| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs Trojaner - Rechnung von Pearlfection.deWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.06.2012, 20:58
| #1 | |||
| |  Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo liebe Community, ich habe ein Notebook von einem Bekannten in die Hand gedrückt bekommen, der von einem netten und für mich neue Art eines Trojaners befallen ist. Folgende Informationen habe ich von meinem Bekannten bekommen: Er hat eine E-Mail von Pearlfection.de über einen hohen 4 stelligen Betrag erhalten und hat vor schreck die Anlage geöffnet - das war eine "Rechnung" als zip Format. Nachdem er diese Rechnung geöffnet hatte wurden sämtliche Word Dateien etc. verschlüsselt und es wurde eine Textdatei erstellt auf dem Desktop mit Folgendem Inhalt: Zitat:
Ich habe erstmal alle Systemstarts deaktiviert (msconfig --> Systemstarts), alle Virenscanner deaktiviert und daraufhin einen vollen Scan mit Malwarebytes durchgeführt. (ich habe mich aus Unkenntnis mit dem Programm noch nicht getraut den Butonn "alles Löschen" zu drücken. Folgende Log habe ich erhalten: Zitat:
Zitat:
Da durchaus wichtige Daten auf dem PC sind habe ich noch keine weiteren Schritte eingeleitet. Ich bin zwar relativ Firm im Umgang mit PCs (FiSi) allerdings habe ich Angst, dass die Daten unwiederruflich zerstört sind. Könnt Ihr mich vlt auf meinen Schritten begleiten um meinen Bekannten von dem Befall zu befreien und die Daten zu behalten? Über jeden Tipp wäre ich Dankbar. Viele Grüße Thomas Hallo, habe nochmal OTL und fogger durchlaufen lassen. Fogger hat nichts gefunden. OTL.txt hat folgenden Inhalt Code:
ATTFilter OTL logfile created on: 15.06.2012 14:08:16 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 51,32% Memory free 7,36 Gb Paging File | 5,23 Gb Available in Paging File | 71,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 324,38 Gb Free Space | 71,66% Space Free | Partition Type: NTFS Drive D: | 3,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,64% Space Free | Partition Type: FAT32 Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe PRC - [2012.06.12 18:44:59 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Christian\AppData\Local\MediaGet2\mediaget.exe PRC - [2012.05.25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012.05.13 20:25:32 | 000,019,768 | ---- | M] (Smartbar) -- C:\Users\Christian\AppData\Local\Smartbar\Application\Linkury.exe PRC - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 16:15:30 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.03 20:20:08 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe PRC - [2012.05.03 20:20:08 | 000,932,528 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.04.23 18:00:21 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2012.04.16 01:23:59 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.29 00:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.02.28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.02.22 10:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.06.12 18:44:59 | 011,742,440 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtWebKit4.dll MOD - [2012.06.12 18:44:59 | 008,227,560 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtGui4.dll MOD - [2012.06.12 18:44:59 | 002,554,088 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtXmlPatterns4.dll MOD - [2012.06.12 18:44:59 | 002,430,184 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtDeclarative4.dll MOD - [2012.06.12 18:44:59 | 002,297,576 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtCore4.dll MOD - [2012.06.12 18:44:59 | 002,267,368 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\libvlccore.dll MOD - [2012.06.12 18:44:59 | 001,298,152 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtScript4.dll MOD - [2012.06.12 18:44:59 | 000,979,176 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtNetwork4.dll MOD - [2012.06.12 18:44:59 | 000,343,784 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtXml4.dll MOD - [2012.06.12 18:44:59 | 000,224,488 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\imageformats\qmng4.dll MOD - [2012.06.12 18:44:59 | 000,200,424 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\imageformats\qjpeg4.dll MOD - [2012.06.12 18:44:59 | 000,195,304 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtSql4.dll MOD - [2012.06.12 18:44:59 | 000,105,192 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\libvlc.dll MOD - [2012.06.12 18:44:59 | 000,030,440 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\imageformats\qgif4.dll MOD - [2012.05.13 20:26:22 | 000,016,184 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll MOD - [2012.05.13 20:26:18 | 000,024,888 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll MOD - [2012.05.13 20:26:16 | 000,019,256 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll MOD - [2012.05.13 20:26:12 | 000,013,112 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll MOD - [2012.05.13 20:26:08 | 000,067,896 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll MOD - [2012.05.13 20:26:06 | 000,331,576 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.FilesManager.dll MOD - [2012.05.13 20:26:06 | 000,034,616 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll MOD - [2012.05.13 20:26:02 | 000,015,672 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll MOD - [2012.05.13 20:26:00 | 000,078,648 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll MOD - [2012.05.13 20:25:54 | 000,018,232 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll MOD - [2012.05.13 20:25:52 | 000,054,584 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll MOD - [2012.05.13 20:25:42 | 000,011,576 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll MOD - [2012.05.13 20:25:40 | 000,028,472 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll MOD - [2012.05.13 20:25:38 | 000,013,112 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll MOD - [2012.05.13 20:25:38 | 000,012,088 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll MOD - [2012.05.13 20:25:34 | 001,218,360 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll MOD - [2012.05.13 20:25:34 | 000,080,696 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll MOD - [2012.05.13 20:25:32 | 000,542,008 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll MOD - [2012.05.13 20:24:30 | 000,046,904 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\MACTrackBarLib.dll MOD - [2012.05.13 20:24:18 | 000,025,400 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\de\Smartbar.GUI.MainClient.resources.dll MOD - [2012.05.10 08:35:02 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll MOD - [2012.05.10 07:41:16 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll MOD - [2012.05.10 07:38:28 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\59a5af8e3ea07f7980e0476d2da234cd\System.Web.Services.ni.dll MOD - [2012.05.10 07:38:25 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll MOD - [2012.05.10 07:38:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 07:38:11 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll MOD - [2012.05.10 07:38:10 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012.05.10 07:38:09 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.10 07:37:25 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.05.10 07:37:12 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.05.10 07:36:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.10 07:36:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.10 07:36:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.10 07:36:17 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.03 20:20:08 | 020,101,120 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2012.05.03 20:20:08 | 000,932,528 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.04.02 15:36:52 | 000,910,648 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2012.04.02 15:36:50 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2012.04.02 15:36:49 | 000,145,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll MOD - [2010.11.18 02:28:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2010.06.29 00:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2010.02.28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2012.02.08 23:10:36 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.12 18:06:48 | 004,700,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.11.17 18:09:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 16:15:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 16:15:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.24 15:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 07:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.28 04:06:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.06.21 11:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.13 12:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2007.09.17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2012.04.23 18:01:07 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry_nt IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes,DefaultScope = {2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=eea245cd00000000000018f46a895e52 IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=609ABE12-EA01-4ED9-91A6-0419BDB7AA96&apn_sauid=7C96F8C7-9005-489C-ADF8-1D79730BBAEC IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry" FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0 FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011.03.03 23:00:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions [2011.03.03 23:00:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.22 21:46:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.22 21:46:40 | 000,000,000 | ---D | M] [2011.02.27 00:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2012.06.14 18:43:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions [2011.09.19 02:42:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com [2012.06.14 18:43:11 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com [2012.06.14 18:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged [2012.05.09 23:14:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com [2012.02.01 23:00:50 | 000,002,572 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml [2012.05.12 00:47:24 | 000,002,468 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml [2012.06.14 18:43:15 | 000,002,474 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml [2012.01.13 19:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.13 19:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012.01.13 19:30:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.21 07:50:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.19 02:42:28 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.07.21 07:50:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.07.21 07:50:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.07.21 07:50:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.07.21 07:50:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Yahoo! Deutschland (Enabled) CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=827316&p={searchTerms} CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [ClickPotatoLiteSA] "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe" File not found O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [AutoStart PC Studio] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NewPCStudio.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Browser Infrastructure Helper] C:\Users\Christian\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Facebook Update] C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [MediaGet2] C:\Users\Christian\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Spotify] C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C44FE9DB-6136-40F9-9A08-059A7EF7DD50}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell - "" = AutoRun O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.15 14:07:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.06.14 18:40:06 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.14 18:39:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.14 18:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.14 18:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012.05.20 11:21:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.18 04:29:48 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook ========== Files - Modified Within 30 Days ========== [2012.06.15 14:07:06 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable [2012.06.15 14:04:45 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.15 14:04:43 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job [2012.06.15 14:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.15 10:22:16 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job [2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.06.14 18:43:17 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 18:43:17 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 18:39:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 18:39:34 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 18:39:34 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 18:39:34 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 18:39:34 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 18:39:34 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.14 18:39:20 | 000,001,262 | ---- | M] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk [2012.06.14 18:34:08 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.14 18:33:41 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys [2012.06.12 10:13:19 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.05 11:29:54 | 000,001,407 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml [2012.06.05 11:29:45 | 000,001,043 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2012.05.18 04:29:49 | 000,001,344 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ========== Files Created - No Company Name ========== [2012.06.15 14:07:06 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable [2012.06.14 18:39:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 18:39:20 | 000,001,262 | ---- | C] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk [2012.06.05 08:35:31 | 000,001,407 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml [2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.02.01 23:36:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.07.21 08:09:13 | 000,937,001 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.03.03 23:02:22 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.03.03 23:02:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.02.27 00:33:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.25 19:58:17 | 001,527,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.30 11:45:41 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.08.30 11:45:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.08.30 11:45:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.08.30 11:45:40 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.08.30 11:45:39 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe ========== LOP Check ========== [2011.09.19 02:42:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon [2011.10.09 07:25:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.04.08 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\eSobi [2012.02.13 13:49:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreePDF [2012.01.19 05:56:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0 [2011.12.20 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Get LLC [2012.06.10 22:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nitro PDF [2012.04.02 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy [2011.12.25 23:14:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite [2012.04.02 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\pdfforge [2011.07.21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\QuickScan [2012.04.23 23:49:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung [2011.03.03 23:00:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ShopperReports3 [2011.07.09 01:14:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simfy [2012.06.14 14:05:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client [2012.06.14 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify [2012.04.24 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Temp [2011.02.25 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP [2012.06.15 10:22:16 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job [2012.06.15 14:04:43 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job [2012.02.11 00:54:12 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.06.2012 14:08:16 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 51,32% Memory free
7,36 Gb Paging File | 5,23 Gb Available in Paging File | 71,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 324,38 Gb Free Space | 71,66% Space Free | Partition Type: NTFS
Drive D: | 3,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,64% Space Free | Partition Type: FAT32
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10857FF3-734D-45A3-80FA-F39369D04356}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{161E8734-C1CC-49AD-BD4E-735E71FF030A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{230DC425-49D3-404F-ABE4-307BBEE6004E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DDAB82D-A683-4241-AAF5-58FB6D7B8BA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{41A3161B-8C48-4453-AD02-1F96928800BA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{58180E4F-3503-4B2D-BFA2-4A323A700F48}" = rport=137 | protocol=17 | dir=out | app=system |
"{5FC2DFA1-60E4-436E-A573-3CB62F4E20C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{616173E2-BB5A-40B5-8715-B8E899E8944B}" = rport=138 | protocol=17 | dir=out | app=system |
"{66C86EE0-2D3A-4440-AACD-5BEB8542024B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B4A0B2A-B75F-40CC-95AD-19F0483392B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BC72F9F-8EFC-4991-989D-1085EAA06BA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{87FF08D8-1254-462F-8888-DC5D6192DE09}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{99A110CA-C174-4442-B06F-F50E82C12D56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CFD2095-FE98-44EB-8993-E3764D9D1E53}" = lport=139 | protocol=6 | dir=in | app=system |
"{AC16C13F-F71C-42BA-AE6A-79E0CCB5E27B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AEA86731-8348-4878-842C-869113AC646C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8E23DE0-53A5-4835-B2F8-FE7CDEDC8FA2}" = rport=139 | protocol=6 | dir=out | app=system |
"{B9E5EBD9-872F-4C79-852B-620A66E62ADC}" = lport=137 | protocol=17 | dir=in | app=system |
"{C111084D-C3B3-4356-9FCF-F1ABB528A8EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C61E10A9-4960-4589-8FF7-21829547AC68}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CD6BE791-3401-474B-AB7F-FC97D9A13BC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9357A0B-53FC-4340-B1E8-865320AF9C2D}" = rport=445 | protocol=6 | dir=out | app=system |
"{FA92B3BA-6F55-4025-BE79-B5A7909406EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEFAAC15-9DBF-4FFA-B2AB-FD66B09D1B1D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF1CA649-B3BD-44A4-84A6-CFC7FC5E9CEA}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090253AD-C4D0-4F79-8BFE-9F150D79839D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B084B26-9548-471A-9A37-0C6FC1FB475A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{0DDF194E-4DA1-4252-AB3E-345112F8A67A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{153D2E66-CCFB-4867-AF6A-E47BB1024F07}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{1F586E89-AB16-4F7C-B44E-5944766FB512}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2201BD05-0B95-4C03-9CF5-BCFC92E5B055}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2B3DFD1C-48AF-46B8-B34D-175B4D37F2CC}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{2DEB3814-A9A1-432C-A3C3-55F4A53237A4}" = protocol=6 | dir=in | app=d:\alicecd.exe |
"{2E9D5C3D-8D1A-4C80-AD17-6CAAF26351BB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{30C41EDF-8E61-4A8A-AE9A-9D0278FE3FCB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{366DA055-E4B3-4AFC-BBC9-31BCD9EB0D67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3DA502C7-D292-4187-A459-33F98AC03664}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{4894F62B-2D64-4D39-AFF3-729623A69DF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48E38844-3920-40B9-A5A9-23E4205D0006}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4CDB7983-D6E1-4779-898D-02FF7A90D2F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F8F5732-361F-450B-AEEA-6B370D7187E5}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{55AF4410-BF1B-4808-88FE-D594A0FF9AF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57704688-837F-40C5-B443-872D98A16714}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5C397009-3C9F-4251-A9C3-A79E9D58DBDF}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"{692C4C03-65A6-4D72-92FD-9C13F2F4F5C7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6C9ED932-089E-4C5E-917C-263D09B0D181}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73F8A36B-479B-4F36-A1BC-7F5FEBE31B28}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{74EA4FC4-773A-4831-A322-BD6CA06EBC02}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7909F012-F88B-4D59-8AA5-8E73869C202B}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{800465BA-73D0-446E-93ED-133F331606F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87207D77-187C-4EE5-8663-B328072A40AA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8806DA4F-A918-4590-8DC7-E97F222B0456}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89282F1B-BDE9-4D13-A4FD-7CFEC92BDEE7}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{8947E538-D856-4512-B18A-692A75AC0389}" = dir=in | app=c:\users\christian\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9798C755-AAB4-42A8-878F-36C19447B809}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB03E752-067D-48CF-A59C-4F91299D6475}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"{AE010753-FBBE-43B1-9179-0603B15797FF}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{B5B506DD-0D67-4843-98C1-4034D3FE1432}" = protocol=6 | dir=out | app=system |
"{BB324F12-C9EC-42BA-8DD1-77A9931FD381}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C4D526F8-75EE-486D-B942-A11F6F7CD3D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5BBE7EA-A202-4D5A-A458-F02EA18E1245}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CFD5122F-7121-4863-8905-F423BC8F7F76}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{D0E60950-D502-4CEB-A84E-1563155E4304}" = protocol=17 | dir=in | app=d:\alicecd.exe |
"{DBD6C013-E052-461F-ACD9-6E7D5C91FD9F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DCD63F58-6E99-4014-BD65-B8F3BFC5FDA6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DF0336BC-1153-408F-B4E6-345442BD020E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3C23806-6BC8-4BCA-9D15-327C8FA69E1C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E4CF0C95-001C-4EA0-834D-80C11CA996DC}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{E8682BBF-184A-42D8-8573-3FFDC7A4BB63}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8D1073A-56E5-4F18-A34A-963726A2120D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA76791D-002D-46E5-9D9F-3850C58FBC4E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F02FA7F2-4E09-45D6-80F1-54D46C8D96B6}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{F67EFDD9-C325-4067-A362-5B6FCA3F8F7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{234E8396-93FA-4BF1-8B3D-270061E8BDCC}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{28E3FF6F-74C9-4839-8AE5-A6E87F819A09}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4AC42749-0AC4-4DC2-A0A1-B7DE46DCCEF1}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"TCP Query User{C83B91B6-97AB-46B6-8D6A-93894832314C}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{FB14F227-49F0-45C0-8C10-EC7D3F62614B}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{0F366AE5-565D-43FB-B896-D85278CA9BBB}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1D42D6AC-F9E1-47BF-900A-8DDCCBDA1550}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"UDP Query User{9B03173A-004B-4685-B427-337D54AD2417}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{C119244D-71C4-4C16-A51A-305E4164DF0E}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{E8076A75-6353-4A55-ABC5-6073913403AE}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{29D90A83-171E-4A78-B6DC-66B76FE52A2C}_is1" = ixPlayer 2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F1DE10B0-51C2-417F-A3EC-0B443243F1A1}" = Nitro Reader 2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2523DCE9-47C5-14E5-F315-496B75316B45}" = Zoosk Messenger
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver
"{35AC562E-F11A-060C-CD06-70FB80113769}" = simfy
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}" = pdfforge Toolbar v5.8
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{70D3EBFD-C613-49DB-A444-A4BD720DE1E9}" = Linkury Smartbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Canon RAW Codec" = Canon RAW Codec
"ClickPotatoLiteSA" = ClickPotato
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.04" = GPL Ghostscript
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA-Treiber
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Simfy" = simfy
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"MediaGet" = Der Torrent-Client MediaGet
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.05.2012 04:05:13 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 18.0.1025.168,
Zeitstempel: 0x4f9b3c24 Name des fehlerhaften Moduls: coreclr.dll, Version: 4.1.10329.0,
Zeitstempel: 0x4f740d41 Ausnahmecode: 0x8013150a Fehleroffset: 0x0013d2a6 ID des fehlerhaften
Prozesses: 0x1914 Startzeit der fehlerhaften Anwendung: 0x01cd32715e72ee82 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll
Berichtskennung:
b22cfff5-9e64-11e1-bfcc-1c7508346bc0
Error - 15.05.2012 04:42:01 | Computer Name = Christian-PC | Source = .NET Runtime | ID = 1023
Description =
Error - 15.05.2012 04:42:02 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 18.0.1025.168,
Zeitstempel: 0x4f9b3c24 Name des fehlerhaften Moduls: coreclr.dll, Version: 4.1.10329.0,
Zeitstempel: 0x4f740d41 Ausnahmecode: 0x8013150a Fehleroffset: 0x0013d2a6 ID des fehlerhaften
Prozesses: 0x24dc Startzeit der fehlerhaften Anwendung: 0x01cd327553aa5bdf Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll
Berichtskennung:
d719a000-9e69-11e1-bfcc-1c7508346bc0
Error - 16.05.2012 13:12:04 | Computer Name = Christian-PC | Source = .NET Runtime | ID = 1023
Description =
Error - 16.05.2012 13:12:06 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 18.0.1025.168,
Zeitstempel: 0x4f9b3c24 Name des fehlerhaften Moduls: coreclr.dll, Version: 4.1.10329.0,
Zeitstempel: 0x4f740d41 Ausnahmecode: 0x8013150a Fehleroffset: 0x0013d2a6 ID des fehlerhaften
Prozesses: 0x2624 Startzeit der fehlerhaften Anwendung: 0x01cd333c737b8224 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll
Berichtskennung:
42a5b1bb-9f7a-11e1-bfcc-1c7508346bc0
Error - 17.05.2012 05:25:24 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Die abhängige Assemblierung
"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.05.2012 06:42:14 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Die abhängige Assemblierung
"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.05.2012 06:45:02 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 20.05.2012 06:09:55 | Computer Name = Christian-PC | Source = Application Hang | ID = 1002
Description = Programm spotify.exe, Version 0.8.3.222 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e58 Startzeit:
01cd2f3c79abc8fe Endzeit: 921 Anwendungspfad: C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe
Berichts-ID:
e6111019-a263-11e1-bfcc-1c7508346bc0
Error - 20.05.2012 10:38:14 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Die abhängige Assemblierung
"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.05.2012 10:40:25 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ Media Center Events ]
Error - 11.02.2012 07:00:42 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 12:00:41 - Fehler beim Herstellen der Internetverbindung. 12:00:41
- Serververbindung konnte nicht hergestellt werden..
