39:58 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.34776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2007.10.31 10:39:58 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2589.34843__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2007.10.31 10:39:58 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.34857__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2007.10.31 10:39:58 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.34781__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2007.10.31 10:39:58 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34549__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2007.10.31 10:39:58 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.34773__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2007.10.31 10:39:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2589.34842__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2007.10.31 10:39:57 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.34815__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2007.10.31 10:39:57 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.34707__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2007.10.31 10:39:57 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34606__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2007.10.31 10:39:57 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34557__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2007.10.31 10:39:57 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.34795__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2007.10.31 10:39:57 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34599__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2007.10.31 10:39:57 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.34728__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2007.10.31 10:39:57 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.34703__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2007.10.31 10:39:57 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.34727__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2007.10.31 10:39:57 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34612__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2007.10.31 10:39:56 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.34698__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2007.10.31 10:39:56 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.34748__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2007.10.31 10:39:56 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34613__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2007.10.31 10:39:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.34694__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2007.10.31 10:39:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.34702__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2007.10.31 10:39:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.34747__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2007.10.31 10:39:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2007.10.31 10:39:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2007.10.31 10:39:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2007.10.31 10:39:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll MOD - [2007.10.31 10:39:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2007.10.31 10:39:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll MOD - [2007.10.31 10:39:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2007.10.31 10:39:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll MOD - [2007.10.31 10:39:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll MOD - [2007.10.31 10:39:55 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2007.10.31 10:39:54 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll MOD - [2007.10.31 10:39:54 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2007.10.31 10:39:54 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2007.10.31 10:39:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2007.10.31 10:39:54 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2007.10.31 10:39:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2007.10.31 10:39:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2007.10.31 10:39:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2007.10.31 10:39:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2007.10.31 10:39:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll MOD - [2007.10.31 10:39:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2007.10.31 10:39:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2007.10.31 10:39:53 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2007.10.31 10:39:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2007.10.31 10:39:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2007.10.31 10:39:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2007.10.31 10:39:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2007.10.31 10:39:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2007.10.31 10:39:52 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2007.10.31 10:39:52 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2007.10.31 10:39:52 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2007.10.31 10:39:52 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2007.10.31 10:39:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2007.10.31 10:39:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2007.10.31 10:39:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll MOD - [2007.10.31 10:39:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll MOD - [2007.10.31 10:39:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2007.10.31 10:39:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2007.10.31 10:39:45 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2589.34827_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2007.10.31 10:39:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.34878__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2007.10.31 10:39:44 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.34834__90ba9c70f846762e\MOM.Implementation.dll MOD - [2007.10.31 10:39:44 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.34833__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2007.10.31 10:39:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2007.10.31 10:39:44 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2007.10.31 10:39:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2007.10.31 10:39:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2007.10.31 10:39:43 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34565__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2007.10.31 10:39:43 | 000,389,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2589.34827__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2007.10.31 10:39:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2007.10.31 10:39:42 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34533__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2007.10.31 10:39:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2007.10.31 10:39:41 | 001,404,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34543__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2007.10.31 10:39:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34533__90ba9c70f846762e\ATIDEMOS.dll MOD - [2007.10.31 10:39:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2007.10.31 10:39:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2007.10.31 10:39:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.10.31 10:39:40 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.34834__90ba9c70f846762e\CCC.Implementation.dll MOD - [2007.10.31 10:39:39 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2589.34532__90ba9c70f846762e\AEM.Server.dll MOD - [2007.02.02 15:01:32 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.01.19 17:23:44 | 000,016,384 | R--- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) ========== Driver Services (SafeList) ========== DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.22 20:01:17 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV05.sys -- (ACEDRV05) DRV - [2010.03.21 22:36:03 | 000,078,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV85.sys -- (SSHDRV85) DRV - [2010.01.12 05:42:22 | 000,241,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.10.26 14:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009.09.05 13:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.02.02 15:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.15 20:24:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.16 14:29:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.16 14:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D***\AppData\Roaming\mozilla\Extensions [2011.10.16 14:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2009.09.06 08:16:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found. O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 File not found O4 - HKCU..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game13.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} hxxp://www.pixum.de/apps/EasyUploadX.cab (Pixum EasyUploadX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E8D4F1F-A046-4298-B111-550053B2421C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EF3BF4C-F6B3-438F-8402-7DAD0C622F39}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA0539F3-C15B-4032-80A3-D7E5DEAB94D1}: NameServer = 62.109.123.7 213.191.92.86 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.28 22:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.28 22:06:44 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.23 20:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.11.18 00:30:54 | 000,000,000 | ---D | C] -- C:\_OTL [2011.11.17 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\D***\AppData\Roaming\Malwarebytes [2011.11.17 20:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.17 20:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.15 01:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2011.11.13 22:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.11.13 22:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.11.13 21:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.01 20:15:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.12.01 20:08:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.01 20:08:08 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.01 20:08:08 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.01 20:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.01 20:07:48 | 2011,283,456 | -HS- | M] () -- C:\hiberfil.sys [2011.12.01 07:59:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.29 03:35:37 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.29 