|
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs Trojaner - Rechnung von Pearlfection.deWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.06.2012, 20:58 | #1 | |||
| Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo liebe Community, ich habe ein Notebook von einem Bekannten in die Hand gedrückt bekommen, der von einem netten und für mich neue Art eines Trojaners befallen ist. Folgende Informationen habe ich von meinem Bekannten bekommen: Er hat eine E-Mail von Pearlfection.de über einen hohen 4 stelligen Betrag erhalten und hat vor schreck die Anlage geöffnet - das war eine "Rechnung" als zip Format. Nachdem er diese Rechnung geöffnet hatte wurden sämtliche Word Dateien etc. verschlüsselt und es wurde eine Textdatei erstellt auf dem Desktop mit Folgendem Inhalt: Zitat:
Ich habe erstmal alle Systemstarts deaktiviert (msconfig --> Systemstarts), alle Virenscanner deaktiviert und daraufhin einen vollen Scan mit Malwarebytes durchgeführt. (ich habe mich aus Unkenntnis mit dem Programm noch nicht getraut den Butonn "alles Löschen" zu drücken. Folgende Log habe ich erhalten: Zitat:
Zitat:
Da durchaus wichtige Daten auf dem PC sind habe ich noch keine weiteren Schritte eingeleitet. Ich bin zwar relativ Firm im Umgang mit PCs (FiSi) allerdings habe ich Angst, dass die Daten unwiederruflich zerstört sind. Könnt Ihr mich vlt auf meinen Schritten begleiten um meinen Bekannten von dem Befall zu befreien und die Daten zu behalten? Über jeden Tipp wäre ich Dankbar. Viele Grüße Thomas Hallo, habe nochmal OTL und fogger durchlaufen lassen. Fogger hat nichts gefunden. OTL.txt hat folgenden Inhalt Code:
ATTFilter OTL logfile created on: 15.06.2012 14:08:16 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 51,32% Memory free 7,36 Gb Paging File | 5,23 Gb Available in Paging File | 71,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 324,38 Gb Free Space | 71,66% Space Free | Partition Type: NTFS Drive D: | 3,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,64% Space Free | Partition Type: FAT32 Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe PRC - [2012.06.12 18:44:59 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Christian\AppData\Local\MediaGet2\mediaget.exe PRC - [2012.05.25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012.05.13 20:25:32 | 000,019,768 | ---- | M] (Smartbar) -- C:\Users\Christian\AppData\Local\Smartbar\Application\Linkury.exe PRC - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 16:15:30 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.03 20:20:08 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe PRC - [2012.05.03 20:20:08 | 000,932,528 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.04.23 18:00:21 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2012.04.16 01:23:59 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.29 00:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.02.28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.02.22 10:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.06.12 18:44:59 | 011,742,440 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtWebKit4.dll MOD - [2012.06.12 18:44:59 | 008,227,560 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtGui4.dll MOD - [2012.06.12 18:44:59 | 002,554,088 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtXmlPatterns4.dll MOD - [2012.06.12 18:44:59 | 002,430,184 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtDeclarative4.dll MOD - [2012.06.12 18:44:59 | 002,297,576 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtCore4.dll MOD - [2012.06.12 18:44:59 | 002,267,368 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\libvlccore.dll MOD - [2012.06.12 18:44:59 | 001,298,152 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtScript4.dll MOD - [2012.06.12 18:44:59 | 000,979,176 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtNetwork4.dll MOD - [2012.06.12 18:44:59 | 000,343,784 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtXml4.dll MOD - [2012.06.12 18:44:59 | 000,224,488 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\imageformats\qmng4.dll MOD - [2012.06.12 18:44:59 | 000,200,424 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\imageformats\qjpeg4.dll MOD - [2012.06.12 18:44:59 | 000,195,304 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtSql4.dll MOD - [2012.06.12 18:44:59 | 000,105,192 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\libvlc.dll MOD - [2012.06.12 18:44:59 | 000,030,440 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\imageformats\qgif4.dll MOD - [2012.05.13 20:26:22 | 000,016,184 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll MOD - [2012.05.13 20:26:18 | 000,024,888 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll MOD - [2012.05.13 20:26:16 | 000,019,256 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll MOD - [2012.05.13 20:26:12 | 000,013,112 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll MOD - [2012.05.13 20:26:08 | 000,067,896 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll MOD - [2012.05.13 20:26:06 | 000,331,576 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.FilesManager.dll MOD - [2012.05.13 20:26:06 | 000,034,616 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll MOD - [2012.05.13 20:26:02 | 000,015,672 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll MOD - [2012.05.13 20:26:00 | 000,078,648 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll MOD - [2012.05.13 20:25:54 | 000,018,232 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll MOD - [2012.05.13 20:25:52 | 000,054,584 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll MOD - [2012.05.13 20:25:42 | 000,011,576 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll MOD - [2012.05.13 20:25:40 | 000,028,472 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll MOD - [2012.05.13 20:25:38 | 000,013,112 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll MOD - [2012.05.13 20:25:38 | 000,012,088 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll MOD - [2012.05.13 20:25:34 | 001,218,360 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll MOD - [2012.05.13 20:25:34 | 000,080,696 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll MOD - [2012.05.13 20:25:32 | 000,542,008 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll MOD - [2012.05.13 20:24:30 | 000,046,904 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\MACTrackBarLib.dll MOD - [2012.05.13 20:24:18 | 000,025,400 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\de\Smartbar.GUI.MainClient.resources.dll MOD - [2012.05.10 08:35:02 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll MOD - [2012.05.10 07:41:16 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll MOD - [2012.05.10 07:38:28 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\59a5af8e3ea07f7980e0476d2da234cd\System.Web.Services.ni.dll MOD - [2012.05.10 07:38:25 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll MOD - [2012.05.10 07:38:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 07:38:11 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll MOD - [2012.05.10 07:38:10 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012.05.10 07:38:09 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.10 07:37:25 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.05.10 07:37:12 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.05.10 07:36:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.10 07:36:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.10 07:36:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.10 07:36:17 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.03 20:20:08 | 020,101,120 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2012.05.03 20:20:08 | 000,932,528 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.04.02 15:36:52 | 000,910,648 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2012.04.02 15:36:50 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2012.04.02 15:36:49 | 000,145,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll MOD - [2010.11.18 02:28:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2010.06.29 00:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2010.02.28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2012.02.08 23:10:36 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.12 18:06:48 | 004,700,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.11.17 18:09:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 16:15:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 16:15:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.24 15:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 07:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.28 04:06:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.06.21 11:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.13 12:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2007.09.17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2012.04.23 18:01:07 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry_nt IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes,DefaultScope = {2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=eea245cd00000000000018f46a895e52 IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=609ABE12-EA01-4ED9-91A6-0419BDB7AA96&apn_sauid=7C96F8C7-9005-489C-ADF8-1D79730BBAEC IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry" FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0 FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011.03.03 23:00:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions [2011.03.03 23:00:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.22 21:46:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.22 21:46:40 | 000,000,000 | ---D | M] [2011.02.27 00:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2012.06.14 18:43:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions [2011.09.19 02:42:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com [2012.06.14 18:43:11 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com [2012.06.14 18:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged [2012.05.09 23:14:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com [2012.02.01 23:00:50 | 000,002,572 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml [2012.05.12 00:47:24 | 000,002,468 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml [2012.06.14 18:43:15 | 000,002,474 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml [2012.01.13 19:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.13 19:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012.01.13 19:30:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.21 07:50:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.19 02:42:28 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.07.21 07:50:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.07.21 07:50:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.07.21 07:50:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.07.21 07:50:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Yahoo! Deutschland (Enabled) CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=827316&p={searchTerms} CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [ClickPotatoLiteSA] "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe" File not found O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [AutoStart PC Studio] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NewPCStudio.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Browser Infrastructure Helper] C:\Users\Christian\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Facebook Update] C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [MediaGet2] C:\Users\Christian\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Spotify] C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C44FE9DB-6136-40F9-9A08-059A7EF7DD50}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell - "" = AutoRun O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.15 14:07:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.06.14 18:40:06 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.14 18:39:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.14 18:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.14 18:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012.05.20 11:21:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.18 04:29:48 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook ========== Files - Modified Within 30 Days ========== [2012.06.15 14:07:06 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable [2012.06.15 14:04:45 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.15 14:04:43 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job [2012.06.15 14:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.15 10:22:16 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job [2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.06.14 18:43:17 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 18:43:17 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 18:39:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 18:39:34 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 18:39:34 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 18:39:34 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 18:39:34 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 18:39:34 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.14 18:39:20 | 000,001,262 | ---- | M] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk [2012.06.14 18:34:08 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.14 18:33:41 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys [2012.06.12 10:13:19 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.05 11:29:54 | 000,001,407 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml [2012.06.05 11:29:45 | 000,001,043 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2012.05.18 04:29:49 | 000,001,344 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ========== Files Created - No Company Name ========== [2012.06.15 14:07:06 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable [2012.06.14 18:39:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 18:39:20 | 000,001,262 | ---- | C] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk [2012.06.05 08:35:31 | 000,001,407 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml [2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.02.01 23:36:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.07.21 08:09:13 | 000,937,001 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.03.03 23:02:22 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.03.03 23:02:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.02.27 00:33:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.25 19:58:17 | 001,527,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.30 11:45:41 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.08.30 11:45:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.08.30 11:45:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.08.30 11:45:40 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.08.30 11:45:39 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe ========== LOP Check ========== [2011.09.19 02:42:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon [2011.10.09 07:25:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.04.08 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\eSobi [2012.02.13 13:49:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreePDF [2012.01.19 05:56:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0 [2011.12.20 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Get LLC [2012.06.10 22:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nitro PDF [2012.04.02 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy [2011.12.25 23:14:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite [2012.04.02 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\pdfforge [2011.07.21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\QuickScan [2012.04.23 23:49:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung [2011.03.03 23:00:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ShopperReports3 [2011.07.09 01:14:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simfy [2012.06.14 14:05:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client [2012.06.14 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify [2012.04.24 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Temp [2011.02.25 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP [2012.06.15 10:22:16 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job [2012.06.15 14:04:43 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job [2012.02.11 00:54:12 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.06.2012 14:08:16 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 51,32% Memory free 7,36 Gb Paging File | 5,23 Gb Available in Paging File | 71,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 324,38 Gb Free Space | 71,66% Space Free | Partition Type: NTFS Drive D: | 3,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,64% Space Free | Partition Type: FAT32 Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10857FF3-734D-45A3-80FA-F39369D04356}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{161E8734-C1CC-49AD-BD4E-735E71FF030A}" = lport=2869 | protocol=6 | dir=in | app=system | "{230DC425-49D3-404F-ABE4-307BBEE6004E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3DDAB82D-A683-4241-AAF5-58FB6D7B8BA0}" = lport=138 | protocol=17 | dir=in | app=system | "{41A3161B-8C48-4453-AD02-1F96928800BA}" = rport=10243 | protocol=6 | dir=out | app=system | "{58180E4F-3503-4B2D-BFA2-4A323A700F48}" = rport=137 | protocol=17 | dir=out | app=system | "{5FC2DFA1-60E4-436E-A573-3CB62F4E20C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{616173E2-BB5A-40B5-8715-B8E899E8944B}" = rport=138 | protocol=17 | dir=out | app=system | "{66C86EE0-2D3A-4440-AACD-5BEB8542024B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6B4A0B2A-B75F-40CC-95AD-19F0483392B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6BC72F9F-8EFC-4991-989D-1085EAA06BA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{87FF08D8-1254-462F-8888-DC5D6192DE09}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{99A110CA-C174-4442-B06F-F50E82C12D56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9CFD2095-FE98-44EB-8993-E3764D9D1E53}" = lport=139 | protocol=6 | dir=in | app=system | "{AC16C13F-F71C-42BA-AE6A-79E0CCB5E27B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AEA86731-8348-4878-842C-869113AC646C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B8E23DE0-53A5-4835-B2F8-FE7CDEDC8FA2}" = rport=139 | protocol=6 | dir=out | app=system | "{B9E5EBD9-872F-4C79-852B-620A66E62ADC}" = lport=137 | protocol=17 | dir=in | app=system | "{C111084D-C3B3-4356-9FCF-F1ABB528A8EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C61E10A9-4960-4589-8FF7-21829547AC68}" = lport=10243 | protocol=6 | dir=in | app=system | "{CD6BE791-3401-474B-AB7F-FC97D9A13BC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D9357A0B-53FC-4340-B1E8-865320AF9C2D}" = rport=445 | protocol=6 | dir=out | app=system | "{FA92B3BA-6F55-4025-BE79-B5A7909406EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FEFAAC15-9DBF-4FFA-B2AB-FD66B09D1B1D}" = lport=2869 | protocol=6 | dir=in | app=system | "{FF1CA649-B3BD-44A4-84A6-CFC7FC5E9CEA}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{090253AD-C4D0-4F79-8BFE-9F150D79839D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0B084B26-9548-471A-9A37-0C6FC1FB475A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{0DDF194E-4DA1-4252-AB3E-345112F8A67A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{153D2E66-CCFB-4867-AF6A-E47BB1024F07}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{1F586E89-AB16-4F7C-B44E-5944766FB512}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2201BD05-0B95-4C03-9CF5-BCFC92E5B055}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2B3DFD1C-48AF-46B8-B34D-175B4D37F2CC}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{2DEB3814-A9A1-432C-A3C3-55F4A53237A4}" = protocol=6 | dir=in | app=d:\alicecd.exe | "{2E9D5C3D-8D1A-4C80-AD17-6CAAF26351BB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{30C41EDF-8E61-4A8A-AE9A-9D0278FE3FCB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{366DA055-E4B3-4AFC-BBC9-31BCD9EB0D67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3DA502C7-D292-4187-A459-33F98AC03664}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{4894F62B-2D64-4D39-AFF3-729623A69DF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{48E38844-3920-40B9-A5A9-23E4205D0006}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4CDB7983-D6E1-4779-898D-02FF7A90D2F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4F8F5732-361F-450B-AEEA-6B370D7187E5}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{55AF4410-BF1B-4808-88FE-D594A0FF9AF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{57704688-837F-40C5-B443-872D98A16714}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{5C397009-3C9F-4251-A9C3-A79E9D58DBDF}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | "{692C4C03-65A6-4D72-92FD-9C13F2F4F5C7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6C9ED932-089E-4C5E-917C-263D09B0D181}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{73F8A36B-479B-4F36-A1BC-7F5FEBE31B28}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{74EA4FC4-773A-4831-A322-BD6CA06EBC02}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{7909F012-F88B-4D59-8AA5-8E73869C202B}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | "{800465BA-73D0-446E-93ED-133F331606F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{87207D77-187C-4EE5-8663-B328072A40AA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{8806DA4F-A918-4590-8DC7-E97F222B0456}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{89282F1B-BDE9-4D13-A4FD-7CFEC92BDEE7}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{8947E538-D856-4512-B18A-692A75AC0389}" = dir=in | app=c:\users\christian\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{9798C755-AAB4-42A8-878F-36C19447B809}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB03E752-067D-48CF-A59C-4F91299D6475}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | "{AE010753-FBBE-43B1-9179-0603B15797FF}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{B5B506DD-0D67-4843-98C1-4034D3FE1432}" = protocol=6 | dir=out | app=system | "{BB324F12-C9EC-42BA-8DD1-77A9931FD381}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C4D526F8-75EE-486D-B942-A11F6F7CD3D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C5BBE7EA-A202-4D5A-A458-F02EA18E1245}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{CFD5122F-7121-4863-8905-F423BC8F7F76}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | "{D0E60950-D502-4CEB-A84E-1563155E4304}" = protocol=17 | dir=in | app=d:\alicecd.exe | "{DBD6C013-E052-461F-ACD9-6E7D5C91FD9F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DCD63F58-6E99-4014-BD65-B8F3BFC5FDA6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DF0336BC-1153-408F-B4E6-345442BD020E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E3C23806-6BC8-4BCA-9D15-327C8FA69E1C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E4CF0C95-001C-4EA0-834D-80C11CA996DC}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{E8682BBF-184A-42D8-8573-3FFDC7A4BB63}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E8D1073A-56E5-4F18-A34A-963726A2120D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EA76791D-002D-46E5-9D9F-3850C58FBC4E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{F02FA7F2-4E09-45D6-80F1-54D46C8D96B6}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{F67EFDD9-C325-4067-A362-5B6FCA3F8F7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{234E8396-93FA-4BF1-8B3D-270061E8BDCC}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe | "TCP Query User{28E3FF6F-74C9-4839-8AE5-A6E87F819A09}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | "TCP Query User{4AC42749-0AC4-4DC2-A0A1-B7DE46DCCEF1}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | "TCP Query User{C83B91B6-97AB-46B6-8D6A-93894832314C}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | "TCP Query User{FB14F227-49F0-45C0-8C10-EC7D3F62614B}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe | "UDP Query User{0F366AE5-565D-43FB-B896-D85278CA9BBB}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | "UDP Query User{1D42D6AC-F9E1-47BF-900A-8DDCCBDA1550}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | "UDP Query User{9B03173A-004B-4685-B427-337D54AD2417}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe | "UDP Query User{C119244D-71C4-4C16-A51A-305E4164DF0E}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe | "UDP Query User{E8076A75-6353-4A55-ABC5-6073913403AE}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{29D90A83-171E-4A78-B6DC-66B76FE52A2C}_is1" = ixPlayer 2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{F1DE10B0-51C2-417F-A3EC-0B443243F1A1}" = Nitro Reader 2 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2523DCE9-47C5-14E5-F315-496B75316B45}" = Zoosk Messenger "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver "{35AC562E-F11A-060C-CD06-70FB80113769}" = simfy "{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}" = pdfforge Toolbar v5.8 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{70D3EBFD-C613-49DB-A444-A4BD720DE1E9}" = Linkury Smartbar "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Avira AntiVir Desktop" = Avira Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "Canon RAW Codec" = Canon RAW Codec "ClickPotatoLiteSA" = ClickPotato "com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger "FreePDF_XP" = FreePDF (Remove only) "Google Chrome" = Google Chrome "GPL Ghostscript 9.04" = GPL Ghostscript "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA-Treiber "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18) "NVIDIA.Updatus" = NVIDIA Updatus "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Picture Style Editor" = Canon Utilities Picture Style Editor "Simfy" = simfy "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite_Wave3" = Windows Live Essentials "Xvid_is1" = Xvid 1.2.1 final uninstall ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "MediaGet" = Der Torrent-Client MediaGet "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.05.2012 04:05:13 | Computer Name = Christian-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 18.0.1025.168, Zeitstempel: 0x4f9b3c24 Name des fehlerhaften Moduls: coreclr.dll, Version: 4.1.10329.0, Zeitstempel: 0x4f740d41 Ausnahmecode: 0x8013150a Fehleroffset: 0x0013d2a6 ID des fehlerhaften Prozesses: 0x1914 Startzeit der fehlerhaften Anwendung: 0x01cd32715e72ee82 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll Berichtskennung: b22cfff5-9e64-11e1-bfcc-1c7508346bc0 Error - 15.05.2012 04:42:01 | Computer Name = Christian-PC | Source = .NET Runtime | ID = 1023 Description = Error - 15.05.2012 04:42:02 | Computer Name = Christian-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 18.0.1025.168, Zeitstempel: 0x4f9b3c24 Name des fehlerhaften Moduls: coreclr.dll, Version: 4.1.10329.0, Zeitstempel: 0x4f740d41 Ausnahmecode: 0x8013150a Fehleroffset: 0x0013d2a6 ID des fehlerhaften Prozesses: 0x24dc Startzeit der fehlerhaften Anwendung: 0x01cd327553aa5bdf Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll Berichtskennung: d719a000-9e69-11e1-bfcc-1c7508346bc0 Error - 16.05.2012 13:12:04 | Computer Name = Christian-PC | Source = .NET Runtime | ID = 1023 Description = Error - 16.05.2012 13:12:06 | Computer Name = Christian-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 18.0.1025.168, Zeitstempel: 0x4f9b3c24 Name des fehlerhaften Moduls: coreclr.dll, Version: 4.1.10329.0, Zeitstempel: 0x4f740d41 Ausnahmecode: 0x8013150a Fehleroffset: 0x0013d2a6 ID des fehlerhaften Prozesses: 0x2624 Startzeit der fehlerhaften Anwendung: 0x01cd333c737b8224 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll Berichtskennung: 42a5b1bb-9f7a-11e1-bfcc-1c7508346bc0 Error - 17.05.2012 05:25:24 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.05.2012 06:42:14 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.05.2012 06:45:02 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 20.05.2012 06:09:55 | Computer Name = Christian-PC | Source = Application Hang | ID = 1002 Description = Programm spotify.exe, Version 0.8.3.222 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e58 Startzeit: 01cd2f3c79abc8fe Endzeit: 921 Anwendungspfad: C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe Berichts-ID: e6111019-a263-11e1-bfcc-1c7508346bc0 Error - 20.05.2012 10:38:14 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 20.05.2012 10:40:25 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. [ Media Center Events ] Error - 11.02.2012 07:00:42 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 12:00:41 - Fehler beim Herstellen der Internetverbindung. 12:00:41 - Serververbindung konnte nicht hergestellt werden.. Error - 11.02.2012 07:00:47 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 12:00:47 - Fehler beim Herstellen der Internetverbindung. 12:00:47 - Serververbindung konnte nicht hergestellt werden.. Error - 28.02.2012 16:08:38 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 21:08:38 - Fehler beim Herstellen der Internetverbindung. 21:08:38 - Serververbindung konnte nicht hergestellt werden.. Error - 28.02.2012 16:08:48 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 21:08:43 - Fehler beim Herstellen der Internetverbindung. 21:08:43 - Serververbindung konnte nicht hergestellt werden.. Error - 28.02.2012 17:25:56 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 22:25:56 - Fehler beim Herstellen der Internetverbindung. 22:25:56 - Serververbindung konnte nicht hergestellt werden.. Error - 28.02.2012 17:26:03 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 22:26:01 - Fehler beim Herstellen der Internetverbindung. 22:26:01 - Serververbindung konnte nicht hergestellt werden.. Error - 28.02.2012 18:26:11 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 23:26:11 - Fehler beim Herstellen der Internetverbindung. 23:26:11 - Serververbindung konnte nicht hergestellt werden.. Error - 28.02.2012 18:26:18 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 23:26:16 - Fehler beim Herstellen der Internetverbindung. 23:26:16 - Serververbindung konnte nicht hergestellt werden.. Error - 07.03.2012 18:12:02 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 23:12:02 - Fehler beim Herstellen der Internetverbindung. 23:12:02 - Serververbindung konnte nicht hergestellt werden.. Error - 07.03.2012 18:12:08 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 23:12:07 - Fehler beim Herstellen der Internetverbindung. 23:12:07 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 11.06.2012 12:42:59 | Computer Name = Christian-PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 904. Error - 11.06.2012 17:59:26 | Computer Name = Christian-PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 904. Error - 12.06.2012 12:49:33 | Computer Name = Christian-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?12.?06.?2012 um 18:47:09 unerwartet heruntergefahren. Error - 12.06.2012 12:50:57 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SSDP-Suche erreicht. Error - 12.06.2012 12:50:57 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSDP-Suche" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.06.2012 12:51:48 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error - 12.06.2012 12:51:48 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.06.2012 12:54:19 | Computer Name = Christian-PC | Source = DCOM | ID = 10010 Description = Error - 14.06.2012 12:37:08 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht. Error - 14.06.2012 12:37:08 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > Hier das Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.15.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Christian :: CHRISTIAN-PC [Administrator] Schutz: Aktiviert 15.06.2012 14:23:53 mbam-log-2012-06-15 (14-23-53).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 410692 Laufzeit: 57 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 28 HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.CntntDic (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.CntntDisp (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.Stock (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.0.517.0 (Adware.HotBar) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790777B076545430AB92 (Malware.Trace) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ClickPotatoLiteSA (Adware.ClickPotato) -> Daten: "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Daten: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Daten: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 19 C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christian\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 20 C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\CntntCntr.dll (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReportsUninstaller.exe (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christian\AppData\Local\Temp\zodqtnwyxy.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=ea180e3de878d9408249c1c91e8db8e3 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-15 03:57:42 # local_time=2012-06-15 05:57:42 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 12937568 12937568 0 0 # compatibility_mode=5893 16776573 100 94 1355 91400456 0 0 # compatibility_mode=8192 67108863 100 0 151 151 0 0 # scanned=192671 # found=9 # cleaned=0 # scan_time=5256 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Users\Christian\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Users\Christian\AppData\Local\Temp\7052DBBF-BAB0-7891-B3C2-7D38BE0A4DA8\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Users\Christian\AppData\Local\Temp\7052DBBF-BAB0-7891-B3C2-7D38BE0A4DA8\Setup.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Windows\Installer\f54e34b.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I Anscheinend hat mein Bekannter den Verschlüsselungstrojaner 2.00.11 - Die eMail stimmt nahezu überein, die Textdatei auf dem Desktop ebenfalls und die Dateien sind augenscheinlich nicht umbenannt worden. - Hoffe das hilft weiter //diesmal habe ich den "edit" Button gefunden - anderer Post war wohl zu alt :/ Viele Grüße Thomas |
18.06.2012, 11:58 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ |
18.06.2012, 13:55 | #3 |
| Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne,
__________________erst mal danke, dass du mir bei dem Thema helfen willst! --> Gerade gemerkt, dass ich einen Schritt vergessen habe - Asche auf mein Haupt.... // habs nun aktualisiert angehängt! Anbei ein neuer OTL Log OTL Log Code:
ATTFilter OTL logfile created on: 18.06.2012 15:14:45 - Run 3 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 58,95% Memory free 7,36 Gb Paging File | 5,67 Gb Available in Paging File | 77,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 322,72 Gb Free Space | 71,29% Space Free | Partition Type: NTFS Drive F: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,46% Space Free | Partition Type: FAT32 Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 16:15:30 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2012.02.08 23:10:36 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.12 18:06:48 | 004,700,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc) SRV - [2010.11.17 18:09:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 16:15:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 16:15:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.24 15:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 07:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.28 04:06:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.06.21 11:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.13 12:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2007.09.17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2012.04.23 18:01:07 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry_nt IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes,DefaultScope = {2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=eea245cd00000000000018f46a895e52 IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=609ABE12-EA01-4ED9-91A6-0419BDB7AA96&apn_sauid=7C96F8C7-9005-489C-ADF8-1D79730BBAEC IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry" FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0 FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.22 21:46:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.22 21:46:40 | 000,000,000 | ---D | M] [2011.02.27 00:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2012.06.15 16:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions [2011.09.19 02:42:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com [2012.06.14 18:43:11 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com [2012.06.14 18:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged [2012.05.09 23:14:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com [2012.02.01 23:00:50 | 000,002,572 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml [2012.05.12 00:47:24 | 000,002,468 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml [2012.06.14 18:43:15 | 000,002,474 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml [2012.01.13 19:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.13 19:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012.01.13 19:30:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.21 07:50:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.19 02:42:28 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.07.21 07:50:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.07.21 07:50:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.07.21 07:50:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.07.21 07:50:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Yahoo! Deutschland (Enabled) CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=827316&p={searchTerms} CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C44FE9DB-6136-40F9-9A08-059A7EF7DD50}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell - "" = AutoRun O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE - (McAfee, Inc.) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: AutoStart PC Studio - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NewPCStudio.