Error - 11.02.2012 07:00:47 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 12:00:47 - Fehler beim Herstellen der Internetverbindung. 12:00:47
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 16:08:38 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 21:08:38 - Fehler beim Herstellen der Internetverbindung. 21:08:38
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 16:08:48 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 21:08:43 - Fehler beim Herstellen der Internetverbindung. 21:08:43
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 17:25:56 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 22:25:56 - Fehler beim Herstellen der Internetverbindung. 22:25:56
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 17:26:03 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 22:26:01 - Fehler beim Herstellen der Internetverbindung. 22:26:01
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 18:26:11 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:26:11 - Fehler beim Herstellen der Internetverbindung. 23:26:11
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 18:26:18 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:26:16 - Fehler beim Herstellen der Internetverbindung. 23:26:16
- Serververbindung konnte nicht hergestellt werden..
Error - 07.03.2012 18:12:02 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:12:02 - Fehler beim Herstellen der Internetverbindung. 23:12:02
- Serververbindung konnte nicht hergestellt werden..
Error - 07.03.2012 18:12:08 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:12:07 - Fehler beim Herstellen der Internetverbindung. 23:12:07
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 11.06.2012 12:42:59 | Computer Name = Christian-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 904.
Error - 11.06.2012 17:59:26 | Computer Name = Christian-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 904.
Error - 12.06.2012 12:49:33 | Computer Name = Christian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?06.?2012 um 18:47:09 unerwartet heruntergefahren.
Error - 12.06.2012 12:50:57 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SSDP-Suche erreicht.
Error - 12.06.2012 12:50:57 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSDP-Suche" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 12.06.2012 12:51:48 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Media Player-Netzwerkfreigabedienst erreicht.
Error - 12.06.2012 12:51:48 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
Error - 12.06.2012 12:54:19 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description =
Error - 14.06.2012 12:37:08 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) Rapid Storage Technology erreicht.
Error - 14.06.2012 12:37:08 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
Hier das Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.15.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Christian :: CHRISTIAN-PC [Administrator] Schutz: Aktiviert 15.06.2012 14:23:53 mbam-log-2012-06-15 (14-23-53).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 410692 Laufzeit: 57 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 28 HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.CntntDic (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.CntntDisp (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.Stock (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.0.517.0 (Adware.HotBar) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790777B076545430AB92 (Malware.Trace) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ClickPotatoLiteSA (Adware.ClickPotato) -> Daten: "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Daten: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Daten: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 19 C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christian\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 20 C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\CntntCntr.dll (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReportsUninstaller.exe (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christian\AppData\Local\Temp\zodqtnwyxy.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ea180e3de878d9408249c1c91e8db8e3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-15 03:57:42
# local_time=2012-06-15 05:57:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 12937568 12937568 0 0
# compatibility_mode=5893 16776573 100 94 1355 91400456 0 0
# compatibility_mode=8192 67108863 100 0 151 151 0 0
# scanned=192671
# found=9
# cleaned=0
# scan_time=5256
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Christian\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Christian\AppData\Local\Temp\7052DBBF-BAB0-7891-B3C2-7D38BE0A4DA8\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Christian\AppData\Local\Temp\7052DBBF-BAB0-7891-B3C2-7D38BE0A4DA8\Setup.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\f54e34b.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
 Anscheinend hat mein Bekannter den Verschlüsselungstrojaner 2.00.11 - Die eMail stimmt nahezu überein, die Textdatei auf dem Desktop ebenfalls und die Dateien sind augenscheinlich nicht umbenannt worden. - Hoffe das hilft weiter  //diesmal habe ich den "edit" Button gefunden - anderer Post war wohl zu alt :/Viele Grüße Thomas |
|
18.06.2012, 11:58
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
18.06.2012, 13:55
| #3 |
| | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne,
__________________erst mal danke, dass du mir bei dem Thema helfen willst! --> Gerade gemerkt, dass ich einen Schritt vergessen habe - Asche auf mein Haupt.... // habs nun aktualisiert angehängt! Anbei ein neuer OTL Log OTL Log Code:
ATTFilter OTL logfile created on: 18.06.2012 15:14:45 - Run 3 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 58,95% Memory free 7,36 Gb Paging File | 5,67 Gb Available in Paging File | 77,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 322,72 Gb Free Space | 71,29% Space Free | Partition Type: NTFS Drive F: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,46% Space Free | Partition Type: FAT32 Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 16:15:30 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2012.02.08 23:10:36 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.12 18:06:48 | 004,700,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc) SRV - [2010.11.17 18:09:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 16:15:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 16:15:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.24 15:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 07:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.28 04:06:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.06.21 11:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.13 12:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2007.09.17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2012.04.23 18:01:07 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry_nt IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes,DefaultScope = {2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=eea245cd00000000000018f46a895e52 IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=609ABE12-EA01-4ED9-91A6-0419BDB7AA96&apn_sauid=7C96F8C7-9005-489C-ADF8-1D79730BBAEC IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry" FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0 FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.22 21:46:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.22 21:46:40 | 000,000,000 | ---D | M] [2011.02.27 00:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2012.06.15 16:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions [2011.09.19 02:42:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com [2012.06.14 18:43:11 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com [2012.06.14 18:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged [2012.05.09 23:14:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com [2012.02.01 23:00:50 | 000,002,572 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml [2012.05.12 00:47:24 | 000,002,468 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml [2012.06.14 18:43:15 | 000,002,474 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml [2012.01.13 19:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.13 19:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012.01.13 19:30:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.21 07:50:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.19 02:42:28 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.07.21 07:50:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.07.21 07:50:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.07.21 07:50:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.07.21 07:50:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Yahoo! Deutschland (Enabled) CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=827316&p={searchTerms} CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C44FE9DB-6136-40F9-9A08-059A7EF7DD50}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell - "" = AutoRun O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE - (McAfee, Inc.) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: AutoStart PC Studio - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NewPCStudio.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) MsConfig:64bit - StartUpReg: Browser Infrastructure Helper - hkey= - key= - C:\Users\Christian\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar) MsConfig:64bit - StartUpReg: EgisTecPMMUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: EgisUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: ETDWare - hkey= - key= - C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig:64bit - StartUpReg: MediaGet2 - hkey= - key= - C:\Users\Christian\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.16 13:51:23 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Snapshot Disk Imaging [2012.06.16 13:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapshot Disk Imaging [2012.06.16 13:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Snapshot [2012.06.16 11:12:46 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\www.shadowexplorer.com [2012.06.16 11:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer [2012.06.16 11:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer [2012.06.15 16:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.15 16:14:58 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.06.15 14:07:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.06.14 18:40:06 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.14 18:39:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.14 18:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.14 18:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012.05.20 11:21:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi ========== Files - Modified Within 30 Days ========== [2012.06.18 15:02:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.18 14:44:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 14:44:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 14:36:46 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.18 14:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.18 14:35:45 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys [2012.06.16 22:29:05 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job [2012.06.16 13:52:33 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.16 13:52:33 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.16 13:52:33 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.16 13:52:33 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.16 13:52:33 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.16 13:51:24 | 000,001,889 | ---- | M] () -- C:\Users\Christian\Desktop\Snapshot.lnk [2012.06.16 11:12:40 | 000,001,889 | ---- | M] () -- C:\Users\Christian\Desktop\ShadowExplorer.lnk [2012.06.15 14:18:56 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job [2012.06.15 14:07:06 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable [2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.06.14 