03:35:37 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.29 03:35:37 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.29 03:35:37 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.28 22:06:51 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.28 21:55:10 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2011.11.28 21:46:08 | 000,302,592 | ---- | M] () -- C:\Users\D***\Desktop\0s4deved.exe [2011.11.15 01:20:14 | 000,014,410 | ---- | M] () -- C:\Users\D***\Desktop\Extras.zip [2011.11.15 01:08:04 | 000,008,801 | ---- | M] () -- C:\Users\D***\Desktop\OTL.zip [2011.11.15 01:07:39 | 000,001,032 | ---- | M] () -- C:\Users\D***\Desktop\Gmer.zip [2011.11.14 22:19:43 | 000,000,000 | ---- | M] () -- C:\Users\D***\defogger_reenable [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.28 22:06:51 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.28 21:56:39 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2011.11.28 21:46:05 | 000,302,592 | ---- | C] () -- C:\Users\D***\Desktop\0s4deved.exe [2011.11.27 14:23:12 | 2011,283,456 | -HS- | C] () -- C:\hiberfil.sys [2011.11.15 01:20:26 | 000,014,410 | ---- | C] () -- C:\Users\D***\Desktop\Extras.zip [2011.11.15 01:10:51 | 000,001,032 | ---- | C] () -- C:\Users\D***\Desktop\Gmer.zip [2011.11.15 01:10:41 | 000,008,801 | ---- | C] () -- C:\Users\D***\Desktop\OTL.zip [2011.11.14 22:19:43 | 000,000,000 | ---- | C] () -- C:\Users\D***\defogger_reenable [2010.08.13 09:33:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.08.13 09:33:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.08.12 11:55:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.08.09 21:05:04 | 000,000,037 | ---- | C] () -- C:\Windows\eprint.INI [2010.08.07 22:03:57 | 000,000,680 | ---- | C] () -- C:\Users\D***\AppData\Local\d3d9caps.dat [2010.05.15 20:12:49 | 000,179,649 | ---- | C] () -- C:\Windows\hpoins38.dat.temp [2010.05.15 20:12:49 | 000,000,622 | ---- | C] () -- C:\Windows\hpomdl38.dat.temp [2010.05.15 17:35:10 | 000,182,964 | ---- | C] () -- C:\Windows\hpoins38.dat [2010.05.15 17:35:09 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat [2010.03.21 22:36:03 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV85.sys [2010.02.14 16:58:30 | 000,000,024 | ---- | C] () -- C:\Windows\tm.ini [2010.02.14 15:01:44 | 000,000,248 | ---- | C] () -- C:\Windows\BUHL.INI [2009.12.09 20:00:24 | 000,001,294 | ---- | C] () -- C:\Windows\wiso.ini [2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.01.01 14:26:37 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.01.01 14:26:37 | 000,000,088 | RHS- | C] () -- C:\ProgramData\49D5FA307F.sys [2008.12.22 19:55:19 | 000,003,584 | ---- | C] () -- C:\Users\D***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.13 22:52:54 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.02.22 22:09:43 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini [2008.02.22 22:09:42 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.02.22 22:09:42 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI [2008.02.16 17:15:31 | 000,000,778 | ---- | C] () -- C:\Windows\eReg.dat [2007.10.31 10:36:11 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.10.31 10:36:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.10.31 10:36:10 | 000,128,813 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.10.10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_3.dll [2007.10.10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_2.dll [2007.10.10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_1.dll [2007.06.27 12:22:54 | 000,692,224 | ---- | C] () -- C:\Windows\libcurl.dll [2006.11.02 16:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,414,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [1997.09.04 00:00:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE [1997.09.04 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL [1997.09.04 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL [1997.09.04 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\VADE232.DLL [1997.09.04 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL ========== LOP Check ========== [2011.11.27 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\BDEDIT [2011.11.27 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\BDHTHELP [2010.02.14 13:16:08 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\Bullzip [2010.09.18 13:47:38 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\GARMIN [2010.05.11 20:47:50 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\ICQ [2010.02.27 17:58:06 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\ICQ Toolbar [2010.02.14 15:04:49 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\tax [2011.06.13 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\temp [2011.12.01 08:04:49 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.12.2011 20:18:22 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\D***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 47,86% Memory free 3,98 Gb Paging File | 2,85 Gb Available in Paging File | 71,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147,29 Gb Total Space | 63,18 Gb Free Space | 42,90% Space Free | Partition Type: NTFS Drive D: | 73,64 Gb Total Space | 72,15 Gb Free Space | 97,97% Space Free | Partition Type: NTFS Computer Name: H*** | User Name: D*** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03815124-18D5-4403-B6E0-5022896F851D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{0784789C-A995-4B16-AD2A-533142DF48F3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0B79A398-D137-4742-9579-FCAB4D55BEA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{10B86021-F184-43DE-BE05-42646B27BEC2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1157AC94-8F81-4DE3-946B-8B5CD1B2F01D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1521D7B9-3C80-4963-9DB3-25FDB19611F5}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{201967BE-5321-4634-8414-7FD55D267EA4}" = lport=5357 | protocol=6 | dir=in | app=system | "{22E76731-0A68-4374-89C9-7B83BAF72C98}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{26B55C68-1D0B-4968-BEB8-ACE3E5D46030}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{3106AA19-568C-4355-9457-632CE73ED94E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{31E75A0D-D1B5-4F7C-9E43-4B57F7E8B837}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{3649612D-2E15-47D0-9E11-3CDE91132E9F}" = rport=5357 | protocol=6 | dir=out | app=system | "{3EDE2497-C8E8-49DD-B59F-C1D6D8066692}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{3F69EFD1-7A7A-4328-B8B2-DDCE48F5F62A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{44024047-7085-426D-A02E-7F440BED01F4}" = rport=5358 | protocol=6 | dir=out | app=system | "{460A7FA4-DE3A-4F3B-9BAB-6EC2A52DF809}" = lport=2869 | protocol=6 | dir=in | app=system | "{4ADB6BE4-ED64-4D63-A3FE-26046D59F41F}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{4C2127AB-4AA4-4899-8A84-AFDDADBA91AA}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{50B3AAD6-EF7F-48DE-88DB-DE79A02BA001}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5B95CAFB-50EB-4AA8-BCD4-3ED448BB5075}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{5E53AF24-A693-4C85-B7F4-CB81E1CCBE9F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{5EFA513F-36A2-48A7-872E-34453782D2A8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{66A52798-37AA-42CB-9039-3479B9F6DBAE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{6D64EEC9-528A-4EAB-B5AE-BE17FF8F1559}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{7523C062-99C3-4D7C-99AB-6764B5457578}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{867BFC63-BEED-402D-8E66-CE5B5A3AA079}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{8CEA0030-C8B0-450E-AF99-A35538D67CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{93E2B2B7-A3F2-49D3-B719-9C4AA47F470E}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{94612743-FB2D-4F9A-ACF1-91CB23529D5C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{963FC710-AC5A-4CEF-9B63-45CA73553694}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{9B3A698B-E0C7-455D-99A8-BBB975ED4785}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A1AEF819-DEE0-4738-8747-5C7881074A2A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{A502A13B-023C-44CC-8AAB-9477F15303F6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A6FB03E6-1D71-4C29-89C7-47AF29A7FA43}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{B2939187-EA21-40A7-9DC5-B852E5C8B23F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BCD8B253-6684-4F4D-881E-71431276FC2B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BE6CC0A0-0843-4B80-912D-F44231A8AECF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BEF3C52A-BF45-45D5-8601-428D9C0D9DF3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{C499D6AA-A352-4704-AE00-4D909DB2CD0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C7536E93-FD8E-443F-864E-7AFBD4EDA02A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D07F9716-F2DF-4703-93D9-229FA3FBBFB7}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{D13F24B7-A166-4EB4-80D0-D1BE9F90EF59}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{D1AC7322-4777-4940-B7A3-17EE26F6CA57}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{E7B89B54-3233-4084-93C0-0848E5966932}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{EC9A2D6D-1664-400A-B8FD-EC1603128B7B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EDB1C69A-0A44-49EB-8A54-DC7323345BBE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F4EE9210-B533-456F-8D56-37B7DDA47E56}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{F8891D9B-F045-49F8-934D-0C768F168923}" = lport=5358 | protocol=6 | dir=in | app=system | "{FFE9CEF5-112E-4B7A-BAF8-4A25BECA686F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02F5A5FA-7090-440E-A4CE-BE1576D18D3B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0738BA49-FEDD-4877-A6DD-D435A0B7FD74}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{11219396-CB69-4CAE-B302-3BAA3E43A58E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{1337B7B0-F15C-4CB1-BB8F-6A75FC6830E6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{134DF7D5-96AA-4925-A67D-5C11815BCDD5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{18CD1637-239F-468C-AF72-483A93C869AC}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{18D49F0C-1D05-4A21-8C26-C9A38C7A71D9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{1916216E-EAD6-4CC4-AD33-553FEE14BADE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{2005DD88-F341-47D4-890D-272B1B88587B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{256E5AF1-B5C2-4D8E-B98A-C036B24840D1}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{3EA572FE-9743-469A-8157-BB277EA1E7EF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{428787B7-C8D9-40AC-990E-E381C29FC308}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{511E40B3-E5F8-4FB2-9514-ABEE2560D248}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{58838C00-1FD9-4A60-AEEA-121C9F2D4183}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5A08A4E3-AAED-419D-B1FC-09242A0B9A95}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{5C4E39C8-45FF-4CA0-9F8E-37D438D227CB}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{7156B9C8-FDDD-4856-8308-A4294EFE295F}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{728DED85-7C4C-436B-B0F2-B0E3C2E0C52B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{7C882E1E-81FE-41EA-8238-2AF036DFEB5B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{852177A9-B432-40FC-BFCC-067F13099F45}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{917F5B78-0C1C-4F0D-8BBE-FC0B04223EC6}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{91E93FF4-0F7F-4D24-90DB-7BCD4726018C}" = dir=in | app=c:\program files\itunes\itunes.exe | "{9456AAA2-5A21-4C83-AFE5-D435D22A65A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{94C4A150-1D94-4450-ACD9-61240C3C1097}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{96716147-F4C3-4A8F-9F94-C9096B1063E7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9A0B92A5-1DE7-4855-BD46-3954AEA4E9A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9D5B5063-74CA-4DEA-A4C5-7DAD0D6B24B9}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{9F5B793D-93A5-47C5-8440-CE41DB4D081A}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{ABFB6E91-FA92-4D33-8A60-034AE4B95C8E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{AF7016AC-944C-499A-B4DF-EB97B151B933}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{B201EC31-C2B2-4B80-8520-B0CC5A996E11}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B2B92696-4DB9-4645-9AD9-BF578F24BA48}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | "{B6F570B4-3490-4FF6-9657-C89DA5B92C93}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B6FA6634-54C2-4171-A4AC-917123EE9503}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{B70CFD70-331B-458F-8351-7ACC3168279C}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | "{C64F857B-1AE6-40CA-9F66-37C624C1195D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CD3B41D0-DBB7-4255-9BA6-260C9227FB5B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CE750F41-D471-4F35-9EE9-D34F1A39E6CB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D2118D81-D8BE-4C06-B4DF-38F2E900AE4C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{D3959EA2-4375-4B83-8338-E53DECD98AB6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D41A088E-D928-4E2D-A9FB-803054DF0028}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{D9739EE4-6DA1-4E6C-ADCA-724C5FD08913}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{DD73F1A1-DE6E-4ED5-87A5-59DD9EE81913}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{E01F1D56-23A4-454D-A3CD-4504947115E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E3B9BD05-7A98-458E-87F0-D7A71762BEBD}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{E7C4AF19-F429-43FD-8F03-D3C00D509A21}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{E9070B8F-F7C5-46B5-9D01-3BE7F1538114}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{EBD17ED9-12DD-4C3A-B001-6CDDADEC0C42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{EBE5F861-0F7B-47F6-81A3-B44A9D1BBFB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{EC40408B-2955-46CE-AEAB-D6CA1AADBDEB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F8633CC1-6E8A-433F-B2F0-8E193B07E13D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "TCP Query User{42D1D9AC-4E47-4EA3-960C-185925890B0F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{55BA070B-2615-49E9-BE35-A45B35F55D58}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "TCP Query User{67D47B24-EE4F-4B55-B21A-772C0B5F369D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{6936A263-F18A-404D-97BC-B39DA34DC4B0}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{6A836EE1-732D-464E-BAAA-8E0304DF4959}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | "UDP Query User{341BA61D-4790-4D5B-AEF5-22EF03989E48}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{3A5F5B6C-D220-488C-AEA5-970DA3E9AEA7}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{3BD38682-A47F-4BFA-9944-27D354A7C9BC}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | "UDP Query User{8E8DD0FE-18F4-450E-BA9C-E1DD0CB79FFB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{EB88814E-1E38-4D5F-BFAA-155A78B7034B}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4 "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028741EB-70F5-BF63-EB23-480A7C48F096}" = CCC Help German "{0343FEB6-43EA-0608-CF1F-6B4D20784AA8}" = Catalyst Control Center Localization Italian "{03B5882D-D9DB-B950-CBE1-D03DDBFFF458}" = CCC Help Chinese Traditional "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05BA6FCD-1701-4AB9-8A1B-59008261695E}" = PS_AIO_06_B109a-m_SW_Min "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}" = Garmin Training Center "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B3A67B0-F54D-2F98-763C-B8E309135C38}" = Catalyst Control Center Localization Swedish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard "{1F9B00FC-AD74-A45C-3E73-83CF895E9CD0}" = Catalyst Control Center Localization Spanish "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{29F482A1-9828-5830-1F96-798E75CB90EB}" = CCC Help French "{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger "{2B541619-4920-A88A-AEB6-C4E76672B726}" = ccc-utility "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{30A9E47D-2B18-43FC-A562-8D1E3511C737}" = TablePlanner "{32AFDE70-6890-478B-BC92-8F3C76B8A77B}" = Branding "{37AF3415-B43F-FB0B-124B-4B207657DF66}" = Catalyst Control Center Localization Japanese "{396FD726-254C-40D8-8EB6-A00703F134BF}" = Buhl finance - tax 2004 Standard "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E5D1BD1-3451-15A7-D5EB-FB4C1C713C33}" = Catalyst Control Center Localization Chinese Standard "{3FB83D9B-35B3-44E2-639B-6839332BBB29}" = Catalyst Control Center Localization Portuguese "{40030378-9EB9-482A-AC10-195097CA624D}" = t@x 2009 Standard "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36 "{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4 "{48FD4CEC-7ED7-5220-2032-E780075764E4}" = CCC Help Japanese "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{587601F9-A917-AE27-263A-0854BE106BE9}" = Catalyst Control Center Localization German "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{60101C13-2C13-48FB-855D-33D9F3013133}" = B109a-m "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{625309B9-9853-B259-CA17-DA4838E2D7C6}" = Catalyst Control Center Localization Dutch "{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{66E98E51-BFF9-5922-1316-7AF58170CA54}" = Catalyst Control Center Graphics Light "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C97813-ADFC-AA48-D24F-17E6CD41B413}" = Skins "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{74EF2D1D-D3A6-3A56-1DD7-56A338BADD29}" = CCC Help Chinese Standard "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{787AD427-7FEB-A87C-4C2E-C95610EF345B}" = Catalyst Control Center Core Implementation "{7A36BFCB-D8A9-11D7-9E00-0004769EEFEB}" = Default "{7B80F2CF-3012-41B3-0083-D96E3B923A33}" = Fussball Manager 2003 "{7D489B30-1248-4F90-A99D-8D9169355B78}" = 3D-Globus DVD 2.0 "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav "{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{8535028B-D4EE-B929-97A0-354013AE5D94}" = Catalyst Control Center Localization Korean "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9279B0F3-C831-7C50-9F07-73B1219322B6}" = Catalyst Control Center Localization Chinese Traditional "{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics "{94E89EFD-5841-17EA-4F69-37A5DA58A735}" = CCC Help Spanish "{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth "{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A983135-BB9F-6E62-F282-AD76BB9551FE}" = CCC Help English "{9AE73DF3-2349-A626-AE42-7959D7583E2B}" = Catalyst Control Center Graphics Full Existing "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM "{A253A57F-4319-49B5-B405-64587FFBCFE2}" = HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 "{A603BB91-F08F-025F-4158-E897DC29D037}" = Catalyst Control Center Localization French "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA27D595-32F0-97EB-BC94-1ED22E7444A8}" = CCC Help Portuguese "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEBC4CA2-B05F-47E3-8680-B2CDB6E12006}" = WISO Sparbuch 2006 "{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE "{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57}" = ccc-core-static "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CCC67B82-CD80-9C07-4C4A-D5B9C7137399}" = CCC Help Italian "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{CEFD7155-9C9A-4D20-8DEC-3961BBBB0001}" = WISO Sparbuch 2005 "{D2B49278-3321-FFBA-0F7C-127878A9CB5D}" = CCC Help Dutch "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D3F3188E-EC4E-413B-BFEC-6A179ADB14FF}" = MSXML "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari "{D723FE60-F9EC-D688-0274-7BF2FF96E80A}" = Catalyst Control Center Graphics Full New "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E1FA2D24-5633-83B3-3C72-FB3749DAF724}" = CCC Help Swedish "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update "{EE6AA8D9-B369-44A0-A938-C897026B6B7B}" = BDElster-Telemodul "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{F5E23357-CDCE-0246-677C-8097DAA6F8C5}" = CCC Help Korean "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FA2B72B1-B29E-57FB-5AFB-74734AC3442E}" = Catalyst Control Center Graphics Previews Vista "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "ANSTOSS 3_is1" = ANSTOSS 3 "ATI Uninstaller" = ATI Uninstaller "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira Free Antivirus "Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.766 "Digitale Bibliothek 4" = Digitale Bibliothek 4 "FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09 "Google Updater" = Google Updater "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Photo Creations" = HP Photo Creations "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "InstallShield_{7D489B30-1248-4F90-A99D-8D9169355B78}" = 3D-Globus DVD 2.