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) MsConfig:64bit - StartUpReg: Browser Infrastructure Helper - hkey= - key= - C:\Users\Christian\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar) MsConfig:64bit - StartUpReg: EgisTecPMMUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: EgisUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: ETDWare - hkey= - key= - C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig:64bit - StartUpReg: MediaGet2 - hkey= - key= - C:\Users\Christian\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.16 13:51:23 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Snapshot Disk Imaging [2012.06.16 13:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapshot Disk Imaging [2012.06.16 13:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Snapshot [2012.06.16 11:12:46 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\www.shadowexplorer.com [2012.06.16 11:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer [2012.06.16 11:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer [2012.06.15 16:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.15 16:14:58 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.06.15 14:07:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.06.14 18:40:06 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.14 18:39:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.14 18:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.14 18:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012.05.20 11:21:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi ========== Files - Modified Within 30 Days ========== [2012.06.18 15:02:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.18 14:44:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 14:44:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 14:36:46 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.18 14:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.18 14:35:45 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys [2012.06.16 22:29:05 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job [2012.06.16 13:52:33 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.16 13:52:33 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.16 13:52:33 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.16 13:52:33 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.16 13:52:33 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.16 13:51:24 | 000,001,889 | ---- | M] () -- C:\Users\Christian\Desktop\Snapshot.lnk [2012.06.16 11:12:40 | 000,001,889 | ---- | M] () -- C:\Users\Christian\Desktop\ShadowExplorer.lnk [2012.06.15 14:18:56 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job [2012.06.15 14:07:06 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable [2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.06.14 18:39:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 18:39:20 | 000,001,262 | ---- | M] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk [2012.06.12 10:13:19 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.05 11:29:54 | 000,001,407 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml [2012.06.05 11:29:45 | 000,001,043 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk ========== Files Created - No Company Name ========== [2012.06.16 13:51:24 | 000,001,889 | ---- | C] () -- C:\Users\Christian\Desktop\Snapshot.lnk [2012.06.16 11:12:40 | 000,001,889 | ---- | C] () -- C:\Users\Christian\Desktop\ShadowExplorer.lnk [2012.06.15 14:07:06 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable [2012.06.14 18:39:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 18:39:20 | 000,001,262 | ---- | C] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk [2012.06.05 08:35:31 | 000,001,407 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml [2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.02.01 23:36:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.07.21 08:09:13 | 000,937,001 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.03.03 23:02:22 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.03.03 23:02:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.02.27 00:33:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.25 19:58:17 | 001,527,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.30 11:45:41 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.08.30 11:45:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.08.30 11:45:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.08.30 11:45:40 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.08.30 11:45:39 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe ========== LOP Check ========== [2011.09.19 02:42:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon [2011.10.09 07:25:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.04.08 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\eSobi [2012.02.13 13:49:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreePDF [2012.01.19 05:56:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0 [2011.12.20 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Get LLC [2012.06.10 22:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nitro PDF [2012.04.02 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy [2011.12.25 23:14:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite [2012.04.02 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\pdfforge [2011.07.21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\QuickScan [2012.04.23 23:49:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung [2011.07.09 01:14:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simfy [2012.06.17 00:29:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client [2012.06.15 16:15:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify [2012.04.24 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Temp [2011.02.25 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP [2012.06.16 11:12:46 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\www.shadowexplorer.com [2012.06.15 14:18:56 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job [2012.06.16 22:29:05 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job [2012.02.11 00:54:12 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.02.13 13:11:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Adobe [2012.04.23 16:39:59 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Apple Computer [2012.01.17 23:49:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Avira [2011.09.19 02:42:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon [2011.10.09 07:25:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.02.25 22:03:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\CyberLink [2011.04.08 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\eSobi [2012.02.13 13:49:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreePDF [2012.01.19 05:56:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0 [2011.02.25 19:53:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Identities [2011.02.25 19:54:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Intel Corporation [2011.02.25 19:54:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Macromedia [2012.06.14 18:40:06 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Center Programs [2011.12.20 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Get LLC [2012.04.23 18:43:32 | 000,000,000 | --SD | M] -- C:\Users\Christian\AppData\Roaming\Microsoft [2011.02.27 00:33:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla [2012.06.10 22:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nitro PDF [2012.04.02 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy [2011.12.25 23:14:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite [2012.04.02 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\pdfforge [2011.07.21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\QuickScan [2012.04.23 23:49:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung [2011.07.09 01:14:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simfy [2012.06.17 00:29:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client [2012.06.15 16:15:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify [2012.04.24 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Temp [2011.02.25 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP [2012.06.16 11:12:46 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\www.shadowexplorer.com < %APPDATA%\*.exe /s > [2011.07.09 01:13:59 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Christian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.03.22 16:04:25 | 003,325,832 | ---- | M] (Ask) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe [2012.04.02 15:18:59 | 006,263,712 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\OpenCandy\74F05C1722094B5D854DD3F62F8CBD9C\LinkuryInstallerCHCB_p1v13.exe [2012.04.24 00:03:17 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Christian\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe [2012.03.31 04:38:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\Christian\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012.03.31 04:38:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\Christian\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe [2012.04.23 23:26:13 | 000,069,632 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe [2012.04.23 17:55:03 | 089,280,248 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Christian\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe [2012.05.03 20:20:08 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe [2012.05.03 20:20:08 | 000,932,528 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.04.13 03:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys [2010.04.13 03:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Thomas Geändert von sportsocke (18.06.2012 um 14:28 Uhr) |
18.06.2012, 14:38 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry_nt IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes,DefaultScope = {2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=eea245cd00000000000018f46a895e52 IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=609ABE12-EA01-4ED9-91A6-0419BDB7AA96&apn_sauid=7C96F8C7-9005-489C-ADF8-1D79730BBAEC IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry" FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0 FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9 FF - user.js - File not found [2011.09.19 02:42:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com [2012.06.14 18:43:11 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com [2012.06.14 18:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged [2012.05.09 23:14:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com [2012.02.01 23:00:50 | 000,002,572 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml [2012.05.12 00:47:24 | 000,002,468 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml [2012.06.14 18:43:15 | 000,002,474 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml [2011.09.19 02:42:28 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell - "" = AutoRun O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) :Files C:\Program Files (x86)\Ask.com C:\Program Files (x86)\Common Files\Spigot C:\Program Files (x86)\pdfforge Toolbar C:\Users\Christian\AppData\Roaming\Babylon C:\Program Files (x86)\BabylonToolbar C:\Users\Christian\AppData\Local\Babylon C:\Program Files (x86)\Application Updater :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
18.06.2012, 15:11 | #5 |
| Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne, ist alles so eingetreten wie du sagtest - anbei das Log aus der nach dem Reboot geöffneten Log datei: Code:
ATTFilter All processes killed ========== OTL ========== HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully! HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found. Registry key HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Yahoo" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "chr-greentree_ff&ilc=12&type=827316" removed from browser.search.param.yahoo-fr Prefs.js: "Yahoo" removed from browser.search.selectedEngine Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry" removed from browser.startup.homepage Prefs.js: helperbar@helperbar.com:1.0 removed from extensions.enabledItems Prefs.js: ShopperReports@ShopperReports.com:3.0.517.0 removed from extensions.enabledItems Prefs.js: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0 removed from extensions.enabledItems Prefs.js: toolbar@ask.com:3.14.1.100009 removed from extensions.enabledItems Prefs.js: ffxtlbr@babylon.com:1.1.9 removed from extensions.enabledItems C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\content folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\components folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com\components folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com\chrome\PublisherImages folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com\chrome\images folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com\chrome folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com\components folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com\chrome\PublisherImages folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com\chrome\images folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com\chrome folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\searchplugins folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\logs folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\defaults folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\datastore folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-11-Jan-2012-14-05-20-GMT folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-09-Mar-2011-13-47-07-GMT folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-22-Mar-2011-22-02-37-GMT folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-15-Mar-2011-13-42-30-GMT folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-07-Jul-2011-22-36-04-GMT folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-09-Oct-2011-05-30-17-GMT folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-17-Sep-2011-15-22-43-GMT folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-14-Nov-2011-11-40-27-GMT folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-08-Jul-2011-08-03-26-GMT folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\content folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome folder moved successfully. C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com folder moved successfully. C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml moved successfully. C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml moved successfully. C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully. C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully. C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}\ deleted successfully. File C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav deleted successfully. C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\ not found. File E:\LaunchU3.exe -a not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ApnUpdater\ not found. ========== FILES ========== C:\Program Files (x86)\Ask.com\Updater folder moved successfully. C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully. C:\Program Files (x86)\Ask.com\assets folder moved successfully. C:\Program Files (x86)\Ask.com folder moved successfully. C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully. C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully. C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully. C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully. C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully. C:\Program Files (x86)\Common Files\Spigot folder moved successfully. C:\Program Files (x86)\pdfforge Toolbar\Res\Lang folder moved successfully. C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully. C:\Program Files (x86)\pdfforge Toolbar\IE\5.8 folder moved successfully. C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully. C:\Program Files (x86)\pdfforge Toolbar\FF\chrome folder moved successfully. C:\Program Files (x86)\pdfforge Toolbar\FF folder moved successfully. C:\Program Files (x86)\pdfforge Toolbar folder moved successfully. C:\Users\Christian\AppData\Roaming\Babylon folder moved successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh folder moved successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10 folder moved successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully. C:\Program Files (x86)\BabylonToolbar folder moved successfully. C:\Users\Christian\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully. C:\Users\Christian\AppData\Local\Babylon\Setup folder moved successfully. C:\Users\Christian\AppData\Local\Babylon folder moved successfully. C:\Program Files (x86)\Application Updater folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Christian ->Temp folder emptied: 674226738 bytes ->Temporary Internet Files folder emptied: 272121877 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 122105985 bytes ->Google Chrome cache emptied: 24190719 bytes ->Flash cache emptied: 214234 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 477020412 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes RecycleBin emptied: 795048465 bytes Total Files Cleaned = 2.256,00 mb [EMPTYFLASH] User: All Users User: Christian ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.48.0 log created on 06182012_160245 Files\Folders moved on Reboot... C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot... Viele Grüße Thomas |
18.06.2012, 20:38 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ --> Verschlüsselungs Trojaner - Rechnung von Pearlfection.de |
19.06.2012, 14:05 | #7 |
| Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne, anbei das Log vom TDSS Killer - 2 Sachen wurden gefunden: Code:
ATTFilter 15:01:08.0439 2924 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 15:01:08.0455 2924 ============================================================ 15:01:08.0455 2924 Current date / time: 2012/06/19 15:01:08.0455 15:01:08.0455 2924 SystemInfo: 15:01:08.0455 2924 15:01:08.0455 2924 OS Version: 6.1.7601 ServicePack: 1.0 15:01:08.0455 2924 Product type: Workstation 15:01:08.0455 2924 ComputerName: CHRISTIAN-PC 15:01:08.0455 2924 UserName: Christian 15:01:08.0455 2924 Windows directory: C:\Windows 15:01:08.0455 2924 System windows directory: C:\Windows 15:01:08.0455 2924 Running under WOW64 15:01:08.0455 2924 Processor architecture: Intel x64 15:01:08.0455 2924 Number of processors: 4 15:01:08.0455 2924 Page size: 0x1000 15:01:08.0455 2924 Boot type: Normal boot 15:01:08.0455 2924 ============================================================ 15:01:09.0999 2924 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:01:09.0999 2924 Drive \Device\Harddisk1\DR1 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 15:01:09.0999 2924 ============================================================ 15:01:09.0999 2924 \Device\Harddisk0\DR0: 15:01:09.0999 2924 MBR partitions: 15:01:09.0999 2924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000 15:01:09.0999 2924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000 15:01:09.0999 2924 \Device\Harddisk1\DR1: 15:01:09.0999 2924 MBR partitions: 15:01:09.0999 2924 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x3BA080 15:01:09.0999 2924 ============================================================ 15:01:10.0030 2924 C: <-> \Device\Harddisk0\DR0\Partition1 15:01:10.0030 2924 ============================================================ 15:01:10.0030 2924 Initialize success 15:01:10.0030 2924 ============================================================ 15:01:35.0786 2172 ============================================================ 15:01:35.0786 2172 Scan started 15:01:35.0786 2172 Mode: Manual; SigCheck; TDLFS; 15:01:35.0786 2172 ============================================================ 15:01:36.0301 2172 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 15:01:36.0425 2172 1394ohci - ok 15:01:36.0503 2172 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 15:01:36.0535 2172 ACPI - ok 15:01:36.0597 2172 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 15:01:36.0691 2172 AcpiPmi - ok 15:01:36.0831 2172 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:01:36.0847 2172 AdobeARMservice - ok 15:01:36.0925 2172 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 15:01:36.0940 2172 adp94xx - ok 15:01:37.0003 2172 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 15:01:37.0018 2172 adpahci - ok 15:01:37.0049 2172 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 15:01:37.0049 2172 adpu320 - ok 15:01:37.0096 2172 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 15:01:37.0237 2172 AeLookupSvc - ok 15:01:37.0315 2172 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 15:01:37.0377 2172 AFD - ok 15:01:37.0424 2172 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 15:01:37.0439 2172 agp440 - ok 15:01:37.0471 2172 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 15:01:37.0689 2172 ALG - ok 15:01:37.0783 2172 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 15:01:37.0783 2172 aliide - ok 15:01:37.0814 2172 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 15:01:37.0829 2172 amdide - ok 15:01:37.0845 2172 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 15:01:37.0907 2172 AmdK8 - ok 15:01:37.0939 2172 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 15:01:38.0001 2172 AmdPPM - ok 15:01:38.0048 2172 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 15:01:38.0063 2172 amdsata - ok 15:01:38.0095 2172 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 15:01:38.0110 2172 amdsbs - ok 15:01:38.0141 2172 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 15:01:38.0141 2172 amdxata - ok 15:01:38.0251 2172 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 15:01:38.0266 2172 AntiVirSchedulerService - ok 15:01:38.0297 2172 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 15:01:38.0313 2172 AntiVirService - ok 15:01:38.0375 2172 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 15:01:38.0500 2172 AppID - ok 15:01:38.0516 2172 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 15:01:38.0625 2172 AppIDSvc - ok 15:01:38.0687 2172 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 15:01:38.0750 2172 Appinfo - ok 