18:39:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 18:39:20 | 000,001,262 | ---- | M] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk [2012.06.12 10:13:19 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.05 11:29:54 | 000,001,407 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml [2012.06.05 11:29:45 | 000,001,043 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk ========== Files Created - No Company Name ========== [2012.06.16 13:51:24 | 000,001,889 | ---- | C] () -- C:\Users\Christian\Desktop\Snapshot.lnk [2012.06.16 11:12:40 | 000,001,889 | ---- | C] () -- C:\Users\Christian\Desktop\ShadowExplorer.lnk [2012.06.15 14:07:06 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable [2012.06.14 18:39:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 18:39:20 | 000,001,262 | ---- | C] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk [2012.06.05 08:35:31 | 000,001,407 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml [2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.02.01 23:36:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.07.21 08:09:13 | 000,937,001 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.03.03 23:02:22 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.03.03 23:02:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.02.27 00:33:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.25 19:58:17 | 001,527,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.30 11:45:41 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.08.30 11:45:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.08.30 11:45:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.08.30 11:45:40 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.08.30 11:45:39 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe ========== LOP Check ========== [2011.09.19 02:42:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon [2011.10.09 07:25:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.04.08 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\eSobi [2012.02.13 13:49:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreePDF [2012.01.19 05:56:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0 [2011.12.20 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Get LLC [2012.06.10 22:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nitro PDF [2012.04.02 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy [2011.12.25 23:14:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite [2012.04.02 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\pdfforge [2011.07.21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\QuickScan [2012.04.23 23:49:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung [2011.07.09 01:14:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simfy [2012.06.17 00:29:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client [2012.06.15 16:15:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify [2012.04.24 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Temp [2011.02.25 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP [2012.06.16 11:12:46 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\www.shadowexplorer.com [2012.06.15 14:18:56 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job [2012.06.16 22:29:05 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job [2012.02.11 00:54:12 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.02.13 13:11:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Adobe [2012.04.23 16:39:59 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Apple Computer [2012.01.17 23:49:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Avira [2011.09.19 02:42:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon [2011.10.09 07:25:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.02.25 22:03:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\CyberLink [2011.04.08 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\eSobi [2012.02.13 13:49:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreePDF [2012.01.19 05:56:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0 [2011.02.25 19:53:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Identities [2011.02.25 19:54:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Intel Corporation [2011.02.25 19:54:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Macromedia [2012.06.14 18:40:06 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Center Programs [2011.12.20 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Get LLC [2012.04.23 18:43:32 | 000,000,000 | --SD | M] -- C:\Users\Christian\AppData\Roaming\Microsoft [2011.02.27 00:33:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla [2012.06.10 22:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nitro PDF [2012.04.02 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy [2011.12.25 23:14:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite [2012.04.02 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\pdfforge [2011.07.21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\QuickScan [2012.04.23 23:49:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung [2011.07.09 01:14:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simfy [2012.06.17 00:29:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client [2012.06.15 16:15:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify [2012.04.24 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Temp [2011.02.25 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP [2012.06.16 11:12:46 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\www.shadowexplorer.com < %APPDATA%\*.exe /s > [2011.07.09 01:13:59 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Christian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.03.22 16:04:25 | 003,325,832 | ---- | M] (Ask) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe [2012.04.02 15:18:59 | 006,263,712 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\OpenCandy\74F05C1722094B5D854DD3F62F8CBD9C\LinkuryInstallerCHCB_p1v13.exe [2012.04.24 00:03:17 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Christian\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe [2012.03.31 04:38:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\Christian\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012.03.31 04:38:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\Christian\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe [2012.04.23 23:26:13 | 000,069,632 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe [2012.04.23 17:55:03 | 089,280,248 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Christian\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe [2012.05.03 20:20:08 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe [2012.05.03 20:20:08 | 000,932,528 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.04.13 03:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys [2010.04.13 03:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Thomas Geändert von sportsocke (18.06.2012 um 14:28 Uhr) |
|
18.06.2012, 14:38
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry_nt
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes,DefaultScope = {2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=eea245cd00000000000018f46a895e52
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=609ABE12-EA01-4ED9-91A6-0419BDB7AA96&apn_sauid=7C96F8C7-9005-489C-ADF8-1D79730BBAEC
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9
FF - user.js - File not found
[2011.09.19 02:42:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com
[2012.06.14 18:43:11 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com
[2012.06.14 18:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged
[2012.05.09 23:14:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com
[2012.02.01 23:00:50 | 000,002,572 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml
[2012.05.12 00:47:24 | 000,002,468 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml
[2012.06.14 18:43:15 | 000,002,474 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml
[2011.09.19 02:42:28 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell - "" = AutoRun
O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
:Files
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\pdfforge Toolbar
C:\Users\Christian\AppData\Roaming\Babylon
C:\Program Files (x86)\BabylonToolbar
C:\Users\Christian\AppData\Local\Babylon
C:\Program Files (x86)\Application Updater
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.06.2012, 15:11
| #5 |
| | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne, ist alles so eingetreten wie du sagtest - anbei das Log aus der nach dem Reboot geöffneten Log datei: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&ilc=12&type=827316" removed from browser.search.param.yahoo-fr
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry" removed from browser.startup.homepage
Prefs.js: helperbar@helperbar.com:1.0 removed from extensions.enabledItems
Prefs.js: ShopperReports@ShopperReports.com:3.0.517.0 removed from extensions.enabledItems
Prefs.js: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.14.1.100009 removed from extensions.enabledItems
Prefs.js: ffxtlbr@babylon.com:1.1.9 removed from extensions.enabledItems
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com\components folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com\chrome\PublisherImages folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com\chrome\images folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com\chrome folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com\components folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com\chrome\PublisherImages folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com\chrome\images folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com\chrome folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-11-Jan-2012-14-05-20-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-09-Mar-2011-13-47-07-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-22-Mar-2011-22-02-37-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-15-Mar-2011-13-42-30-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-07-Jul-2011-22-36-04-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-09-Oct-2011-05-30-17-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-17-Sep-2011-15-22-43-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-14-Nov-2011-11-40-27-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-08-Jul-2011-08-03-26-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml moved successfully.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml moved successfully.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav deleted successfully.
C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ApnUpdater\ not found.
========== FILES ==========
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\5.8 folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar folder moved successfully.
C:\Users\Christian\AppData\Roaming\Babylon folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10 folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files (x86)\BabylonToolbar folder moved successfully.
C:\Users\Christian\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Christian\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Christian\AppData\Local\Babylon folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Christian
->Temp folder emptied: 674226738 bytes
->Temporary Internet Files folder emptied: 272121877 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 122105985 bytes
->Google Chrome cache emptied: 24190719 bytes
->Flash cache emptied: 214234 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 477020412 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes
RecycleBin emptied: 795048465 bytes
Total Files Cleaned = 2.256,00 mb
[EMPTYFLASH]
User: All Users
User: Christian
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.48.0 log created on 06182012_160245
Files\Folders moved on Reboot...
C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Viele Grüße Thomas |
|
18.06.2012, 20:38
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Verschlüsselungs Trojaner - Rechnung von Pearlfection.de |
|