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de) "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Office8.0" = Microsoft Office 97, Professional Edition "Pingus" = Pingus "Pixum ePrint" = Pixum ePrint 1.2 "S2TNG" = Die Siedler II - Die nächste Generation "Shop for HP Supplies" = Shop for HP Supplies "Siedler3Deinstall" = Siedler3 "SMSERIAL" = Motorola SM56 Speakerphone Modem "softonic-de3 Toolbar" = softonic-de3 Toolbar "Windows Mobile Device Handbook" = Windows Mobile®-MDA Touch Handbuch ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.01.2010 10:27:29 | Computer Name = H*** | Source = WerSvc | ID = 5007 Description = Error - 01.01.2010 14:27:44 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 01.01.2010 14:27:44 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 01.01.2010 14:32:43 | Computer Name = H*** | Source = WerSvc | ID = 5007 Description = Error - 01.01.2010 17:26:31 | Computer Name = H*** | Source = VSS | ID = 8194 Description = Error - 01.01.2010 19:51:41 | Computer Name = H*** | Source = EventSystem | ID = 4621 Description = Error - 02.01.2010 16:03:17 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 02.01.2010 16:03:17 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 02.01.2010 16:07:54 | Computer Name = H*** | Source = WerSvc | ID = 5007 Description = Error - 02.01.2010 20:18:07 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 27.11.2011 10:07:06 | Computer Name = H*** | Source = Service Control Manager | ID = 7024 Description = Error - 27.11.2011 10:20:59 | Computer Name = H*** | Source = DCOM | ID = 10010 Description = Error - 28.11.2011 16:33:22 | Computer Name = H*** | Source = Service Control Manager | ID = 7024 Description = Error - 28.11.2011 22:02:48 | Computer Name = H*** | Source = DCOM | ID = 10005 Description = Error - 28.11.2011 22:02:48 | Computer Name = H*** | Source = Service Control Manager | ID = 7009 Description = Error - 28.11.2011 22:02:48 | Computer Name = H*** | Source = Service Control Manager | ID = 7000 Description = Error - 28.11.2011 22:05:08 | Computer Name = H*** | Source = Service Control Manager | ID = 7009 Description = Error - 28.11.2011 22:05:08 | Computer Name = H*** | Source = Service Control Manager | ID = 7000 Description = Error - 29.11.2011 03:00:06 | Computer Name = H*** | Source = DCOM | ID = 10010 Description = Error - 01.12.2011 03:04:40 | Computer Name = H*** | Source = DCOM | ID = 10010 Description = < End of report > |
01.12.2011, 21:13 | #21 |
| TR/Crypt.XPACK.Gen2 Das Ergebnis des CCleaners: Code:
ATTFilter 3D-Globus DVD 2.0 NATIONAL GEOGRAPHIC 23.05.2009 1.00.0000 Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 15.02.2008 14,0MB Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 21.03.2011 10.2.153.1 Adobe Reader 8.1.3 - Deutsch Adobe Systems Incorporated 31.12.2008 99,7MB 8.1.3 Adobe SVG Viewer 3.0 19.12.2010 4,78MB 3.0 ANSTOSS 3 15.05.2008 638MB Apple Application Support Apple Inc. 13.05.2011 51,0MB 1.5.1 Apple Mobile Device Support Apple Inc. 13.05.2011 21,8MB 3.4.0.25 Apple Software Update Apple Inc. 13.05.2011 2,26MB 2.1.2.120 ATI Catalyst Install Manager ATI Technologies, Inc. 13.03.2008 13,8MB 3.0.641.0 ATI Uninstaller ATI Technologies, Inc. 15.02.2008 13,9MB Audacity 1.2.6 22.10.2010 8,43MB Avira Free Antivirus Avira 27.10.2011 153,2MB 12.0.0.861 BDElster-Telemodul 25.02.2010 0,81MB Bonjour Apple Inc. 13.05.2011 1,10MB 2.0.5.0 Buhl finance - tax 2004 Standard Buhl Data Service GmbH 26.02.2010 1,09MB 5.00 Bullzip PDF Printer 6.0.0.766 Bullzip 30.04.2009 13,8MB CCleaner Piriform 30.11.2011 4,20MB 3.13 Compatibility Pack für 2007 Office System Microsoft Corporation 19.09.2011 111,0MB 12.0.6514.5001 CorelDRAW(R) Graphics Suite X4 Corel Corporation 31.12.2008 818MB CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension Corel Corporation 31.12.2008 1,81MB Default Ihr Firmenname 15.05.2008 1,91MB 1.00.0000 Die Siedler II - Die nächste Generation 06.03.2010 512MB Digitale Bibliothek 4 28.02.2009 7,55MB FirstSteps Diagnostics Fujitsu Siemens Computers 30.10.2007 4,67MB 1.00 FUSSBALL MANAGER 09 Electronic Arts 14.10.2010 3.842MB Fussball Manager 2003 18.12.2008 801MB Garmin Training Center Garmin Ltd or its subsidiaries 17.09.2010 58,3MB 3.5.3 Garmin USB Drivers Garmin Ltd or its subsidiaries 17.09.2010 0,12MB 2.3.0.0 Google Earth Google 27.06.2008 25,3MB 4.3.7204.836 Google Toolbar for Internet Explorer Google Inc. 17.09.2011 10,7MB 7.1.2003.1856 Google Updater Google Inc. 02.10.2011 3,99MB 2.4.2432.1652 GPL Ghostscript Lite 8.63 30.04.2009 11,4MB HP Customer Participation Program 14.0 HP 14.05.2010 211MB 14.0 HP Imaging Device Functions 14.0 HP 14.05.2010 2,45MB 14.0 HP Photo Creations HP Photo Creations Powered by RocketLife 23.05.2010 30,1MB 1.0.0.2261 HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 HP 14.05.2010 28,1MB 14.0 HP Smart Web Printing 4.60 HP 14.05.2010 25,4MB 4.60 HP Solution Center 14.0 HP 14.05.2010 2,54MB 14.0 HP Update Hewlett-Packard 14.05.2010 2,97MB 5.002.002.002 iTunes Apple Inc. 13.05.2011 143,9MB 10.2.2.14 Java(TM) 6 Update 21 Sun Microsystems, Inc. 31.07.2010 293MB 6.0.210 Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 27.11.2011 6,77MB 1.51.2.1300 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 23.08.2009 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 22.08.2009 37,0MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 12.08.2010 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 12.08.2010 24,5MB 4.0.30319 Microsoft Office 97, Professional Edition 21.02.2008 960MB Microsoft Office Home and Student 2010 Microsoft Corporation 08.10.2011 960MB 14.0.6029.1000 Microsoft Silverlight Microsoft Corporation 18.10.2011 202MB 4.0.60831.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 25.06.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.07.2009 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 27.06.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 30.01.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 25.06.2011 0,58MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 20.10.2011 16,5MB 10.0.40219 Microsoft Works Microsoft Corporation 12.12.2009 3,40MB 08.05.0822 Motorola SM56 Speakerphone Modem Motorola Inc 12.08.2010 2,71MB 6.12.25.06 Mozilla Firefox 7.0.1 (x86 de) Mozilla 15.10.2011 32,8MB 7.0.1 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 30.10.2007 1,27MB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.11.2008 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0 Nero 7 Essentials Nero AG 30.10.2007 377MB 7.02.5851 OpenOffice.org 3.2 OpenOffice.org 31.07.2010 379MB 3.2.9502 Paint.NET v3.36 dotPDN LLC 26.12.2008 3,97MB 3.36.0 Pingus 11.07.2008 0.7.2 Pixum ePrint 1.2 Diginet GmbH & Co. KG 08.08.2010 8,54MB 1.2.5105.10000 QuickTime Apple Inc. 13.05.2011 72,8MB 7.69.80.9 Realtek High Definition Audio Driver 30.10.2007 Safari Apple Inc. 17.11.2009 37,1MB 5.31.21.10 Shop for HP Supplies HP 14.05.2010 211MB 14.0 Siedler3 04.03.2010 233MB softonic-de3 Toolbar softonic-de3 03.06.2011 10,3MB Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 31.12.2008 32,5MB 8.0.0 t@x 2009 Standard Buhl Data Service GmbH 31.12.2009 526MB 16.00.6228 t@x 2010 Standard Buhl Data Service GmbH 30.01.2010 688MB 17.00.6531 t@x 2011 Buhl Data Service GmbH 03.06.2011 659MB 18.00.6928 Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Garmin 17.09.2010 06/03/2009 2.3.0.0 Windows Live Anmelde-Assistent Microsoft Corporation 05.03.2009 1,93MB 5.000.818.6 Windows Live Messenger Microsoft Corporation 12.03.2008 30,0MB 8.5.1302.1018 Windows Mobile Device Center Driver Update Microsoft Corporation 31.01.2009 42,4MB 6.1.6965.0 Windows Mobile®-MDA Touch Handbuch Microsoft Corporation 31.01.2009 25,8MB 1.0 WISO Sparbuch 2005 Buhl Data Service GmbH 20.03.2010 104,3MB 12.00.0000 WISO Sparbuch 2006 Buhl Data Service GmbH 21.03.2010 1.132MB 13.00.0000 HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:28:58, on 01.12.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\WindowsMobile\wmdcBase.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\taskeng.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: softonic-de3 - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: t@x aktuell.lnk = C:\Program Files\Buhl finance\tax Steuersoftware 2011\taxaktuell.exe O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - hxxp://www.pixum.de/apps/EasyUploadX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EA0539F3-C15B-4032-80A3-D7E5DEAB94D1}: NameServer = 62.109.123.7 213.191.92.86 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 9440 bytes Es kam die Meldung, dass man HijackThis unter Vista "Als Administrator ausführen" soll, jedoch war dies nicht verfügbar... sondern nur "öffnen". Geändert von Zyx124 (01.12.2011 um 21:33 Uhr) |
02.12.2011, 08:17 | #22 | ||||||
/// Helfer-Team | TR/Crypt.XPACK.Gen2Zitat:
1. Windows Defender: Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender Windows Defender komplett deaktivieren Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe) Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen. Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen. Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen. Start => services.msc ins Suchfeld eingeben. Es öffnet sich das Fenster der Dienste Doppelklick auf den Dienst "Windows Defender" Starttyp auf "Manuell" umstellen. Dienststatus beenden, falls der Dienst noch gestartet ist. ► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen ► Unter Dienste: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen 2. Die hier aufgelisteten Programme/Erweiterungen gelten als unnötig, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe". Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen, die Palette reicht von Toolbars und anderen Browser-Addons bis hin zu System-Utilities und oft die Checkbox bereits angeklickt ist, so dass man keine Möglichkeit hat, solche Zusätzprogramme abwählen. ► Einige (recht häufig vorkommende) Beispiele - was Deinen Rechner betrifft ist rot gefärbt : Code:
ATTFilter Babylon toolbar Bing Bar Conduit Engine DAEMON Tools Toolbar DVDVideoSoftTB Toolbar Facemoods Toolbar/Plug-In Google-Toolbar (Helper) & Partner Service - Google Inc kikin plugin McAfee Security Scan Plus <- nicht schädlich, aber unnötig diverse All-in-one Windows Registry Cleaner, freies System-Optimierer, kostenlose Windows-Uninstaller softonic-de3 Toolbar (Windows) Searchqu Toolbar Whenu Save! YouTube Downloader Toolbar Filesharing Software (wie z.B uTorrent, eMule & Co), Instant-Messaging-Client, QIP, IZArc, CPUID HWMonitor , Flash Player, Adobe Air, Silverlight, Foxit-Reader, CCleaner, Adobe Reader, Skype, Dingsby oder den RealPlayer in der Default-Einstellung installiert, Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren Zitat:
FF starten-> "Hilfe"-> über "Firefox"...Version 8 ist aktuell! Code:
ATTFilter Mozilla Firefox 7.0.1 aktualisieren: Zitat:
Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 6. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 7. reinige dein System mit Ccleaner:
8. Zitat:
Code:
ATTFilter :OTL IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found. O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe [2011.12.01 20:15:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.12.01 20:08:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.01 07:59:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job :Commands [purity] [emptytemp]
9.
10. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 11. ► Empfehlungen/Vorschläge - ► Bitte alles "Buchstabe genau" so machen wie empfohlen, also sehr sorgfälltig vorgehen!: Achtung!: Für die aufgelisteten Programme gelten zusätzlich, dass man nach Aktualisierung (AfterUpdate) erneut unter Start und Dienste nachkontrollieren muss! Wie lange dauert die Startvorgang? Unnötige Autostart-Programme abschalten: Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen. ► "Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart... Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten` (Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.) Falls Du mal brauchst, kannst manuell auch starten ► Also kannst Du, eins nach dem anderen aus dem Autostart rausnehmen, wenn das System nicht benötigt, dann sollten deaktiviert belassen werden Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*): Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter Du solltest nicht deaktivieren : Grafiktreibers Firewall Antivirenprogramm Sound ► Im Folgenden die bekanntesten Kandidaten auf der Liste, die Du ohne zu bedenken aus dem Autostart herausnehmen kannst: Zitat:
Code:
ATTFilter O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 ► Unnötige Dienste auf `Manuell oder Deaktiviert` stellen: Start -> Alle Programme-> Zu behör-> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" -> "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" setzen Code:
ATTFilter O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis mit Rechtsklick als Administrator starten-> `Do a system scan only`--> Einträge auswählen-> Häckhen setzen-> "Fix checked"klicken-->PC neu aufstarten) - fixe NUR Die von mir angegebenen Einträge!: HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Zitat:
poste erneut - nach der vorgenommenen Reinigungsaktion: ► TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!! ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
04.12.2011, 20:51 | #23 |
| TR/Crypt.XPACK.Gen2 Die Schritte 1-7 habe ich befolgt bzw WindowsDefender war bereits deaktiviert. Hier das Ergebnis vom Fixen mit OTL: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14\ deleted successfully. C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. File C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File C:\Program Files\softonic-de3\prxtbsof0.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File de3\prxtbsof0.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found. File de3\prxtbsof0.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\ not found. File E:\Autorun.exe not found. C:\Windows\Tasks\Google Software Updater.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: D*** ->Temp folder emptied: 8239256 bytes ->Temporary Internet Files folder emptied: 401970 bytes ->Java cache emptied: 41618520 bytes ->FireFox cache emptied: 43158340 bytes ->Flash cache emptied: 470 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 44812 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: T*** ->Temp folder emptied: 916358655 bytes ->Temporary Internet Files folder emptied: 464566132 bytes ->Java cache emptied: 43621069 bytes ->Apple Safari cache emptied: 1604608 bytes ->Flash cache emptied: 141353 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 23226785 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.472,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12042011_203135 Files\Folders moved on Reboot... File\Folder C:\Users\T***\AppData\Local\Temp\OICE_B3FEF9D9-0CC0-4F73-B074-7BEF837C0DA2.0\6A9727E5. not found! File\Folder C:\Users\T***\AppData\Local\Temp\OICE_B3FEF9D9-0CC0-4F73-B074-7BEF837C0DA2.0\F427ED00. not found! File\Folder C:\Users\T***\AppData\Local\Temp\OICE_81C1C343-ED24-44EC-B9F6-0703F64F0597.0\AD028200. not found! File\Folder C:\Users\T***\AppData\Local\Temp\OICE_6FE71D51-9C0E-493D-B9D9-35FB245E02AD.0\2527A216. not found! File\Folder C:\Users\T***\AppData\Local\Temp\OICE_5D2851E7-6AC1-4A88-80E0-BAA4CAB30A28.0\D0DD61C4. not found! File\Folder C:\Users\T***\AppData\Local\Temp\OICE_3C0ECDCA-DB2A-453D-B514-46F3A5C55E3A.0\B8345F5B. not found! File\Folder C:\Users\T***\AppData\Local\Temp\OICE_2428C7EA-7CD6-4BA1-9866-D79EC3103555.0\6980608B. not found! Registry entries deleted on Reboot... |
04.12.2011, 23:33 | #24 |
| TR/Crypt.XPACK.Gen2Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 12/04/2011 at 11:13 PM Application Version : 5.0.1136 Core Rules Database Version : 8012 Trace Rules Database Version: 5824 Scan type : Complete Scan Total Scan Time : 02:10:36 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Administrator Memory items scanned : 891 Memory threats detected : 0 Registry items scanned : 38746 Registry threats detected : 5 File items scanned : 61924 File threats detected : 394 Browser Hijacker.Deskbar HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32 HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version Adware.Tracking Cookie C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@atwola[2].txt [ Cookie:tamara@atwola.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@weborama[2].txt [ Cookie:tamara@weborama.fr/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@content.yieldmanager[1].txt [ Cookie:tamara@content.yieldmanager.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@adserver.71i[1].txt [ Cookie:tamara@adserver.71i.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@adtech[1].txt [ Cookie:tamara@adtech.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@apmebf[1].txt [ Cookie:tamara@apmebf.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@tacoda[2].txt [ Cookie:tamara@tacoda.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@advertising[1].txt [ Cookie:tamara@advertising.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stats.e-domizil[1].txt [ Cookie:tamara@stats.e-domizil.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@axelspringer.122.2o7[1].txt [ Cookie:tamara@axelspringer.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\763FKAK1.txt [ Cookie:tamara@bs.serving-sys.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@sevenoneintermedia.112.2o7[1].txt [ Cookie:tamara@sevenoneintermedia.112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@internetstores.112.2o7[1].txt [ Cookie:tamara@internetstores.112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@casalemedia[1].txt [ Cookie:tamara@casalemedia.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracking.3gnet[1].txt [ Cookie:tamara@tracking.3gnet.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9O9UDICJ.txt [ Cookie:tamara@tradedoubler.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@kursnet-finden.arbeitsagentur[1].txt [ Cookie:tamara@kursnet-finden.arbeitsagentur.de/kurs/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bfast[1].txt [ Cookie:tamara@bfast.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@media.adrevolver[1].txt [ Cookie:tamara@media.adrevolver.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-guj.hitbox[2].txt [ Cookie:tamara@ehg-guj.hitbox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@112.2o7[1].txt [ Cookie:tamara@112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wgmielcpwbp.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wgmielcpwbp.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stati.debitel[2].txt [ Cookie:tamara@stati.debitel.de/track/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@overture[2].txt [ Cookie:tamara@overture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\68XF796V.txt [ Cookie:tamara@mediaplex.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hasenet.122.2o7[2].txt [ Cookie:tamara@hasenet.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@list[1].txt [ Cookie:tamara@list.ru/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@specificclick[1].txt [ Cookie:tamara@specificclick.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.zanox-affiliate[1].txt [ Cookie:tamara@www.zanox-affiliate.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@nl.sitestat[2].txt [ Cookie:tamara@nl.sitestat.com/sport1/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracking.quisma[2].txt [ Cookie:tamara@tracking.quisma.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@roitracking[2].txt [ Cookie:tamara@roitracking.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@statse.webtrendslive[2].txt [ Cookie:tamara@statse.webtrendslive.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@de.sitestat[3].txt [ Cookie:tamara@de.sitestat.com/sport1/adv1/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@de.sitestat[6].txt [ Cookie:tamara@de.sitestat.com/ing-diba/de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@content.yieldmanager[1].txt [ Cookie:tamara@content.yieldmanager.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hamburgerabendblatt.122.2o7[1].txt [ Cookie:tamara@hamburgerabendblatt.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@de.sitestat[4].txt [ Cookie:tamara@de.sitestat.com/bdi/bdi-online/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.71i[1].txt [ Cookie:tamara@adserver.71i.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@alpha.adwaves[1].txt [ Cookie:tamara@alpha.adwaves.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7S1FW8N7.txt [ Cookie:tamara@serving-sys.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ads.quartermedia[2].txt [ Cookie:tamara@ads.quartermedia.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@premiumtv.122.2o7[1].txt [ Cookie:tamara@premiumtv.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\1N8YBQZQ.txt [ Cookie:tamara@adtech.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.zdf[2].txt [ Cookie:tamara@www.zdf.de/ZDFmediathek/content/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@s4.trafficmaxx[1].txt [ Cookie:tamara@s4.trafficmaxx.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@sixtgmbh.112.2o7[1].txt [ Cookie:tamara@sixtgmbh.112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@revsci[1].txt [ Cookie:tamara@revsci.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-baa.hitbox[2].txt [ Cookie:tamara@ehg-baa.hitbox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@de.sitestat[8].txt [ Cookie:tamara@de.sitestat.com/conrad-de/conrad/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ads.mediaflite[1].txt [ Cookie:tamara@ads.mediaflite.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@mh.motorpresse-statistik[1].txt [ Cookie:tamara@mh.motorpresse-statistik.de/track/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T121DJQF.txt [ Cookie:tamara@apmebf.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.etracker[2].txt [ Cookie:tamara@www.etracker.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hansenet.122.2o7[1].txt [ Cookie:tamara@hansenet.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hmt.connexpromotions[2].txt [ Cookie:tamara@hmt.connexpromotions.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MMRD7MCR.txt [ Cookie:tamara@zanox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bwinde.122.2o7[1].txt [ Cookie:tamara@bwinde.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stepstone.112.2o7[1].txt [ Cookie:tamara@stepstone.112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@localportal24de.112.2o7[1].txt [ Cookie:tamara@localportal24de.112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@advertising[2].txt [ Cookie:tamara@advertising.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@media.funpic[1].txt [ Cookie:tamara@media.funpic.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bwincom.122.2o7[2].txt [ Cookie:tamara@bwincom.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@advertiser.contextmatters[1].txt [ Cookie:tamara@advertiser.contextmatters.