| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows7 gesperrt mit ZahlungsaufforderungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.12.2011, 21:52
| #16 |
 |  Windows7 gesperrt mit Zahlungsaufforderung Danke, dass du so viel Geduld mit mir hast. Hier jetzt das Egebnis im normalen Mode:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.12.2011 21:35:13 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bastian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 73,75% Memory free 7,86 Gb Paging File | 6,77 Gb Available in Paging File | 86,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 220,78 Gb Total Space | 168,29 Gb Free Space | 76,22% Space Free | Partition Type: NTFS Computer Name: *****-LAPTOP | User Name: Bastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Bastian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273611098415l0304z1m5r48220264 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273611098415l0304z1m5r48220264 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273611098415l0304z1m5r48220264 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273611098415l0304z1m5r48220264 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273611098415l0304z1m5r48220264 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.03 11:32:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.03 11:32:14 | 000,000,000 | ---D | M] [2010.04.28 01:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Extensions [2011.12.16 19:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\7ybo7qyy.default\extensions [2010.10.02 14:50:58 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\7ybo7qyy.default\extensions\firefox@tvunetworks.com [2011.07.31 21:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.08.24 23:42:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.21 16:04:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.03 03:53:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.31 21:26:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.11.27 20:09:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.27 20:09:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.27 20:09:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.27 20:09:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.27 20:09:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20F32686-8F79-4948-9EB9-F69C63D2BCAD}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE8A0FD3-2FA3-46CB-84CF-01083B0325F7}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) MsConfig:64bit - StartUpReg: EPSON Stylus DX4800 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIADE.EXE (SEIKO EPSON CORPORATION) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.19 19:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.19 15:52:44 | 000,000,000 | ---D | C] -- C:\Users\Bastian\AppData\Roaming\Malwarebytes [2011.12.19 15:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.19 15:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.19 15:52:27 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.19 15:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.19 15:49:32 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bastian\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.19 15:33:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe [2009.08.14 14:15:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2011.12.19 21:21:42 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.19 21:21:42 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.19 21:14:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.19 21:14:04 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys [2011.12.19 15:52:30 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.19 15:49:49 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bastian\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.19 15:33:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe [2011.12.16 17:02:59 | 000,356,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.13 23:13:36 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.13 23:13:36 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.13 23:13:36 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.13 23:13:36 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.13 23:13:36 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.11 15:20:28 | 313,461,365 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.04 13:07:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011.11.28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.11.28 19:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2011.11.28 19:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2011.11.27 16:51:51 | 000,001,154 | ---- | M] () -- C:\Users\Bastian\Desktop\OpenOffice.org Writer.lnk ========== Files Created - No Company Name ========== [2011.12.19 15:52:30 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.27 16:51:51 | 000,001,154 | ---- | C] () -- C:\Users\Bastian\Desktop\OpenOffice.org Writer.lnk [2011.03.07 18:46:12 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\UNWISE32.EXE [2010.12.23 23:55:12 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.12.23 23:55:12 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.08.10 16:39:04 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.28 01:46:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.11.22 22:02:30 | 000,001,458 | ---- | C] () -- C:\Users\Bastian\AppData\Roaming\wklnhst.dat [2009.09.02 18:52:46 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.08.14 14:58:48 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.08.14 14:58:48 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.08.14 14:58:47 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.08.14 14:07:30 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2010.05.31 20:25:01 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Canon [2010.10.13 15:44:20 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Dev-Cpp [2011.10.05 17:53:43 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\FileZilla [2011.03.07 18:43:32 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\GetRightToGo [2009.11.27 22:32:23 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\OpenOffice.org [2009.11.22 22:02:33 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Template [2011.12.04 16:51:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.11.26 23:32:06 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Adobe [2010.05.31 20:25:01 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Canon [2011.01.22 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\codeblocks [2010.10.13 15:44:20 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Dev-Cpp [2011.10.05 17:53:43 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\FileZilla [2011.03.07 18:43:32 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\GetRightToGo [2009.11.22 21:57:17 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Google [2009.11.22 21:51:24 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Identities [2009.11.22 21:51:54 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Macromedia [2011.12.19 15:52:44 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Media Center Programs [2011.04.03 21:42:34 | 000,000,000 | --SD | M] -- C:\Users\Bastian\AppData\Roaming\Microsoft [2010.04.28 01:46:16 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Mozilla [2009.11.27 22:32:23 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\OpenOffice.org [2011.08.10 10:54:55 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Skype [2011.08.10 10:48:41 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\skypePM [2009.11.22 22:02:33 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Template < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
19.12.2011, 22:07
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows7 gesperrt mit Zahlungsaufforderung Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
|
19.12.2011, 22:19
| #18 |
| | Windows7 gesperrt mit Zahlungsaufforderung Das Ergebnis:
__________________22:12:37.0613 3352 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 22:12:38.0112 3352 ============================================================ 22:12:38.0112 3352 Current date / time: 2011/12/19 22:12:38.0112 22:12:38.0112 3352 SystemInfo: 22:12:38.0112 3352 22:12:38.0112 3352 OS Version: 6.1.7601 ServicePack: 1.0 22:12:38.0112 3352 Product type: Workstation 22:12:38.0112 3352 ComputerName: BASTIAN-LAPTOP 22:12:38.0112 3352 UserName: Bastian 22:12:38.0112 3352 Windows directory: C:\Windows 22:12:38.0112 3352 System windows directory: C:\Windows 22:12:38.0112 3352 Running under WOW64 22:12:38.0112 3352 Processor architecture: Intel x64 22:12:38.0112 3352 Number of processors: 2 22:12:38.0112 3352 Page size: 0x1000 22:12:38.0112 3352 Boot type: Normal boot 22:12:38.0112 3352 ============================================================ 22:12:38.0502 3352 Initialize success 22:13:17.0050 3444 ============================================================ 22:13:17.0050 3444 Scan started 22:13:17.0050 3444 Mode: Manual; SigCheck; TDLFS; 22:13:17.0050 3444 ============================================================ 22:13:19.0000 3444 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 22:13:19.0078 3444 1394ohci - ok 22:13:19.0202 3444 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 22:13:19.0218 3444 ACPI - ok 22:13:19.0327 3444 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 22:13:19.0358 3444 AcpiPmi - ok 22:13:19.0499 3444 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 22:13:19.0514 3444 adp94xx - ok 22:13:19.0655 3444 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 22:13:19.0686 3444 adpahci - ok 22:13:19.0795 3444 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 22:13:19.0811 3444 adpu320 - ok 22:13:19.0982 3444 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 22:13:20.0029 3444 AFD - ok 22:13:20.0138 3444 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 22:13:20.0154 3444 agp440 - ok 22:13:20.0326 3444 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 22:13:20.0341 3444 aliide - ok 22:13:20.0450 3444 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 22:13:20.0466 3444 amdide - ok 22:13:20.0591 3444 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 22:13:20.0622 3444 AmdK8 - ok 22:13:20.0731 3444 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 22:13:20.0762 3444 AmdPPM - ok 22:13:20.0887 3444 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 22:13:20.0903 3444 amdsata - ok 22:13:21.0028 3444 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 22:13:21.0043 3444 amdsbs - ok 22:13:21.0168 3444 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 22:13:21.0184 3444 amdxata - ok 22:13:21.0355 3444 ApfiltrService (c79c86a0395689045710e24d64e5e086) C:\Windows\system32\DRIVERS\Apfiltr.sys 22:13:21.0386 3444 ApfiltrService - ok 22:13:21.0449 3444 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 22:13:21.0511 3444 AppID - ok 22:13:21.0589 3444 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 22:13:21.0605 3444 arc - ok 22:13:21.0620 3444 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 22:13:21.0636 3444 arcsas - ok 22:13:21.0683 3444 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys 22:13:21.0698 3444 aswFsBlk - ok 22:13:21.0730 3444 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys 22:13:21.0730 3444 aswMonFlt - ok 22:13:21.0761 3444 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys 22:13:21.0776 3444 aswRdr - ok 22:13:21.0839 3444 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys 22:13:21.0854 3444 aswSnx - ok 22:13:21.0886 3444 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys 22:13:21.0901 3444 aswSP - ok 22:13:21.0948 3444 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys 22:13:21.0964 3444 aswTdi - ok 22:13:21.0995 3444 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 22:13:22.0057 3444 AsyncMac - ok 22:13:22.0120 3444 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 22:13:22.0120 3444 atapi - ok 22:13:22.0198 3444 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys 22:13:22.0291 3444 athr - ok 22:13:22.0463 3444 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 22:13:22.0494 3444 b06bdrv - ok 22:13:22.0541 3444 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 22:13:22.0572 3444 b57nd60a - ok 22:13:22.0697 3444 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys 22:13:22.0806 3444 BCM43XX - ok 22:13:22.0900 3444 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 22:13:22.0946 3444 Beep - ok 22:13:23.0024 3444 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 22:13:23.0040 3444 blbdrive - ok 22:13:23.0087 3444 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 22:13:23.0134 3444 bowser - ok 22:13:23.0180 3444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:13:23.0212 3444 BrFiltLo - ok 22:13:23.0227 3444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:13:23.0258 3444 BrFiltUp - ok 22:13:23.0290 3444 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 22:13:23.0336 3444 Brserid - ok 22:13:23.0352 3444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 22:13:23.0383 3444 BrSerWdm - ok 22:13:23.0414 3444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 22:13:23.0430 3444 BrUsbMdm - ok 22:13:23.0446 3444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 22:13:23.0477 3444 BrUsbSer - ok 22:13:23.0508 3444 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 22:13:23.0539 3444 BTHMODEM - ok 22:13:23.0586 3444 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 22:13:23.0648 3444 cdfs - ok 22:13:23.0695 3444 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 22:13:23.0742 3444 cdrom - ok 22:13:23.0789 3444 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 22:13:23.0836 3444 circlass - ok 22:13:23.0882 3444 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 22:13:23.0914 3444 CLFS - ok 22:13:24.0007 3444 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 22:13:24.0038 3444 CmBatt - ok 22:13:24.0070 3444 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 22:13:24.0085 3444 cmdide - ok 22:13:24.0132 3444 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 22:13:24.0163 3444 CNG - ok 22:13:24.0226 3444 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 22:13:24.0241 3444 Compbatt - ok 22:13:24.0304 3444 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 22:13:24.0350 3444 CompositeBus - ok 22:13:24.0397 3444 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 22:13:24.0413 3444 crcdisk - ok 22:13:24.0491 3444 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 22:13:24.0553 3444 DfsC - ok 22:13:24.0584 3444 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 22:13:24.0631 3444 discache - ok 22:13:24.0678 3444 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 22:13:24.0694 3444 Disk - ok 22:13:24.0772 3444 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys 22:13:24.0772 3444 DKbFltr - ok 22:13:24.0865 3444 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 22:13:24.0896 3444 drmkaud - ok 22:13:24.0959 3444 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 22:13:24.0974 3444 DXGKrnl - ok 22:13:25.0068 3444 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 22:13:25.0208 3444 ebdrv - ok 22:13:25.0364 3444 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 22:13:25.0396 3444 elxstor - ok 22:13:25.0474 3444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 22:13:25.0505 3444 ErrDev - ok 22:13:25.0567 3444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 22:13:25.0630 3444 exfat - ok 22:13:25.0645 3444 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 22:13:25.0708 3444 fastfat - ok 22:13:25.0754 3444 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 22:13:25.0770 3444 fdc - ok 22:13:25.0801 3444 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 22:13:25.0817 3444 FileInfo - ok 22:13:25.0832 3444 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 22:13:25.0879 3444 Filetrace - ok 22:13:25.0879 3444 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 22:13:25.0910 3444 flpydisk - ok 22:13:25.0957 3444 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 22:13:25.0973 3444 FltMgr - ok 22:13:26.0020 3444 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 22:13:26.0035 3444 FsDepends - ok 22:13:26.0051 3444 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 22:13:26.0066 3444 Fs_Rec - ok 22:13:26.0113 3444 FTDIBUS (ed07200cff78facfb66ebb0b89f503a4) C:\Windows\system32\drivers\ftdibus.sys 22:13:26.0113 3444 FTDIBUS - ok 22:13:26.0144 3444 FTSER2K (9980e7584484a009e77e9bfa14c0c18a) C:\Windows\system32\drivers\ftser2k.sys 22:13:26.0160 3444 FTSER2K - ok 22:13:26.0222 3444 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 22:13:26.0238 3444 fvevol - ok 22:13:26.0285 3444 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 22:13:26.0300 3444 gagp30kx - ok 22:13:26.0316 3444 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 22:13:26.0347 3444 hcw85cir - ok 22:13:26.0410 3444 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 22:13:26.0456 3444 HdAudAddService - ok 22:13:26.0488 3444 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 22:13:26.0519 3444 HDAudBus - ok 22:13:26.0534 3444 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 22:13:26.0566 3444 HidBatt - ok 22:13:26.0581 3444 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 22:13:26.0612 3444 HidBth - ok 22:13:26.0644 3444 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 22:13:26.0659 3444 HidIr - ok 22:13:26.0722 3444 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 22:13:26.0753 3444 HidUsb - ok 22:13:26.0800 3444 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 22:13:26.0815 3444 HpSAMD - ok 22:13:26.0893 3444 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 22:13:26.0971 3444 HTTP - ok 22:13:27.0002 3444 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 22:13:27.0018 3444 hwpolicy - ok 22:13:27.0049 3444 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 22:13:27.0065 3444 i8042prt - ok 22:13:27.0143 3444 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys 22:13:27.0158 3444 iaStor - ok 22:13:27.0205 3444 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 22:13:27.0236 3444 iaStorV - ok 22:13:27.0455 