19.06.2012, 14:05
| #7 |
| | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne, anbei das Log vom TDSS Killer - 2 Sachen wurden gefunden: Code:
ATTFilter 15:01:08.0439 2924 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
15:01:08.0455 2924 ============================================================
15:01:08.0455 2924 Current date / time: 2012/06/19 15:01:08.0455
15:01:08.0455 2924 SystemInfo:
15:01:08.0455 2924
15:01:08.0455 2924 OS Version: 6.1.7601 ServicePack: 1.0
15:01:08.0455 2924 Product type: Workstation
15:01:08.0455 2924 ComputerName: CHRISTIAN-PC
15:01:08.0455 2924 UserName: Christian
15:01:08.0455 2924 Windows directory: C:\Windows
15:01:08.0455 2924 System windows directory: C:\Windows
15:01:08.0455 2924 Running under WOW64
15:01:08.0455 2924 Processor architecture: Intel x64
15:01:08.0455 2924 Number of processors: 4
15:01:08.0455 2924 Page size: 0x1000
15:01:08.0455 2924 Boot type: Normal boot
15:01:08.0455 2924 ============================================================
15:01:09.0999 2924 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:01:09.0999 2924 Drive \Device\Harddisk1\DR1 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:01:09.0999 2924 ============================================================
15:01:09.0999 2924 \Device\Harddisk0\DR0:
15:01:09.0999 2924 MBR partitions:
15:01:09.0999 2924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
15:01:09.0999 2924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
15:01:09.0999 2924 \Device\Harddisk1\DR1:
15:01:09.0999 2924 MBR partitions:
15:01:09.0999 2924 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x3BA080
15:01:09.0999 2924 ============================================================
15:01:10.0030 2924 C: <-> \Device\Harddisk0\DR0\Partition1
15:01:10.0030 2924 ============================================================
15:01:10.0030 2924 Initialize success
15:01:10.0030 2924 ============================================================
15:01:35.0786 2172 ============================================================
15:01:35.0786 2172 Scan started
15:01:35.0786 2172 Mode: Manual; SigCheck; TDLFS;
15:01:35.0786 2172 ============================================================
15:01:36.0301 2172 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:01:36.0425 2172 1394ohci - ok
15:01:36.0503 2172 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:01:36.0535 2172 ACPI - ok
15:01:36.0597 2172 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:01:36.0691 2172 AcpiPmi - ok
15:01:36.0831 2172 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:01:36.0847 2172 AdobeARMservice - ok
15:01:36.0925 2172 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:01:36.0940 2172 adp94xx - ok
15:01:37.0003 2172 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:01:37.0018 2172 adpahci - ok
15:01:37.0049 2172 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:01:37.0049 2172 adpu320 - ok
15:01:37.0096 2172 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:01:37.0237 2172 AeLookupSvc - ok
15:01:37.0315 2172 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:01:37.0377 2172 AFD - ok
15:01:37.0424 2172 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:01:37.0439 2172 agp440 - ok
15:01:37.0471 2172 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:01:37.0689 2172 ALG - ok
15:01:37.0783 2172 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:01:37.0783 2172 aliide - ok
15:01:37.0814 2172 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:01:37.0829 2172 amdide - ok
15:01:37.0845 2172 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:01:37.0907 2172 AmdK8 - ok
15:01:37.0939 2172 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:01:38.0001 2172 AmdPPM - ok
15:01:38.0048 2172 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:01:38.0063 2172 amdsata - ok
15:01:38.0095 2172 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:01:38.0110 2172 amdsbs - ok
15:01:38.0141 2172 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:01:38.0141 2172 amdxata - ok
15:01:38.0251 2172 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:01:38.0266 2172 AntiVirSchedulerService - ok
15:01:38.0297 2172 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:01:38.0313 2172 AntiVirService - ok
15:01:38.0375 2172 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:01:38.0500 2172 AppID - ok
15:01:38.0516 2172 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:01:38.0625 2172 AppIDSvc - ok
15:01:38.0687 2172 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:01:38.0750 2172 Appinfo - ok
15:01:38.0781 2172 Application Updater - ok
15:01:38.0812 2172 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:01:38.0828 2172 arc - ok
15:01:38.0843 2172 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:01:38.0859 2172 arcsas - ok
15:01:38.0890 2172 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:01:38.0968 2172 AsyncMac - ok
15:01:39.0015 2172 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:01:39.0015 2172 atapi - ok
15:01:39.0093 2172 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:01:39.0171 2172 AudioEndpointBuilder - ok
15:01:39.0171 2172 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:01:39.0233 2172 AudioSrv - ok
15:01:39.0280 2172 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
15:01:39.0311 2172 avgntflt - ok
15:01:39.0343 2172 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
15:01:39.0358 2172 avipbb - ok
15:01:39.0389 2172 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:01:39.0405 2172 avkmgr - ok
15:01:39.0467 2172 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:01:39.0561 2172 AxInstSV - ok
15:01:39.0623 2172 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:01:39.0701 2172 b06bdrv - ok
15:01:39.0748 2172 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:01:39.0779 2172 b57nd60a - ok
15:01:39.0951 2172 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
15:01:39.0967 2172 BBSvc - ok
15:01:40.0013 2172 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
15:01:40.0029 2172 BBUpdate - ok
15:01:40.0216 2172 BCM43XX (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:01:40.0310 2172 BCM43XX - ok
15:01:40.0419 2172 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:01:40.0466 2172 BDESVC - ok
15:01:40.0544 2172 bdfsfltr (66116e0a4da8407ff7f2aaace52b8b54) C:\Windows\system32\DRIVERS\bdfsfltr.sys
15:01:40.0575 2172 bdfsfltr - ok
15:01:40.0606 2172 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:01:40.0684 2172 Beep - ok
15:01:40.0778 2172 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:01:40.0840 2172 BFE - ok
15:01:40.0918 2172 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:01:40.0996 2172 BITS - ok
15:01:41.0059 2172 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:01:41.0090 2172 blbdrive - ok
15:01:41.0121 2172 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:01:41.0183 2172 bowser - ok
15:01:41.0215 2172 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:01:41.0308 2172 BrFiltLo - ok
15:01:41.0339 2172 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:01:41.0386 2172 BrFiltUp - ok
15:01:41.0417 2172 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:01:41.0480 2172 Browser - ok
15:01:41.0511 2172 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:01:41.0589 2172 Brserid - ok
15:01:41.0620 2172 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:01:41.0651 2172 BrSerWdm - ok
15:01:41.0683 2172 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:01:41.0714 2172 BrUsbMdm - ok
15:01:41.0745 2172 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:01:41.0776 2172 BrUsbSer - ok
15:01:41.0792 2172 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:01:41.0823 2172 BTHMODEM - ok
15:01:41.0870 2172 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:01:41.0932 2172 bthserv - ok
15:01:41.0963 2172 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:01:42.0026 2172 cdfs - ok
15:01:42.0073 2172 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:01:42.0104 2172 cdrom - ok
15:01:42.0166 2172 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:01:42.0229 2172 CertPropSvc - ok
15:01:42.0275 2172 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:01:42.0307 2172 circlass - ok
15:01:42.0353 2172 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:01:42.0369 2172 CLFS - ok
15:01:42.0431 2172 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:01:42.0447 2172 clr_optimization_v2.0.50727_32 - ok
15:01:42.0478 2172 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:01:42.0478 2172 clr_optimization_v2.0.50727_64 - ok
15:01:42.0556 2172 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:01:42.0572 2172 clr_optimization_v4.0.30319_32 - ok
15:01:42.0603 2172 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:01:42.0619 2172 clr_optimization_v4.0.30319_64 - ok
15:01:42.0634 2172 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:01:42.0665 2172 CmBatt - ok
15:01:42.0697 2172 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:01:42.0712 2172 cmdide - ok
15:01:42.0759 2172 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:01:42.0790 2172 CNG - ok
15:01:42.0821 2172 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:01:42.0837 2172 Compbatt - ok
15:01:42.0884 2172 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:01:42.0931 2172 CompositeBus - ok
15:01:42.0946 2172 COMSysApp - ok
15:01:42.0977 2172 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:01:42.0993 2172 crcdisk - ok
15:01:43.0055 2172 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:01:43.0087 2172 CryptSvc - ok
15:01:43.0243 2172 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:01:43.0274 2172 cvhsvc - ok
15:01:43.0352 2172 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:01:43.0414 2172 DcomLaunch - ok
15:01:43.0461 2172 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:01:43.0523 2172 defragsvc - ok
15:01:43.0617 2172 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:01:43.0664 2172 DfsC - ok
15:01:43.0742 2172 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:01:43.0820 2172 Dhcp - ok
15:01:43.0851 2172 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:01:43.0898 2172 discache - ok
15:01:43.0929 2172 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:01:43.0945 2172 Disk - ok
15:01:43.0976 2172 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:01:44.0038 2172 Dnscache - ok
15:01:44.0085 2172 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:01:44.0132 2172 dot3svc - ok
15:01:44.0179 2172 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:01:44.0241 2172 DPS - ok
15:01:44.0257 2172 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:01:44.0303 2172 drmkaud - ok
15:01:44.0381 2172 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:01:44.0397 2172 DsiWMIService - ok
15:01:44.0475 2172 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:01:44.0491 2172 DXGKrnl - ok
15:01:44.0537 2172 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:01:44.0600 2172 EapHost - ok
15:01:44.0756 2172 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:01:44.0834 2172 ebdrv - ok
15:01:44.0959 2172 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:01:45.0005 2172 EFS - ok
15:01:45.0115 2172 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:01:45.0177 2172 ehRecvr - ok
15:01:45.0208 2172 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:01:45.0271 2172 ehSched - ok
15:01:45.0349 2172 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:01:45.0380 2172 elxstor - ok
15:01:45.0489 2172 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:01:45.0505 2172 ePowerSvc - ok
15:01:45.0598 2172 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:01:45.0629 2172 ErrDev - ok
15:01:45.0676 2172 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
15:01:45.0692 2172 ETD - ok
15:01:45.0739 2172 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:01:45.0801 2172 EventSystem - ok
15:01:45.0817 2172 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:01:45.0879 2172 exfat - ok
15:01:45.0910 2172 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:01:45.0973 2172 fastfat - ok
15:01:46.0051 2172 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:01:46.0129 2172 Fax - ok