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@fastclick[2].txt [ Cookie:tamara@fastclick.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@akad.stats.seitenblick[1].txt [ Cookie:tamara@akad.stats.seitenblick.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.hxtrack[2].txt [ Cookie:tamara@www.hxtrack.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjkyqlc5cbo.stats.esomniture[1].txt [ Cookie:tamara@e-2dj6wjkyqlc5cbo.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@traffictrack[1].txt [ Cookie:tamara@traffictrack.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webtrekk[5].txt [ Cookie:tamara@track.webtrekk.de/999999122331222/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.easyad[1].txt [ Cookie:tamara@adserver.easyad.info/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@smartadserver[1].txt [ Cookie:tamara@smartadserver.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@indigio.122.2o7[1].txt [ Cookie:tamara@indigio.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@finanzportal20.112.2o7[1].txt [ Cookie:tamara@finanzportal20.112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@myhammer.122.2o7[1].txt [ Cookie:tamara@myhammer.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@zbox.zanox[1].txt [ Cookie:tamara@zbox.zanox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hbxtracking.sueddeutsche[2].txt [ Cookie:tamara@hbxtracking.sueddeutsche.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.azubo[2].txt [ Cookie:tamara@www.azubo.de/files/tracking/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@media6degrees[2].txt [ Cookie:tamara@media6degrees.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@opodo.122.2o7[1].txt [ Cookie:tamara@opodo.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@im.banner.t-online[2].txt [ Cookie:tamara@im.banner.t-online.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@zanox-affiliate[2].txt [ Cookie:tamara@zanox-affiliate.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad.adnet[2].txt [ Cookie:tamara@ad.adnet.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@mediaservices.myspace[1].txt [ Cookie:tamara@mediaservices.myspace.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@statcounter[1].txt [ Cookie:tamara@statcounter.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad1.emediate[1].txt [ Cookie:tamara@ad1.emediate.dk/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad.adnet[1].txt [ Cookie:tamara@ad.adnet.biz/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@libri.112.2o7[1].txt [ Cookie:tamara@libri.112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hit.stat[2].txt [ Cookie:tamara@hit.stat.pl/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@metacafe.122.2o7[2].txt [ Cookie:tamara@metacafe.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@trackmatics[1].txt [ Cookie:tamara@trackmatics.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CA3R4ETA.txt [ Cookie:tamara@de.sitestat.com/hamburg/hamburg/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@server.lon.liveperson[3].txt [ Cookie:tamara@server.lon.liveperson.net/hc/55779702 ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@a3.adserver01[2].txt [ Cookie:tamara@a3.adserver01.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@brucespringsteen[2].txt [ Cookie:tamara@brucespringsteen.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@thomascookag.122.2o7[1].txt [ Cookie:tamara@thomascookag.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@eas4.emediate[1].txt [ Cookie:tamara@eas4.emediate.eu/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@de.sitestat[7].txt [ Cookie:tamara@de.sitestat.com/hk/hamburg/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@estat[1].txt [ Cookie:tamara@estat.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ads2.net2day[1].txt [ Cookie:tamara@ads2.net2day.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bluestreak[1].txt [ Cookie:tamara@bluestreak.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@dbk.zieltracker[2].txt [ Cookie:tamara@dbk.zieltracker.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@generaltracking[1].txt [ Cookie:tamara@generaltracking.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@account.live[2].txt [ Cookie:tamara@account.live.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjlyenc5odq.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wjlyenc5odq.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@m1.webstats.motigo[1].txt [ Cookie:tamara@m1.webstats.motigo.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracking.financescout24[1].txt [ Cookie:tamara@tracking.financescout24.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adverturesnewmediaservices.112.2o7[1].txt [ Cookie:tamara@adverturesnewmediaservices.112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tribalfusion[1].txt [ Cookie:tamara@tribalfusion.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAS6QP4Z.txt [ Cookie:tamara@de.sitestat.com/sueddeutsche/sueddeutsche/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.vesseltracker[1].txt [ Cookie:tamara@www.vesseltracker.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.3dstats[2].txt [ Cookie:tamara@www.3dstats.com/cgi-bin ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@spoxgmbh.112.2o7[1].txt [ Cookie:tamara@spoxgmbh.112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@toplist[1].txt [ Cookie:tamara@toplist.eu/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@uk.sitestat[1].txt [ Cookie:tamara@uk.sitestat.com/manairport/manairport/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@edge.download.newmedia.nacamar[2].txt [ Cookie:tamara@edge.download.newmedia.nacamar.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.bigtracker[1].txt [ Cookie:tamara@www.bigtracker.de/piwik/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAJKE7WB.txt [ Cookie:tamara@de.sitestat.com/hamburg/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CA9HC5H9.txt [ Cookie:tamara@de.sitestat.com/tcook/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.11freunde[1].txt [ Cookie:tamara@adserver.11freunde.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stats.bmw[1].txt [ Cookie:tamara@stats.bmw.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@vesseltracker[2].txt [ Cookie:tamara@vesseltracker.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tourismqld.122.2o7[1].txt [ Cookie:tamara@tourismqld.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@autoscout24.112.2o7[2].txt [ Cookie:tamara@autoscout24.112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@valueclick[2].txt [ Cookie:tamara@valueclick.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CA6UPSEO.txt [ Cookie:tamara@track.webtrekk.de/900089555233333/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hotels-and-discounts[1].txt [ Cookie:tamara@hotels-and-discounts.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webtrekk[9].txt [ Cookie:tamara@track.webtrekk.de/445541762785972/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@marriottinternational.122.2o7[1].txt [ Cookie:tamara@marriottinternational.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@socialmedia[2].txt [ Cookie:tamara@socialmedia.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@banner.vsp-services[1].txt [ Cookie:tamara@banner.vsp-services.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@fr.sitestat[4].txt [ Cookie:tamara@fr.sitestat.com/europcar/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@dealtime[1].txt [ Cookie:tamara@dealtime.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@komtrack[3].txt [ Cookie:tamara@komtrack.com/tr/104440 ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.anschlusstor[2].txt [ Cookie:tamara@adserver.anschlusstor.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@nextag[1].txt [ Cookie:tamara@nextag.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@xiti[1].txt [ Cookie:tamara@xiti.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@server.iad.liveperson[4].txt [ Cookie:tamara@server.iad.liveperson.net/hc/42179880 ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@lfstmedia[1].txt [ Cookie:tamara@lfstmedia.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.w3counter[1].txt [ Cookie:tamara@www.w3counter.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@chrobinsonworldwide.122.2o7[1].txt [ Cookie:tamara@chrobinsonworldwide.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webtrekk[7].txt [ Cookie:tamara@track.webtrekk.de/513255116380145/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracker.automobile[1].txt [ Cookie:tamara@tracker.automobile.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@booking[3].txt [ Cookie:tamara@booking.de/country/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@labelfinder.glamour[1].txt [ Cookie:tamara@labelfinder.glamour.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@uk.sitestat[2].txt [ Cookie:tamara@uk.sitestat.com/manairport/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ww3.shoshkeles[2].txt [ Cookie:tamara@ww3.shoshkeles.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@gostats[1].txt [ Cookie:tamara@gostats.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tuifly.122.2o7[1].txt [ Cookie:tamara@tuifly.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAK0YT0W.txt [ Cookie:tamara@de.sitestat.com/titus/de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.qksrv[1].txt [ Cookie:tamara@www.qksrv.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@banner.eurogrand[2].txt [ Cookie:tamara@banner.eurogrand.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bizrate[2].txt [ Cookie:tamara@bizrate.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@olympiaverlag.122.2o7[1].txt [ Cookie:tamara@olympiaverlag.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@insightexpressai[2].txt [ Cookie:tamara@insightexpressai.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@rotator.adjuggler[1].txt [ Cookie:tamara@rotator.adjuggler.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@audit.median[1].txt [ Cookie:tamara@audit.median.hu/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjliagczcdp.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wjliagczcdp.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@skyscanner[2].txt [ Cookie:tamara@skyscanner.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@banner.dhl-systems[1].txt [ Cookie:tamara@banner.dhl-systems.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@questionpro[2].txt [ Cookie:tamara@questionpro.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@fr.sitestat[5].txt [ Cookie:tamara@fr.sitestat.com/europcar/europcar-de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@clicks.pangora[2].txt [ Cookie:tamara@clicks.pangora.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@perf.overture[1].txt [ Cookie:tamara@perf.overture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@euroclick[2].txt [ Cookie:tamara@euroclick.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.oberpfalznetz[2].txt [ Cookie:tamara@adserver.oberpfalznetz.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hamburgerabendblattdedev.122.2o7[1].txt [ Cookie:tamara@hamburgerabendblattdedev.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webtrekk[10].txt [ Cookie:tamara@track.webtrekk.de/565556556123999/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAAPEE1M.txt [ Cookie:tamara@de.sitestat.com/idgcom-de/computerwoche/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bannerbrause.photocase[1].txt [ Cookie:tamara@bannerbrause.photocase.