15:01:38.0781 2172 Application Updater - ok 15:01:38.0812 2172 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 15:01:38.0828 2172 arc - ok 15:01:38.0843 2172 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 15:01:38.0859 2172 arcsas - ok 15:01:38.0890 2172 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 15:01:38.0968 2172 AsyncMac - ok 15:01:39.0015 2172 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 15:01:39.0015 2172 atapi - ok 15:01:39.0093 2172 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 15:01:39.0171 2172 AudioEndpointBuilder - ok 15:01:39.0171 2172 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 15:01:39.0233 2172 AudioSrv - ok 15:01:39.0280 2172 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys 15:01:39.0311 2172 avgntflt - ok 15:01:39.0343 2172 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys 15:01:39.0358 2172 avipbb - ok 15:01:39.0389 2172 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 15:01:39.0405 2172 avkmgr - ok 15:01:39.0467 2172 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 15:01:39.0561 2172 AxInstSV - ok 15:01:39.0623 2172 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 15:01:39.0701 2172 b06bdrv - ok 15:01:39.0748 2172 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 15:01:39.0779 2172 b57nd60a - ok 15:01:39.0951 2172 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe 15:01:39.0967 2172 BBSvc - ok 15:01:40.0013 2172 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe 15:01:40.0029 2172 BBUpdate - ok 15:01:40.0216 2172 BCM43XX (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys 15:01:40.0310 2172 BCM43XX - ok 15:01:40.0419 2172 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 15:01:40.0466 2172 BDESVC - ok 15:01:40.0544 2172 bdfsfltr (66116e0a4da8407ff7f2aaace52b8b54) C:\Windows\system32\DRIVERS\bdfsfltr.sys 15:01:40.0575 2172 bdfsfltr - ok 15:01:40.0606 2172 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 15:01:40.0684 2172 Beep - ok 15:01:40.0778 2172 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 15:01:40.0840 2172 BFE - ok 15:01:40.0918 2172 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 15:01:40.0996 2172 BITS - ok 15:01:41.0059 2172 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 15:01:41.0090 2172 blbdrive - ok 15:01:41.0121 2172 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 15:01:41.0183 2172 bowser - ok 15:01:41.0215 2172 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:01:41.0308 2172 BrFiltLo - ok 15:01:41.0339 2172 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:01:41.0386 2172 BrFiltUp - ok 15:01:41.0417 2172 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 15:01:41.0480 2172 Browser - ok 15:01:41.0511 2172 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 15:01:41.0589 2172 Brserid - ok 15:01:41.0620 2172 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 15:01:41.0651 2172 BrSerWdm - ok 15:01:41.0683 2172 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:01:41.0714 2172 BrUsbMdm - ok 15:01:41.0745 2172 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 15:01:41.0776 2172 BrUsbSer - ok 15:01:41.0792 2172 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 15:01:41.0823 2172 BTHMODEM - ok 15:01:41.0870 2172 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 15:01:41.0932 2172 bthserv - ok 15:01:41.0963 2172 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 15:01:42.0026 2172 cdfs - ok 15:01:42.0073 2172 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 15:01:42.0104 2172 cdrom - ok 15:01:42.0166 2172 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 15:01:42.0229 2172 CertPropSvc - ok 15:01:42.0275 2172 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 15:01:42.0307 2172 circlass - ok 15:01:42.0353 2172 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 15:01:42.0369 2172 CLFS - ok 15:01:42.0431 2172 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:01:42.0447 2172 clr_optimization_v2.0.50727_32 - ok 15:01:42.0478 2172 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:01:42.0478 2172 clr_optimization_v2.0.50727_64 - ok 15:01:42.0556 2172 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:01:42.0572 2172 clr_optimization_v4.0.30319_32 - ok 15:01:42.0603 2172 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:01:42.0619 2172 clr_optimization_v4.0.30319_64 - ok 15:01:42.0634 2172 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 15:01:42.0665 2172 CmBatt - ok 15:01:42.0697 2172 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 15:01:42.0712 2172 cmdide - ok 15:01:42.0759 2172 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 15:01:42.0790 2172 CNG - ok 15:01:42.0821 2172 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 15:01:42.0837 2172 Compbatt - ok 15:01:42.0884 2172 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 15:01:42.0931 2172 CompositeBus - ok 15:01:42.0946 2172 COMSysApp - ok 15:01:42.0977 2172 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 15:01:42.0993 2172 crcdisk - ok 15:01:43.0055 2172 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 15:01:43.0087 2172 CryptSvc - ok 15:01:43.0243 2172 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 15:01:43.0274 2172 cvhsvc - ok 15:01:43.0352 2172 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 15:01:43.0414 2172 DcomLaunch - ok 15:01:43.0461 2172 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 15:01:43.0523 2172 defragsvc - ok 15:01:43.0617 2172 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 15:01:43.0664 2172 DfsC - ok 15:01:43.0742 2172 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 15:01:43.0820 2172 Dhcp - ok 15:01:43.0851 2172 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 15:01:43.0898 2172 discache - ok 15:01:43.0929 2172 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 15:01:43.0945 2172 Disk - ok 15:01:43.0976 2172 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 15:01:44.0038 2172 Dnscache - ok 15:01:44.0085 2172 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 15:01:44.0132 2172 dot3svc - ok 15:01:44.0179 2172 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 15:01:44.0241 2172 DPS - ok 15:01:44.0257 2172 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 15:01:44.0303 2172 drmkaud - ok 15:01:44.0381 2172 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 15:01:44.0397 2172 DsiWMIService - ok 15:01:44.0475 2172 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 15:01:44.0491 2172 DXGKrnl - ok 15:01:44.0537 2172 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 15:01:44.0600 2172 EapHost - ok 15:01:44.0756 2172 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 15:01:44.0834 2172 ebdrv - ok 15:01:44.0959 2172 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 15:01:45.0005 2172 EFS - ok 15:01:45.0115 2172 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 15:01:45.0177 2172 ehRecvr - ok 15:01:45.0208 2172 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 15:01:45.0271 2172 ehSched - ok 15:01:45.0349 2172 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 15:01:45.0380 2172 elxstor - ok 15:01:45.0489 2172 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 15:01:45.0505 2172 ePowerSvc - ok 15:01:45.0598 2172 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 15:01:45.0629 2172 ErrDev - ok 15:01:45.0676 2172 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys 15:01:45.0692 2172 ETD - ok 15:01:45.0739 2172 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 15:01:45.0801 2172 EventSystem - ok 15:01:45.0817 2172 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 15:01:45.0879 2172 exfat - ok 15:01:45.0910 2172 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 15:01:45.0973 2172 fastfat - ok 15:01:46.0051 2172 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 15:01:46.0129 2172 Fax - ok 15:01:46.0160 2172 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 15:01:46.0207 2172 fdc - ok 15:01:46.0238 2172 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 15:01:46.0300 2172 fdPHost - ok 15:01:46.0331 2172 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 15:01:46.0394 2172 FDResPub - ok 15:01:46.0425 2172 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 15:01:46.0441 2172 FileInfo - ok 15:01:46.0456 2172 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 15:01:46.0519 2172 Filetrace - ok 15:01:46.0597 2172 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 15:01:46.0628 2172 FLEXnet Licensing Service - ok 15:01:46.0628 2172 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 15:01:46.0675 2172 flpydisk - ok 15:01:46.0721 2172 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 15:01:46.0737 2172 FltMgr - ok 15:01:46.0799 2172 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 15:01:46.0862 2172 FontCache - ok 15:01:46.0940 2172 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:01:46.0955 2172 FontCache3.0.0.0 - ok 15:01:47.0002 2172 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 15:01:47.0018 2172 FsDepends - ok 15:01:47.0065 2172 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 15:01:47.0065 2172 Fs_Rec - ok 15:01:47.0127 2172 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 15:01:47.0143 2172 fvevol - ok 15:01:47.0174 2172 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 15:01:47.0174 2172 gagp30kx - ok 15:01:47.0252 2172 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 15:01:47.0314 2172 gpsvc - ok 15:01:47.0392 2172 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 15:01:47.0408 2172 GREGService - ok 15:01:47.0470 2172 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:01:47.0486 2172 gupdate - ok 15:01:47.0501 2172 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:01:47.0501 2172 gupdatem - ok 15:01:47.0533 2172 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 15:01:47.0595 2172 hcw85cir - ok 15:01:47.0642 2172 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 15:01:47.0673 2172 HdAudAddService - ok 15:01:47.0720 2172 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 15:01:47.0751 2172 HDAudBus - ok 15:01:47.0798 2172 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 15:01:47.0813 2172 HECIx64 - ok 15:01:47.0829 2172 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 15:01:47.0860 2172 HidBatt - ok 15:01:47.0891 2172 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 15:01:47.0923 2172 HidBth - ok 15:01:47.0954 2172 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 15:01:47.0985 2172 HidIr - ok 15:01:48.0032 2172 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 15:01:48.0079 2172 hidserv - ok 15:01:48.0141 2172 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 15:01:48.0157 2172 HidUsb - ok 15:01:48.0188 2172 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 15:01:48.0250 2172 hkmsvc - ok 15:01:48.0297 2172 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 15:01:48.0359 2172 HomeGroupListener - ok 15:01:48.0406 2172 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 15:01:48.0437 2172 HomeGroupProvider - ok 15:01:48.0484 2172 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 15:01:48.0484 2172 HpSAMD - ok 15:01:48.0578 2172 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 15:01:48.0640 2172 HTTP - ok 15:01:48.0703 2172 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 15:01:48.0703 2172 hwpolicy - ok 15:01:48.0734 2172 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 15:01:48.0749 2172 i8042prt - ok 15:01:48.0796 2172 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys 15:01:48.0812 2172 iaStor - ok 15:01:48.0890 2172 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 15:01:48.0905 2172 IAStorDataMgrSvc - ok 15:01:48.0968 2172 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 15:01:48.0983 2172 iaStorV - ok 15:01:49.0108 2172 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:01:49.0139 2172 idsvc - ok 15:01:49.0545 2172 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys 15:01:49.0873 2172 igfx - ok 15:01:49.0966 2172 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 15:01:49.0982 2172 iirsp - ok 15:01:50.0060 2172 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 15:01:50.0122 2172 IKEEXT - ok 15:01:50.0169 2172 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys 15:01:50.0231 2172 Impcd - ok 15:01:50.0372 2172 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys 15:01:50.0434 2172 IntcAzAudAddService - ok 15:01:50.0575 2172 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys 15:01:50.0637 2172 IntcDAud - ok 15:01:50.0668 2172 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 15:01:50.0684 2172 intelide - ok 15:01:50.0715 2172 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 15:01:50.0746 2172 intelppm - ok 15:01:50.0793 2172 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 15:01:50.0840 2172 IPBusEnum - ok 15:01:50.0871 2172 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:01:50.0933 2172 IpFilterDriver - ok 15:01:50.0996 2172 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 15:01:51.0058 2172 iphlpsvc - ok 15:01:51.0089 2172 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 15:01:51.0136 2172 IPMIDRV - ok 15:01:51.0167 2172 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 15:01:51.0214 2172 IPNAT - ok 15:01:51.0261 2172 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 15:01:51.0339 2172 IRENUM - ok 15:01:51.0355 2172 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 15:01:51.0370 2172 isapnp - ok 15:01:51.0417 2172 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 15:01:51.0433 2172 iScsiPrt - ok 15:01:51.0511 2172 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys 15:01:51.0526 2172 k57nd60a - ok 15:01:51.0573 2172 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 15:01:51.0589 2172 kbdclass - ok 15:01:51.0620 2172 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 15:01:51.0651 2172 kbdhid - ok 15:01:51.0682 2172 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:01:51.0698 2172 KeyIso - ok 15:01:51.0713 2172 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 15:01:51.0729 2172 KSecDD - ok 15:01:51.0745 2172 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 15:01:51.0760 2172 KSecPkg - ok 15:01:51.0791 2172 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 15:01:51.0854 2172 ksthunk - ok 15:01:51.0885 2172 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 15:01:51.0932 2172 KtmRm - ok 15:01:51.0994 2172 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 15:01:52.0057 2172 LanmanServer - ok 15:01:52.0088 2172 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 15:01:52.0135 2172 LanmanWorkstation - ok 15:01:52.0166 2172 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 15:01:52.0244 2172 lltdio - ok 15:01:52.0291 2172 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 15:01:52.0337 2172 lltdsvc - ok 15:01:52.0369 2172 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 15:01:52.0431 2172 lmhosts - ok 15:01:52.0509 2172 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 15:01:52.0540 2172 LMS - ok 15:01:52.0587 2172 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 15:01:52.0603 2172 LSI_FC - ok 15:01:52.0603 2172 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 15:01:52.0618 2172 LSI_SAS - ok 15:01:52.0634 2172 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:01:52.0649 2172 LSI_SAS2 - ok 15:01:52.0681 2172 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:01:52.0681 2172 LSI_SCSI - ok 15:01:52.0712 2172 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 15:01:52.0759 2172 luafv - ok 15:01:52.0821 2172 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 15:01:52.0837 2172 MBAMProtector - ok 15:01:52.0915 2172 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:01:52.0946 2172 MBAMService - ok 15:01:52.0993 2172 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 15:01:53.0024 2172 McComponentHostService - ok 15:01:53.0039 2172 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 15:01:53.0086 2172 Mcx2Svc - ok 15:01:53.0117 2172 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 15:01:53.0133 2172 megasas - ok 15:01:53.0164 2172 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 15:01:53.0180 2172 MegaSR - ok 15:01:53.0211 2172 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:01:53.0273 2172 MMCSS - ok 15:01:53.0289 2172 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 15:01:53.0351 2172 Modem - ok 15:01:53.0398 2172 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 15:01:53.0429 2172 monitor - ok 15:01:53.0476 2172 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 15:01:53.0492 2172 mouclass - ok 15:01:53.0523 2172 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 15:01:53.0539 2172 mouhid - ok 15:01:53.0570 2172 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 15:01:53.0585 2172 mountmgr - ok 15:01:53.0632 2172 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 15:01:53.0632 2172 mpio - ok 15:01:53.0663 2172 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 15:01:53.0710 2172 mpsdrv - ok 15:01:53.0788 2172 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 15:01:53.0866 2172 MpsSvc - ok 15:01:53.0929 2172 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 15:01:53.0975 2172 MRxDAV - ok 15:01:54.0007 2172 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:01:54.0038 2172 mrxsmb - ok 15:01:54.0069 2172 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:01:54.0116 2172 mrxsmb10 - ok 15:01:54.0147 2172 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:01:54.0163 2172 mrxsmb20 - ok 15:01:54.0209 2172 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 15:01:54.0209 2172 msahci - ok 15:01:54.0241 2172 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 15:01:54.0256 2172 msdsm - ok 15:01:54.0287 2172 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 15:01:54.0303 2172 MSDTC - ok 15:01:54.0350 2172 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 15:01:54.0381 2172 Msfs - ok 15:01:54.0397 2172 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 15:01:54.0443 2172 mshidkmdf - ok 15:01:54.0475 2172 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 15:01:54.0490 2172 msisadrv - ok 15:01:54.0537 2172 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 15:01:54.0599 2172 MSiSCSI - ok 15:01:54.0599 2172 msiserver - ok 15:01:54.0631 2172 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 15:01:54.0693 2172 MSKSSRV - ok 15:01:54.0724 2172 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 15:01:54.0755 2172 MSPCLOCK - ok 15:01:54.0771 2172 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 15:01:54.0849 2172 MSPQM - ok 15:01:54.0896 2172 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 15:01:54.0911 2172 MsRPC - ok 15:01:54.0943 2172 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 15:01:54.0958 2172 mssmbios - ok 15:01:54.0989 2172 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 15:01:55.0052 2172 MSTEE - ok 15:01:55.0083 2172 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 15:01:55.0114 2172 MTConfig - ok 15:01:55.0145 2172 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 15:01:55.0161 2172 Mup - ok 15:01:55.0192 2172 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 15:01:55.0208 2172 mwlPSDFilter - ok 15:01:55.0223 2172 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 15:01:55.0239 2172 mwlPSDNServ - ok 15:01:55.0255 2172 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 15:01:55.0270 2172 mwlPSDVDisk - ok 15:01:55.0348 2172 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe 15:01:55.0364 2172 MWLService - ok 15:01:55.0411 2172 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 15:01:55.0489 2172 napagent - ok 15:01:55.0535 2172 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 15:01:55.0582 2172 NativeWifiP - ok 15:01:55.0645 2172 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 15:01:55.0660 2172 NDIS - ok 15:01:55.0707 2172 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 15:01:55.0738 2172 NdisCap - ok 15:01:55.0769 2172 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 15:01:55.0832 2172 NdisTapi - ok 15:01:55.0879 2172 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 15:01:55.0925 2172 Ndisuio - ok 15:01:55.0972 2172 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 15:01:56.0003 2172 NdisWan - ok 15:01:56.0050 2172 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 15:01:56.0097 2172 NDProxy - ok 15:01:56.0128 2172 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 15:01:56.0206 2172 NetBIOS - ok 15:01:56.0253 2172 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 15:01:56.0331 2172 NetBT - ok 15:01:56.0362 2172 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:01:56.0378 2172 Netlogon - ok 15:01:56.0425 2172 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 15:01:56.0471 2172 Netman - ok 15:01:56.0518 2172 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 15:01:56.0565 2172 netprofm - ok 15:01:56.0643 2172 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:01:56.0643 2172 NetTcpPortSharing - ok 15:01:56.0674 2172 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 15:01:56.0690 2172 nfrd960 - ok 15:01:56.0799 2172 NitroReaderDriverReadSpool2 (12d44fd546e32a4201cf3daaf5298ac2) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe 15:01:56.0815 2172 NitroReaderDriverReadSpool2 - ok 15:01:56.0877 2172 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 15:01:56.0939 2172 NlaSvc - ok 15:01:57.0205 2172 NOBU (f5f03fabef7df53a1c78ee6cd8e7ae41) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 15:01:57.0283 2172 NOBU - ok 15:01:57.0376 2172 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 15:01:57.0423 2172 Npfs - ok 15:01:57.0454 2172 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 15:01:57.0485 2172 nsi - ok 15:01:57.0501 2172 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 15:01:57.0563 2172 nsiproxy - ok 15:01:57.0641 2172 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 15:01:57.0688 2172 Ntfs - ok 15:01:57.0782 2172 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 15:01:57.0782 2172 NTI IScheduleSvc - ok 15:01:57.0875 2172 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys 15:01:57.0891 2172 NTIDrvr - ok 15:01:57.0891 2172 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 15:01:57.0969 2172 Null - ok 15:01:58.0484 2172 nvlddmkm (5c3416c9f61809bbdffe6fac0c252520) C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:01:58.0858 2172 nvlddmkm - ok 15:01:58.0983 2172 nvpciflt (10ea8a8bb2978c510f5892fcce62b00d) C:\Windows\system32\DRIVERS\nvpciflt.sys 15:01:58.0999 2172 nvpciflt - ok 15:01:59.0045 2172 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 15:01:59.0061 2172 nvraid - ok 15:01:59.0077 2172 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 15:01:59.0092 2172 nvstor - ok 15:01:59.0139 2172 nvsvc (d9617ef20708dcee76828865122b560f) C:\Windows\system32\nvvsvc.exe 15:01:59.0155 2172 nvsvc - ok 15:01:59.0279 2172 nvUpdatusService (2848e9b51c7a5d3efad44de9834c1d74) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 15:01:59.0326 2172 nvUpdatusService - ok 15:01:59.0420 2172 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 15:01:59.0435 2172 nv_agp - ok 15:01:59.0451 2172 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 15:01:59.0482 2172 ohci1394 - ok 15:01:59.0560 2172 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:01:59.0560 2172 ose - ok 15:01:59.0857 2172 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:01:59.0935 2172 osppsvc - ok 15:02:00.0028 2172 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:02:00.0137 2172 p2pimsvc - ok 15:02:00.0184 2172 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 15:02:00.0200 2172 p2psvc - ok 15:02:00.0262 2172 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 15:02:00.0340 2172 Parport - ok 15:02:00.0403 2172 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 15:02:00.0418 2172 partmgr - ok 15:02:00.0481 2172 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 15:02:00.0559 2172 PcaSvc - ok 15:02:00.0621 2172 pccsmcfd (81b5e63131090879ad6ef9f32109b88d) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 15:02:00.0637 2172 pccsmcfd - ok 15:02:00.0668 2172 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 15:02:00.0683 2172 pci - ok 15:02:00.0699 2172 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 15:02:00.0715 2172 pciide - ok 15:02:00.0777 2172 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 15:02:00.0793 2172 pcmcia - ok 15:02:00.0808 2172 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 15:02:00.0824 2172 pcw - ok 15:02:00.0902 2172 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 15:02:00.0964 2172 PEAUTH - ok 15:02:01.0011 2172 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 15:02:01.0042 2172 PerfHost - ok 15:02:01.0136 2172 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 15:02:01.0214 2172 pla - ok 15:02:01.0276 2172 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 15:02:01.0339 2172 PlugPlay - ok 15:02:01.0370 2172 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 15:02:01.0385 2172 PNRPAutoReg - ok 15:02:01.0417 2172 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:02:01.0432 2172 PNRPsvc - ok 15:02:01.0495 2172 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 15:02:01.0557 2172 PolicyAgent - ok 15:02:01.0588 2172 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 15:02:01.0635 2172 Power - ok 15:02:01.0697 2172 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 15:02:01.0744 2172 PptpMiniport - ok 15:02:01.0775 2172 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 15:02:01.0807 2172 Processor - ok 15:02:01.0853 2172 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 15:02:01.0931 2172 ProfSvc - ok 15:02:01.0963 2172 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:02:01.0978 2172 ProtectedStorage - ok 15:02:02.0025 2172 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 15:02:02.0087 2172 Psched - ok 15:02:02.0165 2172 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 15:02:02.0212 2172 ql2300 - ok 15:02:02.0306 2172 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 15:02:02.0321 2172 ql40xx - ok 15:02:02.0353 2172 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 15:02:02.0368 2172 QWAVE - ok 15:02:02.0384 2172 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 15:02:02.0415 2172 QWAVEdrv - ok 15:02:02.0540 2172 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll 15:02:02.0540 2172 RapiMgr - ok 15:02:02.0571 2172 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 15:02:02.0633 2172 RasAcd - ok 15:02:02.0665 2172 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:02:02.0711 2172 RasAgileVpn - ok 15:02:02.0727 2172 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 15:02:02.0774 2172 RasAuto - ok 15:02:02.0805 2172 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:02:02.0867 2172 Rasl2tp - ok 15:02:02.0914 2172 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 15:02:02.0977 2172 RasMan - ok 15:02:03.0023 2172 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 15:02:03.0070 2172 RasPppoe - ok 15:02:03.0086 2172 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 15:02:03.0148 2172 RasSstp - ok 15:02:03.0195 2172 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 15:02:03.0226 2172 rdbss - ok 15:02:03.0242 2172 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 15:02:03.0257 2172 rdpbus - ok 15:02:03.0273 2172 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:02:03.0335 2172 RDPCDD - ok 15:02:03.0367 2172 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 15:02:03.0413 2172 RDPENCDD - ok 15:02:03.0445 2172 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 15:02:03.0491 2172 RDPREFMP - ok 15:02:03.0523 2172 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 15:02:03.0585 2172 RDPWD - ok 15:02:03.0663 2172 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 15:02:03.0679 2172 rdyboost - ok 15:02:03.0710 2172 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 15:02:03.0757 2172 RemoteAccess - ok 15:02:03.0819 2172 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 15:02:03.0881 2172 RemoteRegistry - ok 15:02:03.0913 2172 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 15:02:03.0991 2172 RpcEptMapper - ok 15:02:04.0022 2172 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 15:02:04.0037 2172 RpcLocator - ok 15:02:04.0100 2172 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 15:02:04.0147 2172 RpcSs - ok 15:02:04.0162 2172 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 15:02:04.0225 2172 rspndr - ok 15:02:04.0271 2172 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys 15:02:04.0287 2172 RSUSBSTOR - ok 15:02:04.0334 2172 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:02:04.0334 2172 SamSs - ok 15:02:04.0381 2172 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 15:02:04.0396 2172 sbp2port - ok 15:02:04.0552 2172 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 15:02:04.0583 2172 SBSDWSCService - ok 15:02:04.0599 2172 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 15:02:04.0646 2172 SCardSvr - ok 15:02:04.0693 2172 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 15:02:04.0755 2172 scfilter - ok 15:02:04.0833 2172 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 15:02:04.0895 2172 Schedule - ok 15:02:04.0927 2172 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 15:02:04.0973 2172 SCPolicySvc - ok 15:02:04.0989 2172 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 15:02:05.0020 2172 SDRSVC - ok 15:02:05.0083 2172 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 15:02:05.0145 2172 secdrv - ok 15:02:05.0176 2172 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 15:02:05.0223 2172 seclogon - ok 15:02:05.0254 2172 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 15:02:05.0317 2172 SENS - ok 15:02:05.0332 2172 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 15:02:05.0395 2172 SensrSvc - ok 15:02:05.0410 2172 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 15:02:05.0441 2172 Serenum - ok 15:02:05.0488 2172 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 15:02:05.0504 2172 Serial - ok 15:02:05.0535 2172 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 15:02:05.0566 2172 sermouse - ok 15:02:05.0707 2172 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 15:02:05.0738 2172 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 15:02:05.0738 2172 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 15:02:05.0785 2172 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 15:02:05.0831 2172 SessionEnv - ok 15:02:05.0909 2172 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files (x86)\ShadowExplorer\sesvc.exe 15:02:05.0925 2172 sesvc ( UnsignedFile.Multi.Generic ) - warning 15:02:05.0925 2172 sesvc - detected UnsignedFile.Multi.Generic (1) 15:02:05.0972 2172 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 15:02:06.0034 2172 sffdisk - ok 15:02:06.0034 2172 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 15:02:06.0065 2172 sffp_mmc - ok 15:02:06.0097 2172 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 15:02:06.0128 2172 sffp_sd - ok 15:02:06.0159 2172 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 15:02:06.0175 2172 sfloppy - ok 15:02:06.0237 2172 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 15:02:06.0253 2172 Sftfs - ok 15:02:06.0331 2172 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 15:02:06.0362 2172 sftlist - ok 15:02:06.0393 2172 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 15:02:06.0393 2172 Sftplay - ok 15:02:06.0424 2172 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 15:02:06.0424 2172 Sftredir - ok 15:02:06.0455 2172 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 15:02:06.0471 2172 Sftvol - ok 15:02:06.0518 2172 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 15:02:06.0533 2172 sftvsa - ok 15:02:06.0580 2172 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 15:02:06.0643 2172 SharedAccess - ok 15:02:06.0689 2172 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 15:02:06.0767 2172 ShellHWDetection - ok 15:02:06.0814 2172 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:02:06.0814 2172 SiSRaid2 - ok 15:02:06.0830 2172 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 15:02:06.0845 2172 SiSRaid4 - ok 15:02:06.0877 2172 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 15:02:06.0923 2172 Smb - ok 15:02:06.0970 2172 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 15:02:07.0001 2172 SNMPTRAP - ok 15:02:07.0033 2172 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 15:02:07.0033 2172 spldr - ok 15:02:07.0111 2172 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 15:02:07.0142 2172 Spooler - ok 15:02:07.0298 2172 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 15:02:07.0423 2172 sppsvc - ok 15:02:07.0516 2172 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 15:02:07.0563 2172 sppuinotify - ok 15:02:07.0625 2172 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 15:02:07.0688 2172 srv - ok 15:02:07.0735 2172 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 15:02:07.0766 2172 srv2 - ok 15:02:07.0813 2172 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 15:02:07.0828 2172 srvnet - ok 15:02:07.0859 2172 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 15:02:07.0922 2172 SSDPSRV - ok 15:02:07.0953 2172 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 15:02:08.0000 2172 SstpSvc - ok 15:02:08.0078 2172 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys 15:02:08.0093 2172 ss_bbus - ok 15:02:08.0171 2172 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys 15:02:08.0187 2172 ss_bmdfl - ok 15:02:08.0218 2172 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys 15:02:08.0234 2172 ss_bmdm - ok 15:02:08.0265 2172 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 15:02:08.0281 2172 stexstor - ok 15:02:08.0327 2172 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 15:02:08.0374 2172 stisvc - ok 15:02:08.0405 2172 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 15:02:08.0421 2172 swenum - ok 15:02:08.0468 2172 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 15:02:08.0515 2172 swprv - ok 15:02:08.0608 2172 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 15:02:08.0671 2172 SysMain - ok 15:02:08.0827 2172 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 15:02:08.0889 2172 TabletInputService - ok 15:02:08.0936 2172 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 15:02:08.0998 2172 TapiSrv - ok 15:02:09.0014 2172 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 15:02:09.0076 2172 TBS - ok 15:02:09.0217 2172 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 15:02:09.0263 2172 Tcpip - ok 15:02:09.0451 2172 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 15:02:09.0497 2172 TCPIP6 - ok 15:02:09.0591 2172 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 15:02:09.0653 2172 tcpipreg - ok 15:02:09.0685 2172 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 15:02:09.0731 2172 TDPIPE - ok 15:02:09.0747 2172 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 15:02:09.0778 2172 TDTCP - ok 15:02:09.0825 2172 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 15:02:09.0872 2172 tdx - ok 15:02:09.0903 2172 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 15:02:09.0919 2172 TermDD - ok 15:02:09.0950 2172 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 15:02:10.0028 2172 TermService - ok 15:02:10.0059 2172 TFsExDisk - ok 15:02:10.0075 2172 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 15:02:10.0090 2172 Themes - ok 15:02:10.0121 2172 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:02:10.0168 2172 THREADORDER - ok 15:02:10.0184 2172 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 15:02:10.0231 2172 TrkWks - ok 15:02:10.0309 2172 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 15:02:10.0355 2172 TrustedInstaller - ok 15:02:10.0402 2172 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:02:10.0449 2172 tssecsrv - ok 15:02:10.0511 2172 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 15:02:10.0527 2172 TsUsbFlt - ok 15:02:10.0589 2172 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 15:02:10.0652 2172 tunnel - ok 15:02:10.0683 2172 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 15:02:10.0683 2172 uagp35 - ok 15:02:10.0714 2172 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys 15:02:10.0730 2172 UBHelper - ok 15:02:10.0777 2172 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 15:02:10.0839 2172 udfs - ok 15:02:10.0870 2172 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 15:02:10.0917 2172 UI0Detect - ok 15:02:10.0948 2172 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 15:02:10.0964 2172 uliagpkx - ok 15:02:10.0995 2172 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 15:02:11.0042 2172 umbus - ok 15:02:11.0073 2172 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 15:02:11.0104 2172 UmPass - ok 15:02:11.0276 2172 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 15:02:11.0323 2172 UNS - ok 15:02:11.0385 2172 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 15:02:11.0401 2172 Updater Service - ok 15:02:11.0494 2172 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 15:02:11.0557 2172 upnphost - ok 15:02:11.0603 2172 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 15:02:11.0666 2172 usbccgp - ok 15:02:11.0681 2172 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 15:02:11.0728 2172 usbcir - ok 15:02:11.0744 2172 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 15:02:11.0775 2172 usbehci - ok 15:02:11.0837 2172 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 15:02:11.0869 2172 usbhub - ok 15:02:11.0900 2172 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 15:02:11.0947 2172 usbohci - ok 15:02:11.0978 2172 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 15:02:12.0009 2172 usbprint - ok 15:02:12.0056 2172 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:02:12.0118 2172 USBSTOR - ok 15:02:12.0134 2172 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 15:02:12.0165 2172 usbuhci - ok 15:02:12.0227 2172 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 15:02:12.0259 2172 usbvideo - ok 15:02:12.0290 2172 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 15:02:12.0352 2172 UxSms - ok 15:02:12.0383 2172 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:02:12.0399 2172 VaultSvc - ok 15:02:12.0415 2172 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 15:02:12.0430 2172 vdrvroot - ok 15:02:12.0493 2172 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 15:02:12.0555 2172 vds - ok 15:02:12.0586 2172 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 15:02:12.0617 2172 vga - ok 15:02:12.0633 2172 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 15:02:12.0680 2172 VgaSave - ok 15:02:12.0711 2172 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 15:02:12.0727 2172 vhdmp - ok 15:02:12.0742 2172 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 15:02:12.0758 2172 viaide - ok 15:02:12.0789 2172 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 15:02:12.0789 2172 volmgr - ok 15:02:12.0851 2172 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 15:02:12.0867 2172 volmgrx - ok 15:02:12.0914 2172 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 15:02:12.0929 2172 volsnap - ok 15:02:12.0976 2172 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 15:02:12.0992 2172 vsmraid - ok 15:02:13.0070 2172 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 15:02:13.0148 2172 VSS - ok 15:02:13.0241 2172 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 15:02:13.0288 2172 vwifibus - ok 15:02:13.0304 2172 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 15:02:13.0335 2172 vwififlt - ok 15:02:13.0366 2172 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 15:02:13.0397 2172 vwifimp - ok 15:02:13.0444 2172 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 15:02:13.0491 2172 W32Time - ok 15:02:13.0522 2172 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 15:02:13.0585 2172 WacomPen - ok 15:02:13.0631 2172 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 15:02:13.0678 2172 WANARP - ok 15:02:13.0678 2172 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 15:02:13.0725 2172 Wanarpv6 - ok 15:02:13.0943 2172 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 15:02:13.0975 2172 WatAdminSvc - ok 15:02:14.0068 2172 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 15:02:14.0131 2172 wbengine - ok 15:02:14.0209 2172 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 15:02:14.0255 2172 WbioSrvc - ok 15:02:14.0380 2172 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll 15:02:14.0396 2172 WcesComm - ok 15:02:14.0458 2172 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 15:02:14.0505 2172 wcncsvc - ok 15:02:14.0536 2172 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 15:02:14.0583 2172 WcsPlugInService - ok 15:02:14.0630 2172 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 15:02:14.0645 2172 Wd - ok 15:02:14.0677 2172 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 15:02:14.0708 2172 Wdf01000 - ok 15:02:14.0723 2172 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:02:14.0817 2172 WdiServiceHost - ok 15:02:14.0817 2172 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:02:14.0848 2172 WdiSystemHost - ok 15:02:14.0895 2172 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 15:02:14.0926 2172 WebClient - ok 15:02:14.0957 2172 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 15:02:15.0020 2172 Wecsvc - ok 15:02:15.0035 2172 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 15:02:15.0098 2172 wercplsupport - ok 15:02:15.0129 2172 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 15:02:15.0191 2172 WerSvc - ok 15:02:15.0254 2172 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 15:02:15.0285 2172 WfpLwf - ok 15:02:15.0301 2172 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 15:02:15.0316 2172 WIMMount - ok 15:02:15.0363 2172 WinDefend - ok 15:02:15.0363 2172 WinHttpAutoProxySvc - ok 15:02:15.0425 2172 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 15:02:15.0472 2172 Winmgmt - ok 15:02:15.0597 2172 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 15:02:15.0691 2172 WinRM - ok 15:02:15.0831 2172 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 15:02:15.0847 2172 WinUsb - ok 15:02:15.0925 2172 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 15:02:15.0940 2172 Wlansvc - ok 15:02:15.0987 2172 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 15:02:15.0987 2172 WmiAcpi - ok 15:02:16.0049 2172 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 15:02:16.0081 2172 wmiApSrv - ok 15:02:16.0143 2172 WMPNetworkSvc - ok 15:02:16.0174 2172 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 15:02:16.0190 2172 WPCSvc - ok 15:02:16.0237 2172 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 15:02:16.0252 2172 WPDBusEnum - ok 15:02:16.0283 2172 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 15:02:16.0330 2172 ws2ifsl - ok 15:02:16.0346 2172 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 15:02:16.0361 2172 wscsvc - ok 15:02:16.0361 2172 WSearch - ok 15:02:16.0502 2172 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 15:02:16.0564 2172 wuauserv - ok 15:02:16.0673 2172 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 15:02:16.0736 2172 WudfPf - ok 15:02:16.0798 2172 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:02:16.0829 2172 WUDFRd - ok 15:02:16.0876 2172 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 15:02:16.0907 2172 wudfsvc - ok 15:02:16.0939 2172 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 15:02:17.0017 2172 WwanSvc - ok 15:02:17.0063 2172 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 15:02:17.0485 2172 \Device\Harddisk0\DR0 - ok 15:02:17.0485 2172 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR1 15:02:27.0219 2172 \Device\Harddisk1\DR1 - ok 15:02:27.0219 2172 Boot (0x1200) (d11a3c0d755b08870c6636a38d27480c) \Device\Harddisk0\DR0\Partition0 15:02:27.0219 2172 \Device\Harddisk0\DR0\Partition0 - ok 15:02:27.0235 2172 Boot (0x1200) (d5595b2c1d606b6bfbec330ae1844bef) \Device\Harddisk0\DR0\Partition1 15:02:27.0235 2172 \Device\Harddisk0\DR0\Partition1 - ok 15:02:27.0250 2172 Boot (0x1200) (3788bffe46a880db33de5065e49ec0f3) \Device\Harddisk1\DR1\Partition0 15:02:27.0250 2172 \Device\Harddisk1\DR1\Partition0 - ok 15:02:27.0250 2172 ============================================================ 15:02:27.0250 2172 Scan finished 15:02:27.0250 2172 ============================================================ 15:02:27.0266 3784 Detected object count: 2 15:02:27.0266 3784 Actual detected object count: 2 15:02:45.0924 3784 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 15:02:45.0924 3784 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:02:45.0924 3784 sesvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:02:45.0924 3784 sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip Thomas |
19.06.2012, 21:35 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
20.06.2012, 15:27 | #9 |
| Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne, anbei das Log von Combofix - habe leider zu voreilig das Programm von einem USB Stick gestartet - hoffe, dass es keine Beeinträchtigung mit sich gezogen hat :/ Code:
ATTFilter ComboFix 12-06-20.01 - Christian 20.06.2012 16:09:55.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3767.2374 [GMT 2:00] ausgeführt von:: F:\ComboFix.exe AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\boost_interprocess\20120620160421.109999 c:\programdata\boost_interprocess\20120620160421.109999\Nobu64AgentService c:\programdata\boost_interprocess\20120620160421.109999\Nobu64TrayIcon c:\programdata\FullRemove.exe c:\users\Christian\1043.MST c:\windows\SysWow64\DEBUG.log c:\windows\SysWow64\muzapp.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-20 bis 2012-06-20 )))))))))))))))))))))))))))))) . . 2012-06-18 14:02 . 2012-06-18 14:02 -------- d-----w- C:\_OTL 2012-06-16 11:51 . 2012-06-16 11:51 -------- d-----w- c:\program files (x86)\Snapshot 2012-06-16 09:12 . 2012-06-16 09:12 -------- d-----w- c:\users\Christian\AppData\Roaming\www.shadowexplorer.com 2012-06-16 09:12 . 2012-06-16 09:12 -------- d-----w- c:\program files (x86)\ShadowExplorer 2012-06-15 14:27 . 2012-06-15 14:27 -------- d-----w- c:\program files (x86)\ESET 2012-06-14 16:40 . 2012-06-14 16:40 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes 2012-06-14 16:39 . 2012-06-14 16:39 -------- d-----w- c:\programdata\Malwarebytes 2012-06-14 16:39 . 2012-06-14 16:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-14 16:39 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-14 16:39 . 2012-06-18 14:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-06-14 16:39 . 2012-06-14 16:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-06-12 14:54 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED6FBDC8-40CE-4BF0-B23C-E7579D679CB1}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-08 14:15 . 2012-01-17 21:44 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-08 14:15 . 2012-01-17 21:44 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-04-23 16:01 . 2011-12-25 21:10 24064 ----a-w- c:\windows\SysWow64\FsExService64.Exe 2012-04-23 16:01 . 2011-12-25 21:10 16392 ----a-w- c:\windows\SysWow64\drivers\TFsExDisk.Sys 2012-04-23 16:00 . 2007-10-25 16:26 5632 ----a-w- c:\windows\SysWow64\drivers\StarOpen.sys 2012-04-22 19:59 . 2012-04-22 19:59 3686400 ----a-w- c:\users\Christian\Samsung New PC Studio USB Driver Installer.msi 2012-03-31 06:05 . 2012-05-09 22:37 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 04:39 . 2012-05-09 22:37 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-09 22:37 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10 . 2012-05-09 22:37 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 11:35 . 2012-05-09 22:37 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-28 20:11 . 2012-04-23 21:48 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll 2012-03-28 20:11 . 2012-03-28 20:11 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-03-28 20:11 . 2012-03-28 20:11 325552 ----a-w- c:\windows\MASetupCaller.dll 2012-03-28 20:11 . 2012-03-28 20:11 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-03-28 20:11 . 2012-03-28 20:11 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll 2012-03-28 20:11 . 2012-03-28 20:11 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll 2012-03-28 20:11 . 2012-03-28 20:11 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll 2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll 2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll 2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll 2012-03-28 20:11 . 2012-03-28 20:11 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax 2012-03-28 20:11 . 2012-03-28 20:11 491520 ----a-w- c:\windows\SysWow64\muzapp.dll 2012-03-28 20:11 . 2012-03-28 20:11 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll 2012-03-28 20:11 . 2012-03-28 20:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll 2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll 2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll 2012-03-28 20:11 . 2012-03-28 20:11 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll 2012-03-28 20:11 . 2012-03-28 20:11 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll 2012-03-28 20:11 . 2012-03-28 20:11 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax 2012-03-28 20:11 . 2012-03-28 20:11 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll 2012-03-28 20:11 . 2012-03-28 20:11 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe 2012-03-28 20:11 . 2012-03-28 20:11 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll 2012-03-28 20:11 . 2012-03-28 20:11 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll 2012-03-28 20:11 . 2012-03-28 20:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax 2012-03-28 20:11 . 2012-03-28 20:11 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll 2012-03-28 20:11 . 2012-03-28 20:11 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax 2012-03-28 20:11 . 2012-03-28 20:11 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax 2012-03-28 20:11 . 2012-03-28 20:11 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll 2012-03-28 20:11 . 2012-03-28 20:11 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax 2012-03-28 20:11 . 2012-04-23 21:47 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe [2012-5-17 200704] ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [2012-4-17 142848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 136176] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-02-08 343032] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-10-27 1620584] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe [2011-01-02 9216] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-06-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job - c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 23:23] . 2012-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job - c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 23:23] . 2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 23:31] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 23:31] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uStart Page = uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-Run-NPSStartup - (no file) AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-06-20 16:23:45 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-06-20 14:23 . Vor Suchlauf: 10 Verzeichnis(se), 352.231.174.144 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 351.733.059.584 Bytes frei . - - End Of File - - D9867B3C5AB41E8EDDD675D48FB58EFD Thomas |
20.06.2012, 15:48 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
20.06.2012, 19:09 | #11 |
| Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne, GMER funktionierte irgendwie nicht Anbei OSAM + aswMBR logs OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:34:34 on 20.06.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Google Inc. Google Chrome 19.0.1084.56 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job" - "Facebook Inc." - C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job" - "Facebook Inc." - C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "bdfsfltr" (bdfsfltr) - "BitDefender" - C:\Windows\System32\DRIVERS\bdfsfltr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NTIDrvr" (NTIDrvr) - "NTI Corporation" - C:\Windows\system32\drivers\NTIDrvr.sys "Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys "Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys "Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys "Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys "TFsExDisk" (TFsExDisk) - ? - C:\Windows\System32\Drivers\TFsExDisk.sys (File not found) "UBHelper" (UBHelper) - "NTI Corporation" - C:\Windows\system32\drivers\UBHelper.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout64" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? - (File not found | COM-object registry key not found) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Facebook Messenger.lnk" - "Facebook" - C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Shortcut exists | File exists) "ZooskMessenger.lnk" - ? - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Nitro PDF Port Monitor" - "Nitro PDF Software" - C:\Windows\system32\nitrolocalmon2.dll "pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll "Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Application Updater" (Application Updater) - ? - "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" (File not found) "Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe "Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe "BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe "Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE "Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe "NitroPDFReaderDriverCreatorReadSpool2" (NitroReaderDriverReadSpool2) - "Nitro PDF Software" - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe "Norton Online Backup" (NOBU) - "Symantec Corporation" - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe "ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files (x86)\ShadowExplorer\sesvc.exe "Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-06-20 19:36:35 ----------------------------- 19:36:35.764 OS Version: Windows x64 6.1.7601 Service Pack 1 19:36:35.764 Number of processors: 4 586 0x2505 19:36:35.780 ComputerName: CHRISTIAN-PC UserName: Christian 19:36:37.683 Initialize success 19:36:58.156 AVAST engine defs: 12062001 19:37:15.613 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 19:37:15.628 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3 19:37:15.644 Disk 0 MBR read successfully 19:37:15.660 Disk 0 MBR scan 19:37:15.660 Disk 0 Windows 7 default MBR code 19:37:15.675 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048 19:37:15.691 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024 19:37:15.691 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463526 MB offset 27469824 19:37:15.722 Disk 0 scanning C:\Windows\system32\drivers 19:37:26.704 Service scanning 19:37:55.783 Modules scanning 19:37:55.798 Disk 0 trace - called modules: 19:37:55.830 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 19:37:55.830 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80070e6060] 19:37:55.845 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800510d050] 19:37:57.764 AVAST engine scan C:\Windows 19:38:02.210 AVAST engine scan C:\Windows\system32 19:40:50.800 AVAST engine scan C:\Windows\system32\drivers 19:41:03.904 AVAST engine scan C:\Users\Christian 20:02:29.673 AVAST engine scan C:\ProgramData 20:05:01.992 Scan finished successfully 20:06:47.199 Disk 0 MBR has been saved successfully to "F:\Neuer Ordner\MBR.dat" 20:06:47.230 The log file has been saved successfully to "F:\Neuer Ordner\aswMBR.txt" |
21.06.2012, 10:10 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
21.06.2012, 18:31 | #13 |
| Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne, anbei die Logs von Malwarebytes und SASW - SASW hat 931 Teile gefunden - aber größtenteils nur tracking Cookies - die kann ich mit dem Tool doch direkt löschen oder? (Habe noch nix unternommen und das Tool noch offen gelassen) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.21.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Christian :: CHRISTIAN-PC [Administrator] Schutz: Deaktiviert 21.06.2012 16:09:37 mbam-log-2012-06-21 (16-09-37).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 403525 Laufzeit: 45 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/21/2012 at 07:22 PM Application Version : 5.1.1002 Core Rules Database Version : 8772 Trace Rules Database Version: 6584 Scan type : Complete Scan Total Scan Time : 02:12:11 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Administrator Memory items scanned : 693 Memory threats detected : 0 Registry items scanned : 69689 Registry threats detected : 0 File items scanned : 178405 File threats detected : 931 Adware.Tracking Cookie C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@cts.metricsdirect[2].txt [ /cts.metricsdirect ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@cts.zroitracker[2].txt [ /cts.zroitracker ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@msnportal.112.2o7[2].txt [ /msnportal.112.2o7 ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@www.windowsmedia[2].txt [ /www.windowsmedia ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\PI02B2VN.txt [ /fastclick.net ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\0ULAVK72.txt [ /track.adform.net ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\KOGMOH16.txt [ /smartadserver.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\IZ4KIDMD.txt [ /ad.zanox.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\9416XNUM.txt [ /microsoftwllivemkt.112.2o7.net ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\UI2O16CP.txt [ /zanox.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\FYHGO4CA.txt [ /mediaplex.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\GSMBR3VZ.txt [ /ad1.adfarm1.adition.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\9UA8BKLE.txt [ /tracking.quisma.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\XNYPNJ9U.txt [ /apmebf.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\KZH75YX2.txt [ /www.zanox-affiliate.de ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\9YCB9K68.txt [ /www.adxpansion.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\YCJ8ZGWI.txt [ /adxpansion.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\82EP05NU.txt [ /adfarm1.adition.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\Y8N0ZQ8S.txt [ /doubleclick.net ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\ETN01ZG6.txt [ /atdmt.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\EQCP9RTR.txt [ /bs.serving-sys.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\6OMGF33P.txt [ /serving-sys.com ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\2PS4PTYR.txt [ /adform.net ] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\YPWRW072.txt [ /zanox-affiliate.de ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VZ9FEVNK.txt [ Cookie:christian@hightraffic.hugoboss.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BD3IUD22.txt [ Cookie:christian@fastclick.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7U9LU7JF.txt [ Cookie:christian@track.adform.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJKO0U7O.txt [ Cookie:christian@tradedoubler.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TN697KMX.txt [ Cookie:christian@specificclick.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BV85XJ3.txt [ Cookie:christian@pornfish.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OI9CNXIT.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1018081631/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZZ15HZKB.txt [ Cookie:christian@eas4.emediate.eu/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2A4O7K2G.txt [ Cookie:christian@questionmarket.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W28QZVCG.txt [ Cookie:christian@ad.zanox.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0YF6I6M.txt [ Cookie:christian@clkads.com/adServe/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@de.sitestat[1].txt [ Cookie:christian@de.sitestat.com/is24/is24/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YZ9S91QH.txt [ Cookie:christian@msnportal.112.2o7.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@adultmatchfirm[2].txt [ Cookie:christian@adultmatchfirm.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QAPES0RD.txt [ Cookie:christian@zanox.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T3FQGBJK.txt [ Cookie:christian@fl01.ct2.comclick.