15:01:46.0160 2172 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:01:46.0207 2172 fdc - ok
15:01:46.0238 2172 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:01:46.0300 2172 fdPHost - ok
15:01:46.0331 2172 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:01:46.0394 2172 FDResPub - ok
15:01:46.0425 2172 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:01:46.0441 2172 FileInfo - ok
15:01:46.0456 2172 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:01:46.0519 2172 Filetrace - ok
15:01:46.0597 2172 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:01:46.0628 2172 FLEXnet Licensing Service - ok
15:01:46.0628 2172 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:01:46.0675 2172 flpydisk - ok
15:01:46.0721 2172 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:01:46.0737 2172 FltMgr - ok
15:01:46.0799 2172 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:01:46.0862 2172 FontCache - ok
15:01:46.0940 2172 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:01:46.0955 2172 FontCache3.0.0.0 - ok
15:01:47.0002 2172 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:01:47.0018 2172 FsDepends - ok
15:01:47.0065 2172 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:01:47.0065 2172 Fs_Rec - ok
15:01:47.0127 2172 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:01:47.0143 2172 fvevol - ok
15:01:47.0174 2172 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:01:47.0174 2172 gagp30kx - ok
15:01:47.0252 2172 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:01:47.0314 2172 gpsvc - ok
15:01:47.0392 2172 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:01:47.0408 2172 GREGService - ok
15:01:47.0470 2172 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:01:47.0486 2172 gupdate - ok
15:01:47.0501 2172 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:01:47.0501 2172 gupdatem - ok
15:01:47.0533 2172 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:01:47.0595 2172 hcw85cir - ok
15:01:47.0642 2172 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:01:47.0673 2172 HdAudAddService - ok
15:01:47.0720 2172 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:01:47.0751 2172 HDAudBus - ok
15:01:47.0798 2172 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:01:47.0813 2172 HECIx64 - ok
15:01:47.0829 2172 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:01:47.0860 2172 HidBatt - ok
15:01:47.0891 2172 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:01:47.0923 2172 HidBth - ok
15:01:47.0954 2172 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:01:47.0985 2172 HidIr - ok
15:01:48.0032 2172 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:01:48.0079 2172 hidserv - ok
15:01:48.0141 2172 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:01:48.0157 2172 HidUsb - ok
15:01:48.0188 2172 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:01:48.0250 2172 hkmsvc - ok
15:01:48.0297 2172 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:01:48.0359 2172 HomeGroupListener - ok
15:01:48.0406 2172 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:01:48.0437 2172 HomeGroupProvider - ok
15:01:48.0484 2172 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:01:48.0484 2172 HpSAMD - ok
15:01:48.0578 2172 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:01:48.0640 2172 HTTP - ok
15:01:48.0703 2172 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:01:48.0703 2172 hwpolicy - ok
15:01:48.0734 2172 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:01:48.0749 2172 i8042prt - ok
15:01:48.0796 2172 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
15:01:48.0812 2172 iaStor - ok
15:01:48.0890 2172 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:01:48.0905 2172 IAStorDataMgrSvc - ok
15:01:48.0968 2172 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:01:48.0983 2172 iaStorV - ok
15:01:49.0108 2172 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:01:49.0139 2172 idsvc - ok
15:01:49.0545 2172 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:01:49.0873 2172 igfx - ok
15:01:49.0966 2172 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:01:49.0982 2172 iirsp - ok
15:01:50.0060 2172 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:01:50.0122 2172 IKEEXT - ok
15:01:50.0169 2172 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
15:01:50.0231 2172 Impcd - ok
15:01:50.0372 2172 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
15:01:50.0434 2172 IntcAzAudAddService - ok
15:01:50.0575 2172 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:01:50.0637 2172 IntcDAud - ok
15:01:50.0668 2172 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:01:50.0684 2172 intelide - ok
15:01:50.0715 2172 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:01:50.0746 2172 intelppm - ok
15:01:50.0793 2172 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:01:50.0840 2172 IPBusEnum - ok
15:01:50.0871 2172 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:01:50.0933 2172 IpFilterDriver - ok
15:01:50.0996 2172 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:01:51.0058 2172 iphlpsvc - ok
15:01:51.0089 2172 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:01:51.0136 2172 IPMIDRV - ok
15:01:51.0167 2172 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:01:51.0214 2172 IPNAT - ok
15:01:51.0261 2172 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:01:51.0339 2172 IRENUM - ok
15:01:51.0355 2172 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:01:51.0370 2172 isapnp - ok
15:01:51.0417 2172 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:01:51.0433 2172 iScsiPrt - ok
15:01:51.0511 2172 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:01:51.0526 2172 k57nd60a - ok
15:01:51.0573 2172 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:01:51.0589 2172 kbdclass - ok
15:01:51.0620 2172 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:01:51.0651 2172 kbdhid - ok
15:01:51.0682 2172 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:01:51.0698 2172 KeyIso - ok
15:01:51.0713 2172 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:01:51.0729 2172 KSecDD - ok
15:01:51.0745 2172 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:01:51.0760 2172 KSecPkg - ok
15:01:51.0791 2172 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:01:51.0854 2172 ksthunk - ok
15:01:51.0885 2172 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:01:51.0932 2172 KtmRm - ok
15:01:51.0994 2172 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:01:52.0057 2172 LanmanServer - ok
15:01:52.0088 2172 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:01:52.0135 2172 LanmanWorkstation - ok
15:01:52.0166 2172 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:01:52.0244 2172 lltdio - ok
15:01:52.0291 2172 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:01:52.0337 2172 lltdsvc - ok
15:01:52.0369 2172 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:01:52.0431 2172 lmhosts - ok
15:01:52.0509 2172 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:01:52.0540 2172 LMS - ok
15:01:52.0587 2172 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:01:52.0603 2172 LSI_FC - ok
15:01:52.0603 2172 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:01:52.0618 2172 LSI_SAS - ok
15:01:52.0634 2172 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:01:52.0649 2172 LSI_SAS2 - ok
15:01:52.0681 2172 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:01:52.0681 2172 LSI_SCSI - ok
15:01:52.0712 2172 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:01:52.0759 2172 luafv - ok
15:01:52.0821 2172 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:01:52.0837 2172 MBAMProtector - ok
15:01:52.0915 2172 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:01:52.0946 2172 MBAMService - ok
15:01:52.0993 2172 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
15:01:53.0024 2172 McComponentHostService - ok
15:01:53.0039 2172 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:01:53.0086 2172 Mcx2Svc - ok
15:01:53.0117 2172 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:01:53.0133 2172 megasas - ok
15:01:53.0164 2172 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:01:53.0180 2172 MegaSR - ok
15:01:53.0211 2172 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:01:53.0273 2172 MMCSS - ok
15:01:53.0289 2172 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:01:53.0351 2172 Modem - ok
15:01:53.0398 2172 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:01:53.0429 2172 monitor - ok
15:01:53.0476 2172 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:01:53.0492 2172 mouclass - ok
15:01:53.0523 2172 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:01:53.0539 2172 mouhid - ok
15:01:53.0570 2172 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:01:53.0585 2172 mountmgr - ok
15:01:53.0632 2172 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:01:53.0632 2172 mpio - ok
15:01:53.0663 2172 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:01:53.0710 2172 mpsdrv - ok
15:01:53.0788 2172 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:01:53.0866 2172 MpsSvc - ok
15:01:53.0929 2172 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:01:53.0975 2172 MRxDAV - ok
15:01:54.0007 2172 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:01:54.0038 2172 mrxsmb - ok
15:01:54.0069 2172 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:01:54.0116 2172 mrxsmb10 - ok
15:01:54.0147 2172 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:01:54.0163 2172 mrxsmb20 - ok
15:01:54.0209 2172 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:01:54.0209 2172 msahci - ok
15:01:54.0241 2172 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:01:54.0256 2172 msdsm - ok
15:01:54.0287 2172 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:01:54.0303 2172 MSDTC - ok
15:01:54.0350 2172 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:01:54.0381 2172 Msfs - ok
15:01:54.0397 2172 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:01:54.0443 2172 mshidkmdf - ok
15:01:54.0475 2172 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:01:54.0490 2172 msisadrv - ok
15:01:54.0537 2172 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:01:54.0599 2172 MSiSCSI - ok
15:01:54.0599 2172 msiserver - ok
15:01:54.0631 2172 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:01:54.0693 2172 MSKSSRV - ok
15:01:54.0724 2172 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:01:54.0755 2172 MSPCLOCK - ok
15:01:54.0771 2172 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:01:54.0849 2172 MSPQM - ok
15:01:54.0896 2172 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:01:54.0911 2172 MsRPC - ok
15:01:54.0943 2172 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:01:54.0958 2172 mssmbios - ok
15:01:54.0989 2172 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:01:55.0052 2172 MSTEE - ok
15:01:55.0083 2172 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:01:55.0114 2172 MTConfig - ok
15:01:55.0145 2172 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:01:55.0161 2172 Mup - ok
15:01:55.0192 2172 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:01:55.0208 2172 mwlPSDFilter - ok
15:01:55.0223 2172 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:01:55.0239 2172 mwlPSDNServ - ok
15:01:55.0255 2172 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:01:55.0270 2172 mwlPSDVDisk - ok
15:01:55.0348 2172 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
15:01:55.0364 2172 MWLService - ok
15:01:55.0411 2172 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:01:55.0489 2172 napagent - ok
15:01:55.0535 2172 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:01:55.0582 2172 NativeWifiP - ok
15:01:55.0645 2172 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:01:55.0660 2172 NDIS - ok
15:01:55.0707 2172 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:01:55.0738 2172 NdisCap - ok
15:01:55.0769 2172 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:01:55.0832 2172 NdisTapi - ok
15:01:55.0879 2172 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:01:55.0925 2172 Ndisuio - ok
15:01:55.0972 2172 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:01:56.0003 2172 NdisWan - ok
15:01:56.0050 2172 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:01:56.0097 2172 NDProxy - ok