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@questionpro[1].txt [ Cookie:tamara@questionpro.com/akira/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.office-discount[1].txt [ Cookie:tamara@www.office-discount.de/webapp/wcs/stores/servlet/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAGERWEX.txt [ Cookie:tamara@de.sitestat.com/is24-community/is24-community/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAKEELDH.txt [ Cookie:tamara@de.sitestat.com/hamburg/fhh/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wcloonazwho.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wcloonazwho.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adbrite[2].txt [ Cookie:tamara@adbrite.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@a7.adserver01[1].txt [ Cookie:tamara@a7.adserver01.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wmmygpazmap.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wmmygpazmap.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.jartrack[1].txt [ Cookie:tamara@www.jartrack.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adsrv.pi-media[2].txt [ Cookie:tamara@adsrv.pi-media.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAJXGJKP.txt [ Cookie:tamara@de.sitestat.com/tcook/condor/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@google[1].txt [ Cookie:tamara@google.com/support/accounts/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.adform[1].txt [ Cookie:tamara@track.adform.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@banner.joylandcasino[2].txt [ Cookie:tamara@banner.joylandcasino.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.adtechus[1].txt [ Cookie:tamara@adserver.adtechus.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-ctseventimag.hitbox[2].txt [ Cookie:tamara@ehg-ctseventimag.hitbox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@shop.zanox[2].txt [ Cookie:tamara@shop.zanox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@a6.adserver01[1].txt [ Cookie:tamara@a6.adserver01.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stats.paypal[2].txt [ Cookie:tamara@stats.paypal.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-twi.hitbox[1].txt [ Cookie:tamara@ehg-twi.hitbox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@men.122.2o7[1].txt [ Cookie:tamara@men.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@euros4click[1].txt [ Cookie:tamara@euros4click.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAGDTKPU.txt [ Cookie:tamara@de.sitestat.com/laola1/hsv-de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracking.alpharooms[1].txt [ Cookie:tamara@tracking.alpharooms.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.bruder[1].txt [ Cookie:tamara@www.bruder.de/typo3conf/ext/tracker/mod1/phpmv2/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.sevenload[1].txt [ Cookie:tamara@adserver.sevenload.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T7212J2O.txt [ Cookie:tamara@weborama.fr/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.effiliation[3].txt [ Cookie:tamara@track.effiliation.com/servlet/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.clickmanage[2].txt [ Cookie:tamara@www.clickmanage.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webtrekk[1].txt [ Cookie:tamara@track.webtrekk.de/907304619607711/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.piloh[1].txt [ Cookie:tamara@www.piloh.de/stats/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-firstchoice.hitbox[2].txt [ Cookie:tamara@ehg-firstchoice.hitbox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@qksrv[2].txt [ Cookie:tamara@qksrv.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hotelscom.122.2o7[1].txt [ Cookie:tamara@hotelscom.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@server.iad.liveperson[3].txt [ Cookie:tamara@server.iad.liveperson.net/hc/80887544 ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad1.clicktag[2].txt [ Cookie:tamara@ad1.clicktag.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-fifa.hitbox[2].txt [ Cookie:tamara@ehg-fifa.hitbox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@a2.adserver01[1].txt [ Cookie:tamara@a2.adserver01.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@travel.hotels-and-discounts[1].txt [ Cookie:tamara@travel.hotels-and-discounts.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@clickandbuy[2].txt [ Cookie:tamara@clickandbuy.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@jarmediatrack[1].txt [ Cookie:tamara@jarmediatrack.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAL8MFMY.txt [ Cookie:tamara@de.sitestat.com/berlitz/de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.zieltracker[2].txt [ Cookie:tamara@www.zieltracker.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjl4wmdjobo.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wjl4wmdjobo.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAMQWNRF.txt [ Cookie:tamara@de.sitestat.com/is24-mail/is24-mail/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.performance-adserver[1].txt [ Cookie:tamara@www.performance-adserver.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@yadro[2].txt [ Cookie:tamara@yadro.ru/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.omc[1].txt [ Cookie:tamara@adserver.omc.ch/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@guj.122.2o7[1].txt [ Cookie:tamara@guj.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@farheap.122.2o7[1].txt [ Cookie:tamara@farheap.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@imgw.adbureau[1].txt [ Cookie:tamara@imgw.adbureau.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@cunda.122.2o7[1].txt [ Cookie:tamara@cunda.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wfliandzafo.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wfliandzafo.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@paypal.112.2o7[1].txt [ Cookie:tamara@paypal.112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.trafficmaxx[1].txt [ Cookie:tamara@www.trafficmaxx.de/controlcenter/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stat.onestat[2].txt [ Cookie:tamara@stat.onestat.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.effiliation[1].txt [ Cookie:tamara@track.effiliation.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjk4cncjkfq.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wjk4cncjkfq.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3XOESE1Q.txt [ Cookie:tamara@xing.solution.weborama.fr/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg.hitbox[2].txt [ Cookie:tamara@ehg.hitbox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAN8IJS6.txt [ Cookie:tamara@de.sitestat.com/sport1/sport1-at/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracker.roitesting[1].txt [ Cookie:tamara@tracker.roitesting.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.ad-track[2].txt [ Cookie:tamara@www.ad-track.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@memo-media[2].txt [ Cookie:tamara@memo-media.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@okmedia.de[2].txt [ Cookie:tamara@okmedia.de./ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAVEN820.txt [ Cookie:tamara@de.sitestat.com/wkd/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.fachschriften[1].txt [ Cookie:tamara@adserver.fachschriften.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CA5DHC2S.txt [ Cookie:tamara@de.sitestat.com/wkd/lto/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAUMYYKR.txt [ Cookie:tamara@de.sitestat.com/berlitz/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad.adition[2].txt [ Cookie:tamara@ad.adition.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.versicherung-in[3].txt [ Cookie:tamara@www.versicherung-in.de/counter/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAUA1NO8.txt [ Cookie:tamara@de.sitestat.com/laola1/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjkogncpefq.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wjkogncpefq.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-nokiafin.hitbox[1].txt [ Cookie:tamara@ehg-nokiafin.hitbox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@rambler[1].txt [ Cookie:tamara@rambler.ru/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@spylog[2].txt [ Cookie:tamara@spylog.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wfkyqkd5elp.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wfkyqkd5elp.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@webstat[1].txt [ Cookie:tamara@webstat.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracking.hannoversche[2].txt [ Cookie:tamara@tracking.hannoversche.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.googleadservices[1].txt [ Cookie:tamara@www.googleadservices.com/pagead/conversion/988366977/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAVS9IQV.txt [ Cookie:tamara@de.sitestat.com/hk/kiel/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stats.verlag-henrich[1].txt [ Cookie:tamara@stats.verlag-henrich.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.usenext[2].txt [ Cookie:tamara@www.usenext.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.yopi[1].txt [ Cookie:tamara@adserver.yopi.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@count.gjuce[1].txt [ Cookie:tamara@count.gjuce.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@himedia.individuad[2].txt [ Cookie:tamara@himedia.individuad.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@go.dynamic-tracking[1].txt [ Cookie:tamara@go.dynamic-tracking.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracking.haribo[1].txt [ Cookie:tamara@tracking.haribo.de/tracker/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@banner.21nova[2].txt [ Cookie:tamara@banner.21nova.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stats.pronet-media[1].txt [ Cookie:tamara@stats.pronet-media.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@interclick[2].txt [ Cookie:tamara@interclick.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adt.traffictrack[2].txt [ Cookie:tamara@adt.traffictrack.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adx.chip[1].txt [ Cookie:tamara@adx.chip.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@wissende.122.2o7[1].txt [ Cookie:tamara@wissende.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CASLCP44.txt [ Cookie:tamara@track.webtrekk.de/511731243725473/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@media.hotels[2].txt [ Cookie:tamara@media.hotels.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAE3JPH7.txt [ Cookie:tamara@de.sitestat.com/ullapopken/de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@mediabrandsww[2].txt [ Cookie:tamara@mediabrandsww.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bwr-media[2].txt [ Cookie:tamara@bwr-media.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@server.lon.liveperson[4].txt [ Cookie:tamara@server.lon.liveperson.net/hc/85950269 ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www3.addfreestats[1].txt [ Cookie:tamara@www3.addfreestats.com/cgi-bin ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@skydeutschland.122.2o7[1].txt [ Cookie:tamara@skydeutschland.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.conversiontracker[1].txt [ Cookie:tamara@www.conversiontracker.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adsonar[2].txt [ Cookie:tamara@adsonar.com/adserving ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserv-new.20six[1].txt [ Cookie:tamara@adserv-new.20six.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAFC135F.txt [ Cookie:tamara@de.sitestat.com/laola1/hsv-tv/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.teriotracker[1].txt [ Cookie:tamara@www.teriotracker.