3444 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys 22:13:27.0673 3444 igfx - ok 22:13:27.0767 3444 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 22:13:27.0782 3444 iirsp - ok 22:13:27.0907 3444 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys 22:13:27.0938 3444 IntcAzAudAddService - ok 22:13:27.0970 3444 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 22:13:27.0985 3444 intelide - ok 22:13:28.0032 3444 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 22:13:28.0063 3444 intelppm - ok 22:13:28.0094 3444 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:13:28.0126 3444 IpFilterDriver - ok 22:13:28.0172 3444 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 22:13:28.0204 3444 IPMIDRV - ok 22:13:28.0282 3444 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 22:13:28.0328 3444 IPNAT - ok 22:13:28.0360 3444 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 22:13:28.0391 3444 IRENUM - ok 22:13:28.0422 3444 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 22:13:28.0438 3444 isapnp - ok 22:13:28.0484 3444 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 22:13:28.0516 3444 iScsiPrt - ok 22:13:28.0547 3444 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 22:13:28.0562 3444 kbdclass - ok 22:13:28.0609 3444 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 22:13:28.0640 3444 kbdhid - ok 22:13:28.0687 3444 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 22:13:28.0703 3444 KSecDD - ok 22:13:28.0750 3444 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 22:13:28.0765 3444 KSecPkg - ok 22:13:28.0812 3444 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 22:13:28.0874 3444 ksthunk - ok 22:13:28.0921 3444 L1C (ae83cf1805da082bcad86ff7c3207b0d) C:\Windows\system32\DRIVERS\L1C62x64.sys 22:13:28.0952 3444 L1C - ok 22:13:29.0030 3444 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 22:13:29.0077 3444 lltdio - ok 22:13:29.0124 3444 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 22:13:29.0140 3444 LSI_FC - ok 22:13:29.0155 3444 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 22:13:29.0171 3444 LSI_SAS - ok 22:13:29.0186 3444 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:13:29.0202 3444 LSI_SAS2 - ok 22:13:29.0218 3444 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:13:29.0233 3444 LSI_SCSI - ok 22:13:29.0264 3444 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 22:13:29.0342 3444 luafv - ok 22:13:29.0374 3444 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 22:13:29.0374 3444 megasas - ok 22:13:29.0405 3444 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 22:13:29.0420 3444 MegaSR - ok 22:13:29.0452 3444 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 22:13:29.0498 3444 Modem - ok 22:13:29.0530 3444 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 22:13:29.0561 3444 monitor - ok 22:13:29.0623 3444 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 22:13:29.0639 3444 mouclass - ok 22:13:29.0701 3444 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 22:13:29.0732 3444 mouhid - ok 22:13:29.0810 3444 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 22:13:29.0826 3444 mountmgr - ok 22:13:29.0842 3444 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 22:13:29.0873 3444 mpio - ok 22:13:29.0904 3444 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 22:13:29.0966 3444 mpsdrv - ok 22:13:29.0998 3444 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 22:13:30.0076 3444 MRxDAV - ok 22:13:30.0107 3444 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:13:30.0138 3444 mrxsmb - ok 22:13:30.0169 3444 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:13:30.0200 3444 mrxsmb10 - ok 22:13:30.0232 3444 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:13:30.0247 3444 mrxsmb20 - ok 22:13:30.0310 3444 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 22:13:30.0325 3444 msahci - ok 22:13:30.0356 3444 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 22:13:30.0372 3444 msdsm - ok 22:13:30.0419 3444 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 22:13:30.0466 3444 Msfs - ok 22:13:30.0481 3444 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 22:13:30.0528 3444 mshidkmdf - ok 22:13:30.0559 3444 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 22:13:30.0575 3444 msisadrv - ok 22:13:30.0606 3444 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 22:13:30.0668 3444 MSKSSRV - ok 22:13:30.0700 3444 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 22:13:30.0746 3444 MSPCLOCK - ok 22:13:30.0778 3444 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 22:13:30.0824 3444 MSPQM - ok 22:13:30.0871 3444 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 22:13:30.0902 3444 MsRPC - ok 22:13:30.0934 3444 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 22:13:30.0949 3444 mssmbios - ok 22:13:30.0996 3444 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 22:13:31.0027 3444 MSTEE - ok 22:13:31.0043 3444 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 22:13:31.0074 3444 MTConfig - ok 22:13:31.0090 3444 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 22:13:31.0105 3444 Mup - ok 22:13:31.0152 3444 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 22:13:31.0199 3444 NativeWifiP - ok 22:13:31.0261 3444 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 22:13:31.0308 3444 NDIS - ok 22:13:31.0339 3444 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 22:13:31.0402 3444 NdisCap - ok 22:13:31.0433 3444 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 22:13:31.0480 3444 NdisTapi - ok 22:13:31.0526 3444 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 22:13:31.0558 3444 Ndisuio - ok 22:13:31.0604 3444 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 22:13:31.0667 3444 NdisWan - ok 22:13:31.0714 3444 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 22:13:31.0760 3444 NDProxy - ok 22:13:31.0823 3444 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 22:13:31.0870 3444 NetBIOS - ok 22:13:31.0916 3444 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 22:13:31.0963 3444 NetBT - ok 22:13:32.0026 3444 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 22:13:32.0041 3444 nfrd960 - ok 22:13:32.0072 3444 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 22:13:32.0119 3444 Npfs - ok 22:13:32.0150 3444 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 22:13:32.0213 3444 nsiproxy - ok 22:13:32.0291 3444 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 22:13:32.0369 3444 Ntfs - ok 22:13:32.0431 3444 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys 22:13:32.0431 3444 NTIDrvr - ok 22:13:32.0478 3444 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 22:13:32.0525 3444 Null - ok 22:13:32.0572 3444 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 22:13:32.0587 3444 nvraid - ok 22:13:32.0634 3444 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 22:13:32.0650 3444 nvstor - ok 22:13:32.0696 3444 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 22:13:32.0712 3444 nv_agp - ok 22:13:32.0743 3444 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 22:13:32.0774 3444 ohci1394 - ok 22:13:32.0837 3444 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 22:13:32.0852 3444 Parport - ok 22:13:32.0899 3444 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 22:13:32.0915 3444 partmgr - ok 22:13:32.0962 3444 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 22:13:32.0977 3444 pci - ok 22:13:33.0024 3444 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 22:13:33.0040 3444 pciide - ok 22:13:33.0071 3444 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 22:13:33.0086 3444 pcmcia - ok 22:13:33.0118 3444 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 22:13:33.0118 3444 pcw - ok 22:13:33.0149 3444 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 22:13:33.0227 3444 PEAUTH - ok 22:13:33.0320 3444 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 22:13:33.0383 3444 PptpMiniport - ok 22:13:33.0430 3444 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 22:13:33.0461 3444 Processor - ok 22:13:33.0508 3444 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 22:13:33.0570 3444 Psched - ok 22:13:33.0664 3444 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 22:13:33.0742 3444 ql2300 - ok 22:13:33.0757 3444 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 22:13:33.0773 3444 ql40xx - ok 22:13:33.0804 3444 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 22:13:33.0835 3444 QWAVEdrv - ok 22:13:33.0866 3444 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 22:13:33.0929 3444 RasAcd - ok 22:13:33.0960 3444 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 22:13:34.0007 3444 RasAgileVpn - ok 22:13:34.0038 3444 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:13:34.0100 3444 Rasl2tp - ok 22:13:34.0132 3444 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 22:13:34.0194 3444 RasPppoe - ok 22:13:34.0210 3444 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 22:13:34.0256 3444 RasSstp - ok 22:13:34.0303 3444 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 22:13:34.0350 3444 rdbss - ok 22:13:34.0366 3444 