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@www.trendstats[2].txt [ Cookie:christian@www.trendstats.nl/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LC5APZK8.txt [ Cookie:christian@ads.247activemedia.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4NUI6JJ7.txt [ Cookie:christian@yadro.ru/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\P6KR89AP.txt [ Cookie:christian@ad1.adfarm1.adition.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NWIQLVPN.txt [ Cookie:christian@exoclick.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QOGLXWWQ.txt [ Cookie:christian@traffictrack.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IROD8M99.txt [ Cookie:christian@leylines.solution.weborama.fr/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@partypoker[2].txt [ Cookie:christian@partypoker.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ZQ65VQP.txt [ Cookie:christian@tracking.quisma.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AKO0QZCR.txt [ Cookie:christian@de.pornhub.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3FDQ0CDG.txt [ Cookie:christian@hitbox.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IY99ZHNN.txt [ Cookie:christian@clkads.com/adServe/banners ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B00G8MSD.txt [ Cookie:christian@clkads.com/adServe/static/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@dealtime[1].txt [ Cookie:christian@dealtime.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NN623ANL.txt [ Cookie:christian@my.brandwire.tv/Brandwire/deliverAd/flashBannerXml/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9H4BVXST.txt [ Cookie:christian@ads.ventivmedia.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LU2TJPSY.txt [ Cookie:christian@adtech.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\78DIY6SF.txt [ Cookie:christian@adsrv1.admediate.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PPAVJ9D.txt [ Cookie:christian@media6degrees.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KCCYSA0I.txt [ Cookie:christian@vodafonegroup.122.2o7.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\88OKWHCR.txt [ Cookie:christian@imrworldwide.com/cgi-bin ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N5LMNO04.txt [ Cookie:christian@www.etracker.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWY0CVCW.txt [ Cookie:christian@www.pornhubgold.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\94W3PC9H.txt [ Cookie:christian@ad3.adfarm1.adition.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8N1HGBUJ.txt [ Cookie:christian@h.atdmt.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DLXW0UTY.txt [ Cookie:christian@adfarm1.adition.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9LE0X7DG.txt [ Cookie:christian@ero-advertising.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SU9KE5L6.txt [ Cookie:christian@adultfriendfinder.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MBBOK7T.txt [ Cookie:christian@doubleclick.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@ads.zeusclicks[1].txt [ Cookie:christian@ads.zeusclicks.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@stat.dealtime[1].txt [ Cookie:christian@stat.dealtime.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ETRLO18Q.txt [ Cookie:christian@unitymedia.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DBZPJKIZ.txt [ Cookie:christian@stats.bmw.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F0UO6QB0.txt [ Cookie:christian@pornhubgold.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXJ8FYQY.txt [ Cookie:christian@eyewonder.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BWFSR65R.txt [ Cookie:christian@statse.webtrendslive.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WD8QINBE.txt [ Cookie:christian@2o7.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@da-tracking[2].txt [ Cookie:christian@da-tracking.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5IPZXTNS.txt [ Cookie:christian@adform.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9RYCAH9G.txt [ Cookie:christian@youporn.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T1NR6OG6.txt [ Cookie:christian@accounts.google.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QKD95X92.txt [ Cookie:christian@counter.sexsuche.tv/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U56BTNFB.txt [ Cookie:christian@de.sitestat.com/hamburg/hamburg/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XW946E8P.txt [ Cookie:christian@atdmt.combing.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z53H2XDR.txt [ Cookie:christian@track.effiliation.com/servlet/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\668HSEIW.txt [ Cookie:christian@adxpose.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UVT3P9W9.txt [ Cookie:christian@zedo.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PT94EJJ6.txt [ Cookie:christian@pornbanana.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJ0R0E1A.txt [ Cookie:christian@revsci.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VG8P1BT2.txt [ Cookie:christian@trafficholder.com/cgi-bin/traffic/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2PYANH2Y.txt [ Cookie:christian@de.sitestat.com/laola1/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SY8W1XPM.txt [ Cookie:christian@ihg.db.advertising.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YLW5IQ2B.txt [ Cookie:christian@sunporno.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\00YSCQ7M.txt [ Cookie:christian@sex-area.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BHHEESB.txt [ Cookie:christian@markussexblog.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0QDDVNVV.txt [ Cookie:christian@advertising.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VPFKXV2F.txt [ Cookie:christian@www.sunporno.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NIO14EC5.txt [ Cookie:christian@ehg-gaddispartners.hitbox.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q8OXR0IP.txt [ Cookie:christian@invitemedia.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\06TF4ZMF.txt [ Cookie:christian@eas.apm.emediate.eu/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8Y8KKNH1.txt [ Cookie:christian@www.freeporn.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OWAZHAB5.txt [ Cookie:christian@openx.sexsearchcom.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4DGN64E6.txt [ Cookie:christian@www.1malemedia.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SEKVE1A1.txt [ Cookie:christian@www.office-discount.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WINM6IEN.txt [ Cookie:christian@sexkiste.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8047SJNV.txt [ Cookie:christian@ads.crakmedia.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KMSBIGIP.txt [ Cookie:christian@insightexpressai.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1UF6X56L.txt [ Cookie:christian@xxx-freeporn.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8Z3ENHMM.txt [ Cookie:christian@overture.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ED1EOMRL.txt [ Cookie:christian@orgasms.xxx/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1BZ56LC.txt [ Cookie:christian@de.sitestat.com/sueddeutscher/stuttgarter-nachrichten/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J6VB85YQ.txt [ Cookie:christian@www.office-discount.de/webapp/wcs/stores/servlet/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\P17NHX0O.txt [ Cookie:christian@vagosex.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3DGOUXKZ.txt [ Cookie:christian@www.adxpansion.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y9492324.txt [ Cookie:christian@adserver.anschlusstor.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\52YRGBIH.txt [ Cookie:christian@www.sexarena.tv/ultimate/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\A3Y2WN4N.txt [ Cookie:christian@www.vagosex.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@adserver2.exgfnetwork[1].txt [ Cookie:christian@adserver2.exgfnetwork.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BJVRQA83.txt [ Cookie:christian@clicksor.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GK62BC5.txt [ Cookie:christian@ad4.adfarm1.adition.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZOBO4IJS.txt [ Cookie:christian@ads2.zeusclicks.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WY5NBZK8.txt [ Cookie:christian@amateur-porno-tgp.com/st/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z8R0YR5U.txt [ Cookie:christian@pornhublive.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PAWAW6JZ.txt [ Cookie:christian@amateur-porno-tgp.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KI5N7GCV.txt [ Cookie:christian@adxpansion.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJ8MVW54.txt [ Cookie:christian@pornrabbit.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VT1GFFIQ.txt [ Cookie:christian@ad.adserver01.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OQ161INY.txt [ Cookie:christian@de.sitestat.com/titus/de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6IGHOS67.txt [ Cookie:christian@de.sitestat.com/hamburg/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VXK5BAHH.txt [ Cookie:christian@gonzoxxxmovies.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@track.effiliation[1].txt [ Cookie:christian@track.effiliation.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4J5O89G0.txt [ Cookie:christian@atdmt.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IN08RXT7.txt [ Cookie:christian@bs.serving-sys.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWGD8SG2.txt [ Cookie:christian@tracker.pegsanalytics.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3C7H03P.txt [ Cookie:christian@de.sitestat.com/laola1/hsv-de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CITQAX1M.txt [ Cookie:christian@deutschepostag.112.2o7.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FXWZ33EC.txt [ Cookie:christian@adserver02.profiwerber.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BARZ4AAI.txt [ Cookie:christian@zanox-affiliate.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2D67TT40.txt [ Cookie:christian@content.yieldmanager.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E6CKJWLG.txt [ Cookie:christian@freeporn.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LDXQKKH8.txt [ Cookie:christian@mediacorp.112.2o7.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZI9012M7.txt [ Cookie:christian@guj.122.2o7.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6018D06F.txt [ Cookie:christian@google.de/intl/de/ads/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S0O3FQDJ.txt [ Cookie:christian@in.getclicky.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UOQWX1Q3.txt [ Cookie:christian@server.adform.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\REF3B0VF.txt [ Cookie:christian@userporn.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZHKY1R4.txt [ Cookie:christian@amazon-adsystem.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2BWCWQS.txt [ Cookie:christian@toplist.eu/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7XBV65VW.txt [ Cookie:christian@rts.pgmediaserve.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IMETRC1H.txt [ Cookie:christian@ad1.dyntracker.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NH2NIO2E.txt [ Cookie:christian@tribalfusion.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4G5WFL16.txt [ Cookie:christian@a.revenuemax.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OMMLQ2L7.txt [ Cookie:christian@xm.xtendmedia.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5GVJVAZI.txt [ Cookie:christian@girlsteachsex.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1R0R5N1R.txt [ Cookie:christian@clickbank.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\83GI44ET.txt [ Cookie:christian@yieldmanager.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9QC4EE90.txt [ Cookie:christian@ru4.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MD5ETWZA.txt [ Cookie:christian@vesseltracker.abendblatt.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ULC6SERD.txt [ Cookie:christian@www.adultrevads.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9R1JIVI1.txt [ Cookie:christian@www.pornbanana.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJA12WNY.txt [ Cookie:christian@tracking.hrs.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CCLNDFYQ.txt [ Cookie:christian@media.gan-online.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\83KVOIST.txt [ Cookie:christian@kontera.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EO0SNASQ.txt [ Cookie:christian@dyntracker.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FY5ECRUD.txt [ Cookie:christian@tracking.oe24.at// ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\22A891NH.txt [ Cookie:christian@counters.gigya.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4RLL7INK.txt [ Cookie:christian@de.sitestat.com/laola1/laola1-tv/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2TD3Z41M.txt [ Cookie:christian@tracking.mlsat02.de/tmobile/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNXST0Q1.txt [ Cookie:christian@myroitracking.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XHA4EYZL.txt [ Cookie:christian@adx.chip.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0TVN5ZV4.txt [ Cookie:christian@banner.holidaycheck.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3JS6S90O.txt [ Cookie:christian@ads.quartermedia.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JE8RZSLR.txt [ Cookie:christian@advertising.fussball-liveticker.eu/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UL5XWGYR.txt [ Cookie:christian@ads2.bartime.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZUH669AG.txt [ Cookie:christian@free.socialsexnetwork.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W1UCT9G9.txt [ Cookie:christian@de.sitestat.com/is24-community/is24-community/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JH24U7FA.txt [ Cookie:christian@cbs.112.2o7.net/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6XV21O51.txt [ Cookie:christian@legolas-media.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0DHR19W.txt [ Cookie:christian@pornhub.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VMATP4TL.txt [ Cookie:christian@ad2.adfarm1.adition.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\33FQDQRW.txt [ Cookie:christian@c.atdmt.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C91BRQ9A.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1069159172/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F26XJWU1.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1058396328/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZPCF9IY9.txt [ Cookie:christian@vesseltracker.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S8X25DA8.txt [ Cookie:christian@ad.yieldmanager.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DD2TPYAO.txt [ Cookie:christian@www.clickygo.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KR63KLKW.txt [ Cookie:christian@euros4click.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NCH6B8MJ.txt [ Cookie:christian@fr.sitestat.com/eurosport/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E4E0O6E3.txt [ Cookie:christian@www.rungisexpress.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\766CNK2S.txt [ Cookie:christian@www.burstnet.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\R9CWOJMP.txt [ Cookie:christian@delivery.atkmedia.de/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5BOI0HV.txt [ Cookie:christian@toplist.cz/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8GWIEG2M.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1047508216/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CUHJX3U8.txt [ Cookie:christian@mediaservices-d.openxenterprise.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IY5IDGZ4.txt [ Cookie:christian@trackfox2.com/ ] C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U3FH7374.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1041485753/ ] C:\USERS\CHRISTIAN\Cookies\PI02B2VN.txt [ Cookie:christian@fastclick.net/ ] C:\USERS\CHRISTIAN\Cookies\0ULAVK72.txt [ Cookie:christian@track.adform.net/ ] C:\USERS\CHRISTIAN\Cookies\IZ4KIDMD.txt [ Cookie:christian@ad.zanox.com/ ] C:\USERS\CHRISTIAN\Cookies\christian@msnportal.112.2o7[2].txt [ Cookie:christian@msnportal.112.2o7.net/ ] C:\USERS\CHRISTIAN\Cookies\UI2O16CP.txt [ Cookie:christian@zanox.com/ ] C:\USERS\CHRISTIAN\Cookies\GSMBR3VZ.txt [ Cookie:christian@ad1.adfarm1.adition.com/ ] C:\USERS\CHRISTIAN\Cookies\9UA8BKLE.txt [ Cookie:christian@tracking.quisma.com/ ] C:\USERS\CHRISTIAN\Cookies\9YCB9K68.txt [ Cookie:christian@www.adxpansion.com/ ] C:\USERS\CHRISTIAN\Cookies\christian@cts.metricsdirect[2].txt [ Cookie:christian@cts.metricsdirect.com/ ] C:\USERS\CHRISTIAN\Cookies\YCJ8ZGWI.txt [ Cookie:christian@adxpansion.com/ ] C:\USERS\CHRISTIAN\Cookies\82EP05NU.txt [ Cookie:christian@adfarm1.adition.com/ ] C:\USERS\CHRISTIAN\Cookies\Y8N0ZQ8S.txt [ Cookie:christian@doubleclick.net/ ] C:\USERS\CHRISTIAN\Cookies\ETN01ZG6.txt [ Cookie:christian@atdmt.com/ ] C:\USERS\CHRISTIAN\Cookies\EQCP9RTR.txt [ Cookie:christian@bs.serving-sys.com/ ] C:\USERS\CHRISTIAN\Cookies\2PS4PTYR.txt [ Cookie:christian@adform.net/ ] C:\USERS\CHRISTIAN\Cookies\YPWRW072.txt [ Cookie:christian@zanox-affiliate.de/ ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .microsoftwllivemkt.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .eyewonder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .a.revenuemax.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .overture.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .advertstream.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ru4.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .xiti.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .msnportal.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .guj.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .lfstmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .lfstmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ad-emea.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ad-emea.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ads2.bartime.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] wstat.wibiya.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] eas4.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .lfstmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .enoratraffic.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .eyewonder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .specificclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .gostats.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .histats.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .histats.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .statcounter.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .statcounter.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] 7.rotator.wigetmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .histats.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .bwincom.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .overture.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornme.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornme.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.pornme.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tto2.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.3gnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.klicktel.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ads2.bartime.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .collective-media.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .interclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .interclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .at.atwola.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .foodporndaily.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .foodporndaily.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ads.ventivmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ads.crakmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .alphaporno-de.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .alphaporno-de.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adnetwork.