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.mainz05.onvert[1].txt [ Cookie:tamara@adserver.mainz05.onvert.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ww251.smartadserver[2].txt [ Cookie:tamara@ww251.smartadserver.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAVUDNBG.txt [ Cookie:tamara@de.sitestat.com/otto-de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@liveperson[2].txt [ Cookie:tamara@liveperson.net/hc/85950269 ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAQOR3VP.txt [ Cookie:tamara@track.webtrekk.de/268040321250775/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webgains[1].txt [ Cookie:tamara@track.webgains.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjlychczsep.stats.esomniture[1].txt [ Cookie:tamara@e-2dj6wjlychczsep.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@traveladvertising[1].txt [ Cookie:tamara@traveladvertising.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.123-counter[1].txt [ Cookie:tamara@www.123-counter.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@fl01.ct2.comclick[2].txt [ Cookie:tamara@fl01.ct2.comclick.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@okmedia[1].txt [ Cookie:tamara@okmedia.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@generic-stats[1].txt [ Cookie:tamara@generic-stats.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad-dus01.stangermedia[2].txt [ Cookie:tamara@ad-dus01.stangermedia.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.counter[1].txt [ Cookie:tamara@www.counter.gd/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-yvesrocher.hitbox[1].txt [ Cookie:tamara@ehg-yvesrocher.hitbox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tacoda[2].txt [ Cookie:tamara@tacoda.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@frontlinegmbh.122.2o7[1].txt [ Cookie:tamara@frontlinegmbh.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\17V34CGW.txt [ Cookie:tamara@ad3.adfarm1.adition.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAK5M5FE.txt [ Cookie:tamara@de.sitestat.com/otto-de/otto-de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@secmedia[1].txt [ Cookie:tamara@secmedia.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@komtrack[1].txt [ Cookie:tamara@komtrack.com/tr ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@uk.sitestat[3].txt [ Cookie:tamara@uk.sitestat.com/fulhamfc/fulhamfc/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@waterbeddiscount-hamburg[2].txt [ Cookie:tamara@waterbeddiscount-hamburg.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wckyooczclq.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wckyooczclq.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@zieltrack[1].txt [ Cookie:tamara@zieltrack.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad.dyntracker[3].txt [ Cookie:tamara@ad.dyntracker.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@daimlerag.122.2o7[1].txt [ Cookie:tamara@daimlerag.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.mein-schoener-garten[2].txt [ Cookie:tamara@www.mein-schoener-garten.de/de/toplisten/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.franke-media[2].txt [ Cookie:tamara@www.franke-media.net/piwik/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@eyewonder[1].txt [ Cookie:tamara@eyewonder.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@clkads[2].txt [ Cookie:tamara@clkads.com/adServe/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@kontera[2].txt [ Cookie:tamara@kontera.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@vogelservices.122.2o7[1].txt [ Cookie:tamara@vogelservices.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@reztrack[1].txt [ Cookie:tamara@reztrack.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@eaeacom.112.2o7[1].txt [ Cookie:tamara@eaeacom.112.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAL9DXVR.txt [ Cookie:tamara@de.sitestat.com/sueddeutscher/ecomed-sicherheit/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.bambus-discount[1].txt [ Cookie:tamara@www.bambus-discount.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ads1.steereo[1].txt [ Cookie:tamara@ads1.steereo.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@autoservicefinder[1].txt [ Cookie:tamara@autoservicefinder.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@trafficer[1].txt [ Cookie:tamara@trafficer.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@agofev.122.2o7[1].txt [ Cookie:tamara@agofev.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad4.adfarm1.adition[2].txt [ Cookie:tamara@ad4.adfarm1.adition.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAJKWWGE.txt [ Cookie:tamara@www.googleadservices.com/pagead/conversion/1066798348/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webtrekk[2].txt [ Cookie:tamara@track.webtrekk.de/562243648792138/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adcentriconline[2].txt [ Cookie:tamara@adcentriconline.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad.zanox[1].txt [ Cookie:tamara@ad.zanox.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.googleadservices[11].txt [ Cookie:tamara@www.googleadservices.com/pagead/conversion/1045188287/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@delivery.atkmedia[2].txt [ Cookie:tamara@delivery.atkmedia.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@in.mydirtyhobby[1].txt [ Cookie:tamara@in.mydirtyhobby.com/track/vZIPADkU,33/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver2.clipkit[1].txt [ Cookie:tamara@adserver2.clipkit.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@liveperson[1].txt [ Cookie:tamara@liveperson.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.googleadservices[2].txt [ Cookie:tamara@www.googleadservices.com/pagead/conversion/1069534991/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@unitymedia[2].txt [ Cookie:tamara@unitymedia.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@trackingcdn.porsche[2].txt [ Cookie:tamara@trackingcdn.porsche.com/track/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wnmykmczoho.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wnmykmczoho.stats.esomniture.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HVAQ5V6W.txt [ Cookie:tamara@clkads.com/adServe/banners ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@plandeutschland.122.2o7[1].txt [ Cookie:tamara@plandeutschland.122.2o7.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ru4[1].txt [ Cookie:tamara@ru4.com/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@yieldmanager[1].txt [ Cookie:tamara@yieldmanager.net/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@nfm-adserver[2].txt [ Cookie:tamara@nfm-adserver.de/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAD2D30Y.txt [ Cookie:tamara@de.sitestat.com/sueddeutscher/ ] C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@questionmarket[1].txt [ Cookie:tamara@questionmarket.com/ ] C:\USERS\TAMARA\Cookies\tamara@atwola[2].txt [ Cookie:tamara@atwola.com/ ] C:\USERS\TAMARA\Cookies\tamara@weborama[2].txt [ Cookie:tamara@weborama.fr/ ] C:\USERS\TAMARA\Cookies\tamara@content.yieldmanager[1].txt [ Cookie:tamara@content.yieldmanager.com/ ] C:\USERS\TAMARA\Cookies\tamara@adserver.71i[1].txt [ Cookie:tamara@adserver.71i.de/ ] C:\USERS\TAMARA\Cookies\tamara@adtech[1].txt [ Cookie:tamara@adtech.de/ ] C:\USERS\TAMARA\Cookies\tamara@apmebf[1].txt [ Cookie:tamara@apmebf.com/ ] C:\USERS\TAMARA\Cookies\tamara@tacoda[2].txt [ Cookie:tamara@tacoda.net/ ] C:\USERS\TAMARA\Cookies\tamara@advertising[1].txt [ Cookie:tamara@advertising.com/ ] .doubleclick.net [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .im.banner.t-online.de [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .specificclick.net [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .olympiaverlag.122.2o7.net [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .traffictrack.de [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .im.banner.t-online.de [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adviva.net [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .bs.serving-sys.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .tribalfusion.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .zanox-affiliate.de [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] ad.zanox.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .zanox.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] tracking.quisma.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] tracking.quisma.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] ad.dyntracker.de [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] ad3.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] ad1.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] ad4.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] ad2.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ] C:\USERS\TAMARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TAMARA@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ] Trojan.Agent/Gen-Krpytik C:\PROGRAM FILES\BUHL FINANCE\TAX 2004\PROGRAMM\VJV2000\BERE2000.DLL |
17.12.2011, 07:48 | #25 |
/// Helfer-Team | TR/Crypt.XPACK.Gen2 Hast Du meine Anweisungen noch immer nicht vollständig ausgeführt!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
17.12.2011, 23:12 | #26 |
| TR/Crypt.XPACK.Gen2 Hier das Ergebnis zu Eset Online Scan: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=a622ba35139069429d404bb4baa868a2 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-12 09:24:05 # local_time=2011-12-12 10:24:05 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 954474 954474 0 0 # compatibility_mode=1792 16777215 100 0 4580930 4580930 0 0 # compatibility_mode=5892 16776638 100 100 1322896 161252843 0 0 # compatibility_mode=8192 67108863 100 0 3827 3827 0 0 # scanned=30699 # found=0 # cleaned=0 # scan_time=4930 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=a622ba35139069429d404bb4baa868a2 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-17 09:53:21 # local_time=2011-12-17 10:53:21 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 1378190 1378190 0 0 # compatibility_mode=1792 16777215 100 0 5004646 5004646 0 0 # compatibility_mode=5892 16776638 100 100 1746612 161676559 0 0 # compatibility_mode=8192 67108863 100 0 427543 427543 0 0 # scanned=181963 # found=0 # cleaned=0 # scan_time=14971 |
18.12.2011, 00:16 | #27 |
| TR/Crypt.XPACK.Gen2 Die nächsten Schritte habe ich durchgeführt, bei # 13 konnte ich den Eintrag Code:
ATTFilter O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) Bei # 14 konnte kein Logfile erstellt werden. Ansonsten kann ich aktuell keine Probleme mehr erkennen. Geändert von Zyx124 (18.12.2011 um 00:24 Uhr) |
18.12.2011, 07:59 | #28 |
/// Helfer-Team | TR/Crypt.XPACK.Gen2 wieso denn nicht? ► Rechtsklick auf das Tool HijackThis-> "Als administrator ausführen" wählen...
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
18.12.2011, 18:03 | #29 |
| TR/Crypt.XPACK.Gen2 Das ist ja das Problem, bei Rechtsklick erscheint nur "öffnen" - jedoch nicht "als Administrator ausführen". Unabhängig ob ich HijackThis via Desktop-Icon oder Start/Programme starten möchte. |
19.12.2011, 08:41 | #30 |
/// Helfer-Team | TR/Crypt.XPACK.Gen2 Rechtsklick > Eigenschaften > Kompatibilität > [X] Als Administrator ausführen > Übernehmen
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
Themen zu TR/Crypt.XPACK.Gen2 |
allgemeine, allgemeinen, antivir, ausspähen, board, dateien, ebanking, echtzeitscanner, ergebnisse, gefahren, melde, meldet, onlinebanking, passwörter, problem, probleme, programme, rechner, scan, scanner, schei, schwarz, sämtliche, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, web, zukunft |