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 22:13:34.0397 3444 rdpbus - ok 22:13:34.0428 3444 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:13:34.0490 3444 RDPCDD - ok 22:13:34.0522 3444 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 22:13:34.0553 3444 RDPENCDD - ok 22:13:34.0584 3444 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 22:13:34.0615 3444 RDPREFMP - ok 22:13:34.0662 3444 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 22:13:34.0724 3444 RDPWD - ok 22:13:34.0787 3444 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 22:13:34.0802 3444 rdyboost - ok 22:13:34.0880 3444 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 22:13:34.0943 3444 rspndr - ok 22:13:35.0021 3444 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys 22:13:35.0036 3444 RSUSBSTOR - ok 22:13:35.0099 3444 RtsUIR - ok 22:13:35.0161 3444 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 22:13:35.0177 3444 sbp2port - ok 22:13:35.0224 3444 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 22:13:35.0286 3444 scfilter - ok 22:13:35.0333 3444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 22:13:35.0395 3444 secdrv - ok 22:13:35.0458 3444 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 22:13:35.0473 3444 Serenum - ok 22:13:35.0504 3444 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 22:13:35.0551 3444 Serial - ok 22:13:35.0598 3444 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 22:13:35.0629 3444 sermouse - ok 22:13:35.0676 3444 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 22:13:35.0723 3444 sffdisk - ok 22:13:35.0738 3444 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 22:13:35.0754 3444 sffp_mmc - ok 22:13:35.0770 3444 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 22:13:35.0785 3444 sffp_sd - ok 22:13:35.0832 3444 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 22:13:35.0848 3444 sfloppy - ok 22:13:35.0910 3444 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:13:35.0926 3444 SiSRaid2 - ok 22:13:35.0941 3444 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 22:13:35.0957 3444 SiSRaid4 - ok 22:13:36.0004 3444 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 22:13:36.0050 3444 Smb - ok 22:13:36.0097 3444 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 22:13:36.0113 3444 spldr - ok 22:13:36.0175 3444 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 22:13:36.0206 3444 srv - ok 22:13:36.0253 3444 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 22:13:36.0300 3444 srv2 - ok 22:13:36.0316 3444 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 22:13:36.0362 3444 srvnet - ok 22:13:36.0409 3444 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 22:13:36.0425 3444 stexstor - ok 22:13:36.0472 3444 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 22:13:36.0472 3444 swenum - ok 22:13:36.0596 3444 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 22:13:36.0674 3444 Tcpip - ok 22:13:36.0737 3444 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 22:13:36.0784 3444 TCPIP6 - ok 22:13:36.0815 3444 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 22:13:36.0893 3444 tcpipreg - ok 22:13:36.0924 3444 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 22:13:36.0971 3444 TDPIPE - ok 22:13:37.0002 3444 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 22:13:37.0064 3444 TDTCP - ok 22:13:37.0096 3444 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 22:13:37.0142 3444 tdx - ok 22:13:37.0189 3444 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 22:13:37.0205 3444 TermDD - ok 22:13:37.0267 3444 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:13:37.0345 3444 tssecsrv - ok 22:13:37.0408 3444 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 22:13:37.0454 3444 TsUsbFlt - ok 22:13:37.0486 3444 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 22:13:37.0532 3444 tunnel - ok 22:13:37.0564 3444 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 22:13:37.0579 3444 uagp35 - ok 22:13:37.0610 3444 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys 22:13:37.0610 3444 UBHelper - ok 22:13:37.0657 3444 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 22:13:37.0720 3444 udfs - ok 22:13:37.0798 3444 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 22:13:37.0798 3444 uliagpkx - ok 22:13:37.0860 3444 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 22:13:37.0876 3444 umbus - ok 22:13:37.0922 3444 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 22:13:37.0954 3444 UmPass - ok 22:13:37.0969 3444 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 22:13:37.0985 3444 usbccgp - ok 22:13:38.0000 3444 USBCCID - ok 22:13:38.0063 3444 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 22:13:38.0094 3444 usbcir - ok 22:13:38.0125 3444 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 22:13:38.0141 3444 usbehci - ok 22:13:38.0172 3444 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 22:13:38.0219 3444 usbhub - ok 22:13:38.0234 3444 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 22:13:38.0266 3444 usbohci - ok 22:13:38.0312 3444 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 22:13:38.0328 3444 usbprint - ok 22:13:38.0375 3444 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 22:13:38.0390 3444 usbscan - ok 22:13:38.0437 3444 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:13:38.0468 3444 USBSTOR - ok 22:13:38.0500 3444 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 22:13:38.0531 3444 usbuhci - ok 22:13:38.0578 3444 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 22:13:38.0609 3444 usbvideo - ok 22:13:38.0640 3444 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 22:13:38.0656 3444 vdrvroot - ok 22:13:38.0687 3444 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 22:13:38.0718 3444 vga - ok 22:13:38.0734 3444 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 22:13:38.0780 3444 VgaSave - ok 22:13:38.0827 3444 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 22:13:38.0843 3444 vhdmp - ok 22:13:38.0874 3444 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 22:13:38.0890 3444 viaide - ok 22:13:38.0936 3444 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 22:13:38.0952 3444 volmgr - ok 22:13:38.0999 3444 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 22:13:39.0014 3444 volmgrx - ok 22:13:39.0046 3444 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 22:13:39.0061 3444 volsnap - ok 22:13:39.0108 3444 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 22:13:39.0124 3444 vsmraid - ok 22:13:39.0139 3444 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 22:13:39.0170 3444 vwifibus - ok 22:13:39.0202 3444 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 22:13:39.0248 3444 vwififlt - ok 22:13:39.0295 3444 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 22:13:39.0326 3444 WacomPen - ok 22:13:39.0389 3444 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 22:13:39.0436 3444 WANARP - ok 22:13:39.0451 3444 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 22:13:39.0482 3444 Wanarpv6 - ok 22:13:39.0514 3444 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 22:13:39.0529 3444 Wd - ok 22:13:39.0560 3444 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 22:13:39.0592 3444 Wdf01000 - ok 22:13:39.0638 3444 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 22:13:39.0685 3444 WfpLwf - ok 22:13:39.0701 3444 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 22:13:39.0716 3444 WIMMount - ok 22:13:39.0810 3444 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 22:13:39.0841 3444 WmiAcpi - ok 22:13:39.0888 3444 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 22:13:39.0950 3444 ws2ifsl - ok 22:13:40.0013 3444 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 22:13:40.0044 3444 WudfPf - ok 22:13:40.0091 3444 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:13:40.0138 3444 WUDFRd - ok 22:13:40.0200 3444 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 22:13:40.0294 3444 \Device\Harddisk0\DR0 - ok 22:13:40.0294 3444 Boot (0x1200) (1bf24e7957240a36ceb38f7e451302e7) \Device\Harddisk0\DR0\Partition0 22:13:40.0294 3444 \Device\Harddisk0\DR0\Partition0 - ok 22:13:40.0340 3444 Boot (0x1200) (6757d3464d8a4f63a02867208d43073a) \Device\Harddisk0\DR0\Partition1 22:13:40.0340 3444 \Device\Harddisk0\DR0\Partition1 - ok 22:13:40.0340 3444 ============================================================ 22:13:40.0340 3444 Scan finished 22:13:40.0340 3444 ============================================================ 22:13:40.0356 4012 Detected object count: 0 22:13:40.0356 4012 Actual detected object count: 0 |
|
19.12.2011, 23:09
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7 gesperrt mit Zahlungsaufforderung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.12.2011, 23:40
| #20 |
| | Windows7 gesperrt mit Zahlungsaufforderung Combofix liefert: Combofix Logfile: Code:
ATTFilter ComboFix 11-12-19.01 - Bastian 19.12.2011 23:22:22.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4026.2657 [GMT 1:00]
ausgeführt von:: c:\users\Bastian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-19 bis 2011-12-19 ))))))))))))))))))))))))))))))
.
.