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] stat.easydate.biz [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] stat.ed.cupidplc.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] secure.img-cdn.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .overture.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ww1.alphaporno-de.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .parispornmovies.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .parispornmovies.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.alphateenies.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.alphateenies.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .alphaporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .alphaporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.trackingindahouse.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .77tracking.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adinterax.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adinterax.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] stat.onestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] stat.onestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .legolas-media.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .legolas-media.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .legolas-media.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .syndication.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .syndication.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .sexad.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.3gnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adserver1.mokono.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] server.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .static.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .xm.xtendmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] statse.webtrendslive.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ad-emea.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .e-2dj6wdk4wgc5wco.stats.esomniture.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .stepstone.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] eas4.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .warnerbros.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad1.emediate.dk [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad1.emediate.dk [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] media.gan-online.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .bs.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adxpansion.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] hellporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .hellporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .hellporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.activetraffic.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.activetraffic.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.brighteroption.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.brighteroption.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.brighteroption.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.brighteroption.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.ardmediathek.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] studivz.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] studivz.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adviva.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.mindshare.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .lucidmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .skydeutschland.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .clickfuse.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .clickfuse.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] mediathek.daserste.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] mediathek.daserste.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mm.chitika.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .statcounter.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.sim-technik.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .quartermedia.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad3.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] server.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.google.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.netdebit-counter.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .myroitracking.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .clicksor.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .clicksor.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .gostats.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] 7.rotator.wigetmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.dyntracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad1.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .questionmarket.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .questionmarket.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad4.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] mediathek.daserste.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] banners.victor.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .banners.victor.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .unitymedia.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .unitymedia.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zanox.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] partners.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ww251.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .clickfuse.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .bs.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad2.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@LIVEPERSON[3].TXT [ /LIVEPERSON ] C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@XITI[1].TXT [ /XITI ] C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@WEBORAMA[2].TXT [ /WEBORAMA ] C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@WWW.ADULT-MATCHFIRM[1].TXT [ /WWW.ADULT-MATCHFIRM ] C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@ADS.GLISPA[2].TXT [ /ADS.GLISPA ] C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@WWW.PIXELTRACK66[2].TXT [ /WWW.PIXELTRACK66 ] C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@LIVEPERSON[1].TXT [ /LIVEPERSON ] C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@SERVER.IAD.LIVEPERSON[2].TXT [ /SERVER.IAD.LIVEPERSON ] C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@TRACKING.3GNET[1].TXT [ /TRACKING.3GNET ] .adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.vagosex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ads.crakmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .statcounter.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adtech.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .sevenoneintermedia.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] track.advolution.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .overture.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .overture.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad.adserver01.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.free-porn.at.pn [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] adserver.itsfogo.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.gfuck.org [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .yadro.ru [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .youporn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .parispornmovies.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .sunporno.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adxpansion.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .freetube8porn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .gostats.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.porno-hub.at [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.porno-hub.at [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornocino.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .longporntube.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .mofosex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .zedo.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad4.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad2.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .lusthaus2.bannerdealer.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .xiti.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adviva.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] eas4.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] eas4.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornerbros.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .de.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .de.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .profilbanner.me [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .usenext.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .usenext.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .snapfish.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .lfstmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] rotator.adjuggler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] rotator.adjuggler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .moviepilot.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] adsrv.admediate.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] adsrv.admediate.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] mediapartner.bigpoint.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .blog.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .sexkiste.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .sexkiste.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.free-sexfilms.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .dmtracker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .free-sexfilms.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .diesexkiste.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] count.multirella.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .fuckshow.org [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .elitepornos.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornme.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .microsoftwllivemkt.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.pornlongvideos.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .porntube.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .gfuck.org [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.freeadulttube.org [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] tracking.gameforge.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] pornhubhd.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornhubhd.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .crazyhomesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adultadworld.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .server.cpmstar.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .advertising.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .trackmatics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .thomascookag.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .kontera.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .independent.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornrabbit.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .facebookofsex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.pornme.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornhubgold.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornhitz.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] in.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] counters.gigya.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ru4.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ru4.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] stats.o2crew.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] stats.o2crew.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .msnportal.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] statse.webtrendslive.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.elitepartner.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .elitepartner.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .elitemedianet.d3.sc.omtrdc.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornrabbit.videosz.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .cuntstube.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .naiadsystems.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .porn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.porn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad.adition.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad.adition.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .guj.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .yieldmanager.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adserver.adtechus.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .overture.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pumpmyteenass.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .freesexdump.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .dafuckbook.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .dafuckbook.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .freesexdoor.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .freesexdoor.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .freesexdoor.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .freeporn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .sexgoesmobile.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .vodafonegroup.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .realmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .realmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .realmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .stepstone.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] tracker.pegsanalytics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] tracker.pegsanalytics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.hausfrauensex69.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.sexseiten.cc [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.ipad-sex.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.sexseiten.cc [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornhome.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .sexkontakt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .sexgeizkragen.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.sexgeizkragen.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.sexkontakte.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.sexcounter.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .hansesex.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .viewablemedia.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .a.revenuemax.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adviva.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .track.gridlockparadise.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] www.adultrevads.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .sexybundestag.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] static.sunporno.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .www.tracktec.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] labelfinder.gq-magazin.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .labelfinder.gq-magazin.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .labelfinder.gq-magazin.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .hardsextube.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] adserver2.exgfnetwork.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .de.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .de.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .de.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .heussmedia.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .bs.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ads.ventivmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] adserv.chirurgie-portal.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .eyewonder.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .eyewonder.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .mediaran.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .dealtime.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] stat.dealtime.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] tags.trackinganalytics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] tags.trackinganalytics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .microsoftwlsearchcrm.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] count.asnetworks.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .histats.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .histats.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .syndication.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .syndication.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .sunporno.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .enoratraffic.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .pornrabbit.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .track.gridlockparadise.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad3.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .hightraffic.hugoboss.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] labelfinder.vogue.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .thelabelfinder.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .www.thelabelfinder.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .www.thelabelfinder.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .static.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .liveperson.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .liveperson.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad.piximedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ads2.bartime.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .bauermedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .bauermedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] leads.383media.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] leads.383media.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] ad1.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .calumetphoto.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] tracking.sim-technik.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] .c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ] |
21.06.2012, 19:35 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
22.06.2012, 12:57 | #15 |
| Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne, danke für den Tipp und natürlich ein großes Dankeschön für deine super Hilfe!!! Das System läuft jetzt wieder super, wie es soll - lediglich die Dateien sind durch die Verschlüsselung unbrauchbar (die die ich jetzt getestet habe) Ich nehme an, dass der folgende Link aktuell ist und es darüber hinaus keine Möglichkeiten gibt die Dateien wieder her zu stellen? http://www.trojaner-board.de/114783-...ubersicht.html Ansonsten muss ich mich, bzw. in dem FAlle mein Bekannter, gedulden, bis es dafür eine Lösung gibt (wer kein Backup macht ist wohl selber schuld ) Des Weiteren habe ich meinem Bekannten mal gebeten mir die Zip wie gewünscht in eml Format zur Verfügung zu stellen, damit ich Euch die Daten übersenden kann! Viele Grüße Thomas |
Themen zu Verschlüsselungs Trojaner - Rechnung von Pearlfection.de |
administrator, adware.clickpotato, adware.hotbar, adware.hotbar.cp, adware.questbrowse, adware.seekmo, adware.shopperreports, anlage, autostart, babylon toolbar, babylontoolbar, bingbar, candy, canon, dateien, dateisystem, e-mail, explorer, heuristiks/extra, heuristiks/shuriken, install.exe, launch, limited.com/facebook, locker, löschen, malware.trace, microsoft office starter 2010, mozilla, mywinlocker, nvpciflt.sys, opencandy, pdfforge toolbar, plug-in, programm, richtlinie, safer networking, searchscopes, security scan, shopperreports, smartbar, spotify web helper, temp, trojan.agent, update, usb 2.0, user agent, version=1.0, virus, wichtige daten, win32/toolbar.babylon |