15:01:56.0128 2172 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:01:56.0206 2172 NetBIOS - ok
15:01:56.0253 2172 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:01:56.0331 2172 NetBT - ok
15:01:56.0362 2172 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:01:56.0378 2172 Netlogon - ok
15:01:56.0425 2172 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:01:56.0471 2172 Netman - ok
15:01:56.0518 2172 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:01:56.0565 2172 netprofm - ok
15:01:56.0643 2172 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:01:56.0643 2172 NetTcpPortSharing - ok
15:01:56.0674 2172 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:01:56.0690 2172 nfrd960 - ok
15:01:56.0799 2172 NitroReaderDriverReadSpool2 (12d44fd546e32a4201cf3daaf5298ac2) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
15:01:56.0815 2172 NitroReaderDriverReadSpool2 - ok
15:01:56.0877 2172 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:01:56.0939 2172 NlaSvc - ok
15:01:57.0205 2172 NOBU (f5f03fabef7df53a1c78ee6cd8e7ae41) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:01:57.0283 2172 NOBU - ok
15:01:57.0376 2172 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:01:57.0423 2172 Npfs - ok
15:01:57.0454 2172 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:01:57.0485 2172 nsi - ok
15:01:57.0501 2172 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:01:57.0563 2172 nsiproxy - ok
15:01:57.0641 2172 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:01:57.0688 2172 Ntfs - ok
15:01:57.0782 2172 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
15:01:57.0782 2172 NTI IScheduleSvc - ok
15:01:57.0875 2172 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
15:01:57.0891 2172 NTIDrvr - ok
15:01:57.0891 2172 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:01:57.0969 2172 Null - ok
15:01:58.0484 2172 nvlddmkm (5c3416c9f61809bbdffe6fac0c252520) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:01:58.0858 2172 nvlddmkm - ok
15:01:58.0983 2172 nvpciflt (10ea8a8bb2978c510f5892fcce62b00d) C:\Windows\system32\DRIVERS\nvpciflt.sys
15:01:58.0999 2172 nvpciflt - ok
15:01:59.0045 2172 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:01:59.0061 2172 nvraid - ok
15:01:59.0077 2172 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:01:59.0092 2172 nvstor - ok
15:01:59.0139 2172 nvsvc (d9617ef20708dcee76828865122b560f) C:\Windows\system32\nvvsvc.exe
15:01:59.0155 2172 nvsvc - ok
15:01:59.0279 2172 nvUpdatusService (2848e9b51c7a5d3efad44de9834c1d74) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:01:59.0326 2172 nvUpdatusService - ok
15:01:59.0420 2172 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:01:59.0435 2172 nv_agp - ok
15:01:59.0451 2172 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:01:59.0482 2172 ohci1394 - ok
15:01:59.0560 2172 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:01:59.0560 2172 ose - ok
15:01:59.0857 2172 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:01:59.0935 2172 osppsvc - ok
15:02:00.0028 2172 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:02:00.0137 2172 p2pimsvc - ok
15:02:00.0184 2172 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:02:00.0200 2172 p2psvc - ok
15:02:00.0262 2172 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:02:00.0340 2172 Parport - ok
15:02:00.0403 2172 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:02:00.0418 2172 partmgr - ok
15:02:00.0481 2172 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:02:00.0559 2172 PcaSvc - ok
15:02:00.0621 2172 pccsmcfd (81b5e63131090879ad6ef9f32109b88d) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:02:00.0637 2172 pccsmcfd - ok
15:02:00.0668 2172 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:02:00.0683 2172 pci - ok
15:02:00.0699 2172 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:02:00.0715 2172 pciide - ok
15:02:00.0777 2172 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:02:00.0793 2172 pcmcia - ok
15:02:00.0808 2172 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:02:00.0824 2172 pcw - ok
15:02:00.0902 2172 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:02:00.0964 2172 PEAUTH - ok
15:02:01.0011 2172 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:02:01.0042 2172 PerfHost - ok
15:02:01.0136 2172 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:02:01.0214 2172 pla - ok
15:02:01.0276 2172 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:02:01.0339 2172 PlugPlay - ok
15:02:01.0370 2172 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:02:01.0385 2172 PNRPAutoReg - ok
15:02:01.0417 2172 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:02:01.0432 2172 PNRPsvc - ok
15:02:01.0495 2172 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:02:01.0557 2172 PolicyAgent - ok
15:02:01.0588 2172 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:02:01.0635 2172 Power - ok
15:02:01.0697 2172 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:02:01.0744 2172 PptpMiniport - ok
15:02:01.0775 2172 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:02:01.0807 2172 Processor - ok
15:02:01.0853 2172 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:02:01.0931 2172 ProfSvc - ok
15:02:01.0963 2172 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:02:01.0978 2172 ProtectedStorage - ok
15:02:02.0025 2172 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:02:02.0087 2172 Psched - ok
15:02:02.0165 2172 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:02:02.0212 2172 ql2300 - ok
15:02:02.0306 2172 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:02:02.0321 2172 ql40xx - ok
15:02:02.0353 2172 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:02:02.0368 2172 QWAVE - ok
15:02:02.0384 2172 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:02:02.0415 2172 QWAVEdrv - ok
15:02:02.0540 2172 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
15:02:02.0540 2172 RapiMgr - ok
15:02:02.0571 2172 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:02:02.0633 2172 RasAcd - ok
15:02:02.0665 2172 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:02:02.0711 2172 RasAgileVpn - ok
15:02:02.0727 2172 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:02:02.0774 2172 RasAuto - ok
15:02:02.0805 2172 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:02:02.0867 2172 Rasl2tp - ok
15:02:02.0914 2172 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:02:02.0977 2172 RasMan - ok
15:02:03.0023 2172 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:02:03.0070 2172 RasPppoe - ok
15:02:03.0086 2172 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:02:03.0148 2172 RasSstp - ok
15:02:03.0195 2172 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:02:03.0226 2172 rdbss - ok
15:02:03.0242 2172 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:02:03.0257 2172 rdpbus - ok
15:02:03.0273 2172 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:02:03.0335 2172 RDPCDD - ok
15:02:03.0367 2172 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:02:03.0413 2172 RDPENCDD - ok
15:02:03.0445 2172 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:02:03.0491 2172 RDPREFMP - ok
15:02:03.0523 2172 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:02:03.0585 2172 RDPWD - ok
15:02:03.0663 2172 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:02:03.0679 2172 rdyboost - ok
15:02:03.0710 2172 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:02:03.0757 2172 RemoteAccess - ok
15:02:03.0819 2172 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:02:03.0881 2172 RemoteRegistry - ok
15:02:03.0913 2172 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:02:03.0991 2172 RpcEptMapper - ok
15:02:04.0022 2172 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:02:04.0037 2172 RpcLocator - ok
15:02:04.0100 2172 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:02:04.0147 2172 RpcSs - ok
15:02:04.0162 2172 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:02:04.0225 2172 rspndr - ok
15:02:04.0271 2172 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
15:02:04.0287 2172 RSUSBSTOR - ok
15:02:04.0334 2172 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:02:04.0334 2172 SamSs - ok
15:02:04.0381 2172 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:02:04.0396 2172 sbp2port - ok
15:02:04.0552 2172 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:02:04.0583 2172 SBSDWSCService - ok
15:02:04.0599 2172 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:02:04.0646 2172 SCardSvr - ok
15:02:04.0693 2172 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:02:04.0755 2172 scfilter - ok
15:02:04.0833 2172 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:02:04.0895 2172 Schedule - ok
15:02:04.0927 2172 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:02:04.0973 2172 SCPolicySvc - ok
15:02:04.0989 2172 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:02:05.0020 2172 SDRSVC - ok
15:02:05.0083 2172 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:02:05.0145 2172 secdrv - ok
15:02:05.0176 2172 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:02:05.0223 2172 seclogon - ok
15:02:05.0254 2172 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:02:05.0317 2172 SENS - ok
15:02:05.0332 2172 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:02:05.0395 2172 SensrSvc - ok
15:02:05.0410 2172 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:02:05.0441 2172 Serenum - ok
15:02:05.0488 2172 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:02:05.0504 2172 Serial - ok
15:02:05.0535 2172 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:02:05.0566 2172 sermouse - ok
15:02:05.0707 2172 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:02:05.0738 2172 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:02:05.0738 2172 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:02:05.0785 2172 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:02:05.0831 2172 SessionEnv - ok
15:02:05.0909 2172 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
15:02:05.0925 2172 sesvc ( UnsignedFile.Multi.Generic ) - warning
15:02:05.0925 2172 sesvc - detected UnsignedFile.Multi.Generic (1)
15:02:05.0972 2172 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:02:06.0034 2172 sffdisk - ok
15:02:06.0034 2172 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:02:06.0065 2172 sffp_mmc - ok
15:02:06.0097 2172 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:02:06.0128 2172 sffp_sd - ok
15:02:06.0159 2172 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:02:06.0175 2172 sfloppy - ok
15:02:06.0237 2172 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:02:06.0253 2172 Sftfs - ok
15:02:06.0331 2172 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:02:06.0362 2172 sftlist - ok
15:02:06.0393 2172 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:02:06.0393 2172 Sftplay - ok
15:02:06.0424 2172 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:02:06.0424 2172 Sftredir - ok
15:02:06.0455 2172 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:02:06.0471 2172 Sftvol - ok
15:02:06.0518 2172 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:02:06.0533 2172 sftvsa - ok
15:02:06.0580 2172 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:02:06.0643 2172 SharedAccess - ok
15:02:06.0689 2172 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:02:06.0767 2172 ShellHWDetection - ok
15:02:06.0814 2172 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:02:06.0814 2172 SiSRaid2 - ok
15:02:06.0830 2172 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:02:06.0845 2172 SiSRaid4 - ok
15:02:06.0877 2172 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:02:06.0923 2172 Smb - ok
15:02:06.0970 2172 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:02:07.0001 2172 SNMPTRAP - ok
15:02:07.0033 2172 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:02:07.0033 2172 spldr - ok
15:02:07.0111 2172 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:02:07.0142 2172 Spooler - ok
15:02:07.0298 2172 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:02:07.0423 2172 sppsvc - ok
15:02:07.0516 2172 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:02:07.0563 2172 sppuinotify - ok