2011-12-19 22:27 . 2011-12-19 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 18:22 . 2011-12-19 18:22 -------- d-----w- c:\program files (x86)\ESET
2011-12-19 14:52 . 2011-12-19 14:52 -------- d-----w- c:\users\Bastian\AppData\Roaming\Malwarebytes
2011-12-19 14:52 . 2011-12-19 14:52 -------- d-----w- c:\programdata\Malwarebytes
2011-12-19 14:52 . 2011-12-19 15:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-19 14:52 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-16 16:07 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BC9DA15-51A5-4760-90DF-3AC5075057CA}\mpengine.dll
2011-12-15 20:53 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 20:53 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 20:53 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 20:53 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 20:53 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 20:53 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 19:43 . 2011-08-14 21:51 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2010-12-29 17:23 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2009-11-22 14:55 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-01-18 21:14 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-06-19 11:38 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2009-11-22 14:56 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2009-11-22 14:56 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2009-11-22 14:56 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2009-11-22 14:56 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2009-11-22 14:56 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-29 16:29 . 2011-11-11 09:27 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-08-06 828960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273611098415l0304z1m5r48220264
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\7ybo7qyy.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-HTPE3 - c:\windows\System32\Unwise32.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-19 23:35:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-19 22:35
.
Vor Suchlauf: 9 Verzeichnis(se), 180.974.051.328 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 181.159.825.408 Bytes frei
.
- - End Of File - - FC2EE84B36EF2E825730D90019EC6DAE
|
|
20.12.2011, 00:00
| #21 |
| | Windows7 gesperrt mit Zahlungsaufforderung Soweit schon mal vielen Dank, Ich muss jetzt in die Heia und werde morgen hier wieder online sein.  Bis dahin verbleib ich mit den allerbesten Grüßen, Mirko |
|
20.12.2011, 00:09
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7 gesperrt mit Zahlungsaufforderung Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.12.2011, 14:20
| #23 |
| | Windows7 gesperrt mit Zahlungsaufforderung Edit: Das Programm hat nicht nach den aktuellen avast Virendefinitionen gefragt aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-12-20 14:11:53 ----------------------------- 14:11:53.844 OS Version: Windows x64 6.1.7601 Service Pack 1 14:11:53.860 Number of processors: 2 586 0x170A 14:11:53.860 ComputerName: *****-LAPTOP UserName: Bastian 14:11:55.014 Initialize success 14:11:55.092 AVAST engine defs: 11122000 14:12:11.909 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 14:12:11.909 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3 14:12:11.972 Disk 0 MBR read successfully 14:12:11.972 Disk 0 MBR scan 14:12:11.972 Disk 0 Windows 7 default MBR code 14:12:11.987 Service scanning 14:12:13.376 Modules scanning 14:12:13.376 Disk 0 trace - called modules: 14:12:13.422 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 14:12:13.438 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800579b060] 14:12:13.438 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004762050] 14:12:14.202 AVAST engine scan C:\Windows 14:12:20.910 AVAST engine scan C:\Windows\system32 14:13:48.130 AVAST engine scan C:\Windows\system32\drivers 14:13:56.539 AVAST engine scan C:\Users\Bastian 14:17:01.898 Disk 0 MBR has been saved successfully to "C:\Users\Bastian\Desktop\MBR.dat" 14:17:01.914 The log file has been saved successfully to "C:\Users\Bastian\Desktop\aswMBR.txt" Geändert von Zirco (20.12.2011 um 14:37 Uhr) |
|
20.12.2011, 15:06
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7 gesperrt mit Zahlungsaufforderung Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.12.2011, 18:08
| #25 |
| | Windows7 gesperrt mit Zahlungsaufforderung Hier jetzt die Logs von Malware und AntiSpyware: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8402 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 20.12.2011 15:48:36 mbam-log-2011-12-20 (15-48-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 320262 Laufzeit: 32 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 12/20/2011 at 05:35 PM
Application Version : 5.0.1142
Core Rules Database Version : 8070
Trace Rules Database Version: 5882
Scan type : Complete Scan
Total Scan Time : 01:35:56
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 626
Memory threats detected : 0
Registry items scanned : 70296
Registry threats detected : 0
File items scanned : 185179
File threats detected : 602
Adware.Tracking Cookie
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\bastian@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\bastian@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\bastian@cts.metricsdirect[2].txt [ /cts.metricsdirect ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\bastian@cts.zroitracker[2].txt [ /cts.zroitracker ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\bastian@msadcenter.112.2o7[1].txt [ /msadcenter.112.2o7 ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\bastian@tracking.mindshare[1].txt [ /tracking.mindshare ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\bastian@www.elitepartner[1].txt [ /www.elitepartner ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\WJN1V8XE.txt [ /ad.360yield.com ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\V0F94SNH.txt [ /invitemedia.com ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\P1EPNWOZ.txt [ /adfarm1.adition.com ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\9CHWN4SI.txt [ /tracking.quisma.com ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\TRUNCS78.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\RMNCMUO9.txt [ /xiti.com ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\4S53CDPL.txt [ /doubleclick.net ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\0183A2X1.txt [ /revsci.net ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\JMPFKGL7.txt [ /im.banner.t-online.de ]
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Cookies\W94V7SNI.txt [ /ad4.adfarm1.adition.com ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W9UYVT08.txt [ Cookie:bastian@fastclick.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@stats.e-domizil[1].txt [ Cookie:bastian@stats.e-domizil.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@rotator.adjuggler[1].txt [ Cookie:bastian@rotator.adjuggler.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@jibjab.112.2o7[1].txt [ Cookie:bastian@jibjab.112.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MONCW3L7.txt [ Cookie:bastian@zanox-affiliate.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@hamburgerabendblattdedev.122.2o7[1].txt [ Cookie:bastian@hamburgerabendblattdedev.122.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@www.trafficmaxx[1].txt [ Cookie:bastian@www.trafficmaxx.de/controlcenter/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@stats.m24[2].txt [ Cookie:bastian@stats.m24.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@2o7[2].txt [ Cookie:bastian@2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2D1WF0Y1.txt [ Cookie:bastian@ad.zanox.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YFFK1RPR.txt [ Cookie:bastian@smartadserver.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@e-2dj6wjk4oldjgfp.stats.esomniture[2].txt [ Cookie:bastian@e-2dj6wjk4oldjgfp.stats.esomniture.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\44LGCOQO.txt [ Cookie:bastian@ww251.smartadserver.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@track.webtrekk[1].txt [ Cookie:bastian@track.webtrekk.de/511731243725473/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@jumbo-discount[2].txt [ Cookie:bastian@jumbo-discount.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MUMG4FQB.txt [ Cookie:bastian@adfarm1.adition.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X8IJGWJA.txt [ Cookie:bastian@tracking.mindshare.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@nextag[3].txt [ Cookie:bastian@nextag.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@sales.liveperson[1].txt [ Cookie:bastian@sales.liveperson.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@de.sitestat[1].txt [ Cookie:bastian@de.sitestat.com/is24/is24/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@www9.discount24[1].txt [ Cookie:bastian@www9.discount24.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@ehg-dievisiongmbh.hitbox[1].txt [ Cookie:bastian@ehg-dievisiongmbh.hitbox.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@medhelpinternational.112.2o7[1].txt [ Cookie:bastian@medhelpinternational.112.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@adserv.chirurgie-portal[2].txt [ Cookie:bastian@adserv.chirurgie-portal.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XE7FQC5M.txt [ Cookie:bastian@atdmt.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@webstats.liberale[1].txt [ Cookie:bastian@webstats.liberale.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IB3JQBI1.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1054854175/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@fl01.ct2.comclick[2].txt [ Cookie:bastian@fl01.ct2.comclick.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@liveperson[1].txt [ Cookie:bastian@liveperson.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8HP6KCNO.txt [ Cookie:bastian@ad.adnet.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@adsrv.admediate[2].txt [ Cookie:bastian@adsrv.admediate.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\M7YMO2QL.txt [ Cookie:bastian@content.yieldmanager.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@dc.tremormedia[1].txt [ Cookie:bastian@dc.tremormedia.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@overture[2].txt [ Cookie:bastian@overture.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@a7.adserver01[1].txt [ Cookie:bastian@a7.adserver01.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@de.at.atwola[1].txt [ Cookie:bastian@de.at.atwola.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@www.zanox-affiliate[2].txt [ Cookie:bastian@www.zanox-affiliate.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@banner.testberichte[2].txt [ Cookie:bastian@banner.testberichte.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\21EJAXDF.txt [ Cookie:bastian@tradedoubler.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G258NN09.txt [ Cookie:bastian@webmasterplan.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@xiti[1].txt [ Cookie:bastian@xiti.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TU3FGGS7.txt [ Cookie:bastian@doubleclick.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\61TQI4G0.txt [ Cookie:bastian@www.etracker.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9X7VCI8N.txt [ Cookie:bastian@revsci.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@autoscout24.112.2o7[2].txt [ Cookie:bastian@autoscout24.112.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7RJE61Y.txt [ Cookie:bastian@statse.webtrendslive.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@stat.dealtime[1].txt [ Cookie:bastian@stat.dealtime.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BO3Q8H2Y.txt [ Cookie:bastian@advertising.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KE5FOL20.txt [ Cookie:bastian@adtech.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@whirlpool-discount[2].txt [ Cookie:bastian@whirlpool-discount.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RWZCT641.txt [ Cookie:bastian@traffictrack.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@daimlerag.122.2o7[1].txt [ Cookie:bastian@daimlerag.122.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@ads.quartermedia[2].txt [ Cookie:bastian@ads.quartermedia.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MXYP46TZ.txt [ Cookie:bastian@serving-sys.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IESCC3V9.txt [ Cookie:bastian@media6degrees.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@de.sitestat[5].txt [ Cookie:bastian@de.sitestat.com/karstadt-de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@www.active-tracking[1].txt [ Cookie:bastian@www.active-tracking.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V0IDH8X0.txt [ Cookie:bastian@ad.yieldmanager.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\02A51AS3.txt [ Cookie:bastian@im.banner.t-online.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@unitymedia[2].txt [ Cookie:bastian@unitymedia.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@roitracking[1].txt [ Cookie:bastian@roitracking.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@s4.shinystat[1].txt [ Cookie:bastian@s4.shinystat.com/cgi-bin/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@tracking.financescout24[2].txt [ Cookie:bastian@tracking.financescout24.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@stats.lexisnexis[1].txt [ Cookie:bastian@stats.lexisnexis.de/piwik/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@imrworldwide[2].txt [ Cookie:bastian@imrworldwide.com/cgi-bin ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@adserver.traffictrack[1].txt [ Cookie:bastian@adserver.traffictrack.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@shinystat[2].txt [ Cookie:bastian@shinystat.com/cgi-bin/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@bluestreak[2].txt [ Cookie:bastian@bluestreak.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@shop.zanox[2].txt [ Cookie:bastian@shop.zanox.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@www.traffictrack[1].txt [ Cookie:bastian@www.traffictrack.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@track.comvel[1].txt [ Cookie:bastian@track.comvel.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@e-2dj6wfkokmdzmhq.stats.esomniture[2].txt [ Cookie:bastian@e-2dj6wfkokmdzmhq.stats.esomniture.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\21EKRYN2.txt [ Cookie:bastian@track.effiliation.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XZKN98HO.txt [ Cookie:bastian@invitemedia.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@m1.webstats.motigo[1].txt [ Cookie:bastian@m1.webstats.motigo.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@www.ms-forelle[1].txt [ Cookie:bastian@www.ms-forelle.de/counter/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@discount24[1].txt [ Cookie:bastian@discount24.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@tracking.dc-storm[2].txt [ Cookie:bastian@tracking.dc-storm.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@audiag.112.2o7[1].txt [ Cookie:bastian@audiag.112.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@adx.chip[2].txt [ Cookie:bastian@adx.chip.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@CAQE6D2V.txt [ Cookie:bastian@de.sitestat.com/haba/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@de.sitestat[3].txt [ Cookie:bastian@de.sitestat.com/is24-community/is24-community/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@advertstream[1].txt [ Cookie:bastian@advertstream.com/a ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@www.ad-track[2].txt [ Cookie:bastian@www.ad-track.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@thomascookag.122.2o7[1].txt [ Cookie:bastian@thomascookag.122.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@fr.sitestat[2].txt [ Cookie:bastian@fr.sitestat.com/europcar/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@studivz.adfarm1.adition[1].txt [ Cookie:bastian@studivz.adfarm1.adition.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@cdn5.specificclick[2].txt [ Cookie:bastian@cdn5.specificclick.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@de.sitestat[9].txt [ Cookie:bastian@de.sitestat.com/is24-mail/is24-mail/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DIEU79ZH.txt [ Cookie:bastian@adviva.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@warnerbros.112.2o7[1].txt [ Cookie:bastian@warnerbros.112.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\A475P105.txt [ Cookie:bastian@bizrate.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@ams.motorpresse-statistik[1].txt [ Cookie:bastian@ams.motorpresse-statistik.de/track/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@track.webtrekk[2].txt [ Cookie:bastian@track.webtrekk.de/332342434234234/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\94PIYXWC.txt [ Cookie:bastian@casalemedia.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@ad.adserver01[1].txt [ Cookie:bastian@ad.adserver01.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@zedo[1].txt [ Cookie:bastian@zedo.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@de.sitestat[8].txt [ Cookie:bastian@de.sitestat.com/webde/webde/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@CAL4WEY8.txt [ Cookie:bastian@de.sitestat.com/sport1/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@adxpose[1].txt [ Cookie:bastian@adxpose.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@msnportal.112.2o7[1].txt [ Cookie:bastian@msnportal.112.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@adserver.doccheck[2].txt [ Cookie:bastian@adserver.doccheck.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@tracking.hannoversche[1].txt [ Cookie:bastian@tracking.hannoversche.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@komtrack[4].txt [ Cookie:bastian@komtrack.com/tr/104440 ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@de.sitestat[11].txt [ Cookie:bastian@de.sitestat.com/sport1/sport1-de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@tracking.hrs[1].txt [ Cookie:bastian@tracking.hrs.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@e-2dj6wnkyakc5cko.stats.esomniture[2].txt [ Cookie:bastian@e-2dj6wnkyakc5cko.stats.esomniture.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@media.legacy[1].txt [ Cookie:bastian@media.legacy.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@specificclick[1].txt [ Cookie:bastian@specificclick.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@adcentriconline[2].txt [ Cookie:bastian@adcentriconline.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@webstat.schauinslandreisen[2].txt [ Cookie:bastian@webstat.schauinslandreisen.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJ5626ML.txt [ Cookie:bastian@banner.holidaycheck.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW54DA63.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1022713655/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@hotelreservationservice.122.2o7[1].txt [ Cookie:bastian@hotelreservationservice.122.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@stat.kindergrabsteine[2].txt [ Cookie:bastian@stat.kindergrabsteine.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@fr.sitestat[1].txt [ Cookie:bastian@fr.sitestat.com/europcar/europcar-de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@tracking.tchibo[1].txt [ Cookie:bastian@tracking.tchibo.de/683553670525906/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6TM7QJFI.txt [ Cookie:bastian@bs.serving-sys.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@dealtime[1].txt [ Cookie:bastian@dealtime.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XODKQL9E.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1033823658/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@komtrack[2].txt [ Cookie:bastian@komtrack.com/tr ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@rewetouristik.112.2o7[1].txt [ Cookie:bastian@rewetouristik.112.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AIUXTQWK.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/976126003/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@skyscanner[1].txt [ Cookie:bastian@skyscanner.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@stats.edgevertising[2].txt [ Cookie:bastian@stats.edgevertising.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J18FH8SI.txt [ Cookie:bastian@ich.adscale.de/adserver-ich/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RHNHX2VG.txt [ Cookie:bastian@ad3.adfarm1.adition.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KDDH5UVQ.txt [ Cookie:bastian@partners.webmasterplan.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@holidaycheckag.122.2o7[1].txt [ Cookie:bastian@holidaycheckag.122.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@ads.pointroll[2].txt [ Cookie:bastian@ads.pointroll.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5XANQT2T.txt [ Cookie:bastian@ad.dyntracker.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@tracking.9flats[1].txt [ Cookie:bastian@tracking.9flats.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@data.coremetrics[1].txt [ Cookie:bastian@data.coremetrics.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@vodafonegroup.122.2o7[1].txt [ Cookie:bastian@vodafonegroup.122.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7HBDDKOE.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1055990288/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@germanwings.112.2o7[1].txt [ Cookie:bastian@germanwings.112.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ETM0ZG3T.txt [ Cookie:bastian@www.burstnet.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@finanzportal20.112.2o7[1].txt [ Cookie:bastian@finanzportal20.112.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@r.unicornmedia[1].txt [ Cookie:bastian@r.unicornmedia.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZFIH3N3.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1068000683/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UQLOL73X.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1059070878/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@tracking.3gnet[1].txt [ Cookie:bastian@tracking.3gnet.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JLNSC2ZX.txt [ Cookie:bastian@ad2.adfarm1.adition.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@wlw.122.2o7[1].txt [ Cookie:bastian@wlw.122.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@elitepartner.tt.omtrdc[2].txt [ Cookie:bastian@elitepartner.tt.omtrdc.net/m2/elitepartner ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@www.elitepartner[1].txt [ Cookie:bastian@www.elitepartner.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@server.iad.liveperson[2].txt [ Cookie:bastian@server.iad.liveperson.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2L7MHYRR.txt [ Cookie:bastian@dyntracker.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3GER9831.txt [ Cookie:bastian@in.getclicky.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1J1KE1OU.txt [ Cookie:bastian@ad1.adfarm1.adition.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@opodo.122.2o7[1].txt [ Cookie:bastian@opodo.122.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\07NMUSF4.txt [ Cookie:bastian@adform.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@CADC3I2P.txt [ Cookie:bastian@de.sitestat.com/haba/haba-de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@de.sitestat[4].txt [ Cookie:bastian@de.sitestat.com/karstadt-de/karstadt/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@tracking.klicktel[1].txt [ Cookie:bastian@tracking.klicktel.de/dcsss9ls200000oevks2cey4q_8r3x ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U5Q0ID1W.txt [ Cookie:bastian@hightraffic.hugoboss.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@ad.dyntracker[1].txt [ Cookie:bastian@ad.dyntracker.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2P21D61G.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1070835972/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@google[6].txt [ Cookie:bastian@google.com/accounts/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@elitepartner[2].txt [ Cookie:bastian@elitepartner.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WBXF4MB0.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1071952370/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@adserver.clipscale[1].txt [ Cookie:bastian@adserver.clipscale.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WCJL03U7.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1038308878/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@clickandbuy[1].txt [ Cookie:bastian@clickandbuy.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@zbox.zanox[2].txt [ Cookie:bastian@zbox.zanox.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S0Q8FON6.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1047094311/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8S9H8KLK.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/976232829/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EEZQUL4F.txt [ Cookie:bastian@ru4.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DJZ48ZQM.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1071378202/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OMY8DV5E.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1053675000/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NL6S3VLL.txt [ Cookie:bastian@adserver.department-x.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@tuifly.122.2o7[1].txt [ Cookie:bastian@tuifly.122.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@tracking.s24[1].txt [ Cookie:bastian@tracking.s24.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DL6OAWW8.txt [ Cookie:bastian@secmedia.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4F2HRJ07.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1029381574/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XL235QNB.txt [ Cookie:bastian@icompetence.122.2o7.net/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4059CN9X.txt [ Cookie:bastian@adbrite.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@start.elitepartner[1].txt [ Cookie:bastian@start.elitepartner.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VXFECF4V.txt [ Cookie:bastian@clickfuse.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3T6J5QOE.txt [ Cookie:bastian@eyewonder.com/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VQHGJ0V.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1069414497/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@www.google[1].txt [ Cookie:bastian@www.google.com/accounts ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\023AXOMN.txt [ Cookie:bastian@www.googleadservices.com/pagead/conversion/1069769807/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\bastian@marktplatz.nordclick[1].txt [ Cookie:bastian@marktplatz.nordclick.de/ ]
C:\USERS\BASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N1PT1ED1.txt [ Cookie:bastian@ww381.smartadserver.com/ ]
C:\USERS\BASTIAN\Cookies\V0F94SNH.txt [ Cookie:bastian@invitemedia.com/ ]
C:\USERS\BASTIAN\Cookies\bastian@cts.zroitracker[2].txt [ Cookie:bastian@cts.zroitracker.com/ ]
C:\USERS\BASTIAN\Cookies\P1EPNWOZ.txt [ Cookie:bastian@adfarm1.adition.com/ ]
C:\USERS\BASTIAN\Cookies\bastian@tracking.mindshare[1].txt [ Cookie:bastian@tracking.mindshare.de/ ]
C:\USERS\BASTIAN\Cookies\bastian@cts.metricsdirect[2].txt [ Cookie:bastian@cts.metricsdirect.com/ ]
C:\USERS\BASTIAN\Cookies\bastian@content.yieldmanager[1].txt [ Cookie:bastian@content.yieldmanager.com/ ]
C:\USERS\BASTIAN\Cookies\TRUNCS78.txt [ Cookie:bastian@ad2.adfarm1.adition.com/ ]
C:\USERS\BASTIAN\Cookies\RMNCMUO9.txt [ Cookie:bastian@xiti.com/ ]
C:\USERS\BASTIAN\Cookies\4S53CDPL.txt [ Cookie:bastian@doubleclick.net/ ]
C:\USERS\BASTIAN\Cookies\bastian@www.elitepartner[1].txt [ Cookie:bastian@www.elitepartner.de/ ]
C:\USERS\BASTIAN\Cookies\0183A2X1.txt [ Cookie:bastian@revsci.net/ ]
C:\USERS\BASTIAN\Cookies\bastian@ad.yieldmanager[1].txt [ Cookie:bastian@ad.yieldmanager.com/ ]
C:\USERS\BASTIAN\Cookies\JMPFKGL7.txt [ Cookie:bastian@im.banner.t-online.de/ ]
a.banner.t-online.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
akamai.smartadserver.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
cdn.eyewonder.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
cdn5.specificclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
delivery.ibanner.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
ia.media-imdb.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
imagesrv.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
inwmedia.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
objects.tremormedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
s0.2mdn.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
secure-uk.imrworldwide.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
vht.tradedoubler.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
www.mediamarkt.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YVTN99SZ ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@GUJ.122.2O7[1].TXT [ /GUJ.122.2O7 ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@ADS.ADK2[1].TXT [ /ADS.ADK2 ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@PAYPAL.112.2O7[1].TXT [ /PAYPAL.112.2O7 ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@E-2DJ6WCMIEJDZSBO.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WCMIEJDZSBO.STATS.ESOMNITURE ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@STATS.LINX[2].TXT [ /STATS.LINX ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@ADS.SPORTWERK[2].TXT [ /ADS.SPORTWERK ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@AD.LANDWIRT[1].TXT [ /AD.LANDWIRT ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@ADS.JINKADS[1].TXT [ /ADS.JINKADS ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@NEXTAG[2].TXT [ /NEXTAG ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@ADS.MIOMEDI[1].TXT [ /ADS.MIOMEDI ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@WWW.DISCOUNT24[2].TXT [ /WWW.DISCOUNT24 ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@HITBOX[2].TXT [ /HITBOX ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@COLLECTIVE-MEDIA[1].TXT [ /COLLECTIVE-MEDIA ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@KOMTRACK[3].TXT [ /KOMTRACK ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@IM.BANNER.T-ONLINE[2].TXT [ /IM.BANNER.T-ONLINE ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@VALUECLICK[1].TXT [ /VALUECLICK ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@AD.ADITION[1].TXT [ /AD.ADITION ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@ADS.KAERNTEN[1].TXT [ /ADS.KAERNTEN ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@SALES.LIVEPERSON[3].TXT [ /SALES.LIVEPERSON ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@AD.BEEPWORLD[2].TXT [ /AD.BEEPWORLD ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@NORDCLICK[1].TXT [ /NORDCLICK ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@GO.DYNAMIC-TRACKING[1].TXT [ /GO.DYNAMIC-TRACKING ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@POINTROLL[2].TXT [ /POINTROLL ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@MICROSOFTMACHINETRANSLATION.112.2O7[1].TXT [ /MICROSOFTMACHINETRANSLATION.112.2O7 ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@TRACKMATICS[1].TXT [ /TRACKMATICS ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@ADS.IMMOBILIENSCOUT24[1].TXT [ /ADS.IMMOBILIENSCOUT24 ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@STAT.ALDI[1].TXT [ /STAT.ALDI ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@MEDIABRANDSWW[1].TXT [ /MEDIABRANDSWW ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@ADS.BRANDWIRE[1].TXT [ /ADS.BRANDWIRE ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@AD1.CHEFKOCH[1].TXT [ /AD1.CHEFKOCH ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@LIVEPERSON[4].TXT [ /LIVEPERSON ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@AD.VIS[1].TXT [ /AD.VIS ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@APMEBF[1].TXT [ /APMEBF ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@STATS.UNITED-DOMAINS[2].TXT [ /STATS.UNITED-DOMAINS ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@LIVEPERSON[2].TXT [ /LIVEPERSON ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@IM.BANNER.T-ONLINE[3].TXT [ /IM.BANNER.T-ONLINE ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@HIMEDIA.INDIVIDUAD[2].TXT [ /HIMEDIA.INDIVIDUAD ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@A.REVENUEMAX[1].TXT [ /A.REVENUEMAX ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@CLICK-LICHT[1].TXT [ /CLICK-LICHT ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@ADSERVER.ADTECHUS[1].TXT [ /ADSERVER.ADTECHUS ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@CONRAD.122.2O7[1].TXT [ /CONRAD.122.2O7 ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@MEDIA.MEDHELP[1].TXT [ /MEDIA.MEDHELP ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@AD.ADC-SERV[2].TXT [ /AD.ADC-SERV ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@ADS.CLUBPORTAL[1].TXT [ /ADS.CLUBPORTAL ]
C:\USERS\BASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BASTIAN@AD.MAKEIT-ONLINE[1].TXT [ /AD.MAKEIT-ONLINE ]
.doubleclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.find-best-offers.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.videoegg.adbureau.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.bluestreak.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.eqtracking.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ltur.112.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.autoscout24.112.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.audiag.112.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adcentriconline.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
r.unicornmedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracking.fahrrad.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracking.fahrrad.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.cb.adbureau.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
stat.vattenfall.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.skydeutschland.122.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.tele2de.112.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracking.gameforge.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.nordclick.immonet.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
pw1.nordclick.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ikmultimedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.vodafonegroup.122.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.gostats.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
adserver.itsfogo.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ads.mikinimedia.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.libri.112.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.bwincom.122.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.shopping.112.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.cheaptickets.122.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
adserver2.clipkit.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.hansenet.122.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracking.financescout24.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
namco.missioncontrol.global-media.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.chitika.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.trafficrevenue.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.countomat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.vinvest.122.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.2.cqcounter.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracking.gameforge.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.mobildiscounter.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.mobildiscounter.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.mobildiscounter.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
stats.fuchsi.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.secmedia.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.holidaycheckag.122.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.trackmatics.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.thomascookag.122.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.germanwings.112.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
user.lucidmedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
stats.abmatten.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.game-advertising-online.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ad.velmedia.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.velmedia.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.sevenoneintermedia.112.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.advertstream.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
stats.justhost.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.visit-tracker.biz [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.visit-tracker.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
trackstatsnow.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracking.hostgator.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
servedby.adxpower.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
servedby.adxpower.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adserver.gs [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.stepstone.112.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
primary.bannerwerbung.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracking.tchibo.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.elitepartner.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
banner.testberichte.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
upvalue1.easymedia-adserver.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
adserv.chirurgie-portal.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
banner.holidaycheck.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracker.pegsanalytics.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
tracker.pegsanalytics.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
stat.aldi.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
stat.aldi.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.harrenmedianetwork.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YBO7QYY.DEFAULT\COOKIES.SQLITE ]
|
|
20.12.2011, 21:40
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7 gesperrt mit Zahlungsaufforderung Nur harmlose Cookies. Kannste aber so löschen. Was ist mit ESET?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.12.2011, 23:07
| #27 |
| | Windows7 gesperrt mit Zahlungsaufforderung ESET findet noch zwei threats. Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-19 07:30:43
# local_time=2011-12-19 08:30:43 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 30679247 30679247 0 0
# compatibility_mode=5893 16776573 100 94 4002 75948969 0 0
# compatibility_mode=8192 67108863 100 0 3770 3770 0 0
# scanned=164431
# found=2
# cleaned=0
# scan_time=3944
C:\Users\Bastian\AppData\Local\Mozilla\Firefox\Profiles\7ybo7qyy.default\Cache\2201F506d01 JS/Kryptik.EP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Bastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\61d520d9-134c51a1 Java/Exploit.CVE-2011-3544.G trojan (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 10:01:24
# local_time=2011-12-20 11:01:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 30774535 30774535 0 0
# compatibility_mode=5893 16776573 100 94 16145 76044257 0 0
# compatibility_mode=8192 67108863 100 0 99058 99058 0 0
# scanned=158737
# found=2
|
|
21.12.2011, 09:56
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7 gesperrt mit Zahlungsaufforderung Kann so gelöscht werden. Sind nur Überreste im Cache. Rechner ansonsten wieder im Lot?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2011, 10:15
| #29 |
| | Windows7 gesperrt mit Zahlungsaufforderung Ja, ich kann keine Auffälligkeiten feststellen! Heißt das wir sind hier fertig? Gruß, Mirko |
|
21.12.2011, 12:35
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7 gesperrt mit Zahlungsaufforderung Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Flashplayer Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers => Adobe - Andere Version des Adobe Flash Player installieren (Alternativ bei Chip => http://filepony.de/?q=Flash+Player) Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows7 gesperrt mit Zahlungsaufforderung |
| abgesicherte, abgesicherten, andere, anderen, angeblich, arbeit, aufforderung, bildschirm, erscheint, gefahrlos, gelingt, gesperrt, große, leisten, modus, problem, rechners, respekt, schwarzer, schwarzer bildschirm, starte, threads, windows, zahlung, ziehen, ähnliches |
Linear-Darstellung