15:02:07.0625 2172 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:02:07.0688 2172 srv - ok
15:02:07.0735 2172 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:02:07.0766 2172 srv2 - ok
15:02:07.0813 2172 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:02:07.0828 2172 srvnet - ok
15:02:07.0859 2172 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:02:07.0922 2172 SSDPSRV - ok
15:02:07.0953 2172 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:02:08.0000 2172 SstpSvc - ok
15:02:08.0078 2172 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
15:02:08.0093 2172 ss_bbus - ok
15:02:08.0171 2172 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
15:02:08.0187 2172 ss_bmdfl - ok
15:02:08.0218 2172 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
15:02:08.0234 2172 ss_bmdm - ok
15:02:08.0265 2172 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:02:08.0281 2172 stexstor - ok
15:02:08.0327 2172 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:02:08.0374 2172 stisvc - ok
15:02:08.0405 2172 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:02:08.0421 2172 swenum - ok
15:02:08.0468 2172 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:02:08.0515 2172 swprv - ok
15:02:08.0608 2172 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:02:08.0671 2172 SysMain - ok
15:02:08.0827 2172 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:02:08.0889 2172 TabletInputService - ok
15:02:08.0936 2172 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:02:08.0998 2172 TapiSrv - ok
15:02:09.0014 2172 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:02:09.0076 2172 TBS - ok
15:02:09.0217 2172 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:02:09.0263 2172 Tcpip - ok
15:02:09.0451 2172 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:02:09.0497 2172 TCPIP6 - ok
15:02:09.0591 2172 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:02:09.0653 2172 tcpipreg - ok
15:02:09.0685 2172 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:02:09.0731 2172 TDPIPE - ok
15:02:09.0747 2172 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:02:09.0778 2172 TDTCP - ok
15:02:09.0825 2172 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:02:09.0872 2172 tdx - ok
15:02:09.0903 2172 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:02:09.0919 2172 TermDD - ok
15:02:09.0950 2172 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:02:10.0028 2172 TermService - ok
15:02:10.0059 2172 TFsExDisk - ok
15:02:10.0075 2172 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:02:10.0090 2172 Themes - ok
15:02:10.0121 2172 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:02:10.0168 2172 THREADORDER - ok
15:02:10.0184 2172 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:02:10.0231 2172 TrkWks - ok
15:02:10.0309 2172 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:02:10.0355 2172 TrustedInstaller - ok
15:02:10.0402 2172 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:02:10.0449 2172 tssecsrv - ok
15:02:10.0511 2172 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:02:10.0527 2172 TsUsbFlt - ok
15:02:10.0589 2172 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:02:10.0652 2172 tunnel - ok
15:02:10.0683 2172 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:02:10.0683 2172 uagp35 - ok
15:02:10.0714 2172 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
15:02:10.0730 2172 UBHelper - ok
15:02:10.0777 2172 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:02:10.0839 2172 udfs - ok
15:02:10.0870 2172 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:02:10.0917 2172 UI0Detect - ok
15:02:10.0948 2172 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:02:10.0964 2172 uliagpkx - ok
15:02:10.0995 2172 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:02:11.0042 2172 umbus - ok
15:02:11.0073 2172 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:02:11.0104 2172 UmPass - ok
15:02:11.0276 2172 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:02:11.0323 2172 UNS - ok
15:02:11.0385 2172 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:02:11.0401 2172 Updater Service - ok
15:02:11.0494 2172 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:02:11.0557 2172 upnphost - ok
15:02:11.0603 2172 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:02:11.0666 2172 usbccgp - ok
15:02:11.0681 2172 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:02:11.0728 2172 usbcir - ok
15:02:11.0744 2172 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:02:11.0775 2172 usbehci - ok
15:02:11.0837 2172 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:02:11.0869 2172 usbhub - ok
15:02:11.0900 2172 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:02:11.0947 2172 usbohci - ok
15:02:11.0978 2172 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:02:12.0009 2172 usbprint - ok
15:02:12.0056 2172 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:02:12.0118 2172 USBSTOR - ok
15:02:12.0134 2172 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:02:12.0165 2172 usbuhci - ok
15:02:12.0227 2172 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:02:12.0259 2172 usbvideo - ok
15:02:12.0290 2172 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:02:12.0352 2172 UxSms - ok
15:02:12.0383 2172 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:02:12.0399 2172 VaultSvc - ok
15:02:12.0415 2172 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:02:12.0430 2172 vdrvroot - ok
15:02:12.0493 2172 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:02:12.0555 2172 vds - ok
15:02:12.0586 2172 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:02:12.0617 2172 vga - ok
15:02:12.0633 2172 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:02:12.0680 2172 VgaSave - ok
15:02:12.0711 2172 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:02:12.0727 2172 vhdmp - ok
15:02:12.0742 2172 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:02:12.0758 2172 viaide - ok
15:02:12.0789 2172 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:02:12.0789 2172 volmgr - ok
15:02:12.0851 2172 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:02:12.0867 2172 volmgrx - ok
15:02:12.0914 2172 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:02:12.0929 2172 volsnap - ok
15:02:12.0976 2172 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:02:12.0992 2172 vsmraid - ok
15:02:13.0070 2172 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:02:13.0148 2172 VSS - ok
15:02:13.0241 2172 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:02:13.0288 2172 vwifibus - ok
15:02:13.0304 2172 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:02:13.0335 2172 vwififlt - ok
15:02:13.0366 2172 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:02:13.0397 2172 vwifimp - ok
15:02:13.0444 2172 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:02:13.0491 2172 W32Time - ok
15:02:13.0522 2172 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:02:13.0585 2172 WacomPen - ok
15:02:13.0631 2172 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:02:13.0678 2172 WANARP - ok
15:02:13.0678 2172 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:02:13.0725 2172 Wanarpv6 - ok
15:02:13.0943 2172 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:02:13.0975 2172 WatAdminSvc - ok
15:02:14.0068 2172 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:02:14.0131 2172 wbengine - ok
15:02:14.0209 2172 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:02:14.0255 2172 WbioSrvc - ok
15:02:14.0380 2172 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
15:02:14.0396 2172 WcesComm - ok
15:02:14.0458 2172 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:02:14.0505 2172 wcncsvc - ok
15:02:14.0536 2172 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:02:14.0583 2172 WcsPlugInService - ok
15:02:14.0630 2172 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:02:14.0645 2172 Wd - ok
15:02:14.0677 2172 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:02:14.0708 2172 Wdf01000 - ok
15:02:14.0723 2172 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:02:14.0817 2172 WdiServiceHost - ok
15:02:14.0817 2172 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:02:14.0848 2172 WdiSystemHost - ok
15:02:14.0895 2172 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:02:14.0926 2172 WebClient - ok
15:02:14.0957 2172 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:02:15.0020 2172 Wecsvc - ok
15:02:15.0035 2172 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:02:15.0098 2172 wercplsupport - ok
15:02:15.0129 2172 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:02:15.0191 2172 WerSvc - ok
15:02:15.0254 2172 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:02:15.0285 2172 WfpLwf - ok
15:02:15.0301 2172 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:02:15.0316 2172 WIMMount - ok
15:02:15.0363 2172 WinDefend - ok
15:02:15.0363 2172 WinHttpAutoProxySvc - ok
15:02:15.0425 2172 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:02:15.0472 2172 Winmgmt - ok
15:02:15.0597 2172 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:02:15.0691 2172 WinRM - ok
15:02:15.0831 2172 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:02:15.0847 2172 WinUsb - ok
15:02:15.0925 2172 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:02:15.0940 2172 Wlansvc - ok
15:02:15.0987 2172 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:02:15.0987 2172 WmiAcpi - ok
15:02:16.0049 2172 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:02:16.0081 2172 wmiApSrv - ok
15:02:16.0143 2172 WMPNetworkSvc - ok
15:02:16.0174 2172 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:02:16.0190 2172 WPCSvc - ok
15:02:16.0237 2172 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:02:16.0252 2172 WPDBusEnum - ok
15:02:16.0283 2172 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:02:16.0330 2172 ws2ifsl - ok
15:02:16.0346 2172 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:02:16.0361 2172 wscsvc - ok
15:02:16.0361 2172 WSearch - ok
15:02:16.0502 2172 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:02:16.0564 2172 wuauserv - ok
15:02:16.0673 2172 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:02:16.0736 2172 WudfPf - ok
15:02:16.0798 2172 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:02:16.0829 2172 WUDFRd - ok
15:02:16.0876 2172 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:02:16.0907 2172 wudfsvc - ok
15:02:16.0939 2172 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:02:17.0017 2172 WwanSvc - ok
15:02:17.0063 2172 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:02:17.0485 2172 \Device\Harddisk0\DR0 - ok
15:02:17.0485 2172 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR1
15:02:27.0219 2172 \Device\Harddisk1\DR1 - ok
15:02:27.0219 2172 Boot (0x1200) (d11a3c0d755b08870c6636a38d27480c) \Device\Harddisk0\DR0\Partition0
15:02:27.0219 2172 \Device\Harddisk0\DR0\Partition0 - ok
15:02:27.0235 2172 Boot (0x1200) (d5595b2c1d606b6bfbec330ae1844bef) \Device\Harddisk0\DR0\Partition1
15:02:27.0235 2172 \Device\Harddisk0\DR0\Partition1 - ok
15:02:27.0250 2172 Boot (0x1200) (3788bffe46a880db33de5065e49ec0f3) \Device\Harddisk1\DR1\Partition0
15:02:27.0250 2172 \Device\Harddisk1\DR1\Partition0 - ok
15:02:27.0250 2172 ============================================================
15:02:27.0250 2172 Scan finished
15:02:27.0250 2172 ============================================================
15:02:27.0266 3784 Detected object count: 2
15:02:27.0266 3784 Actual detected object count: 2
15:02:45.0924 3784 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:45.0924 3784 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:02:45.0924 3784 sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:45.0924 3784 sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
Thomas |
|
19.06.2012, 21:35
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2012, 15:27
| #9 |
| | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne, anbei das Log von Combofix - habe leider zu voreilig das Programm von einem USB Stick gestartet - hoffe, dass es keine Beeinträchtigung mit sich gezogen hat :/ Code:
ATTFilter ComboFix 12-06-20.01 - Christian 20.06.2012 16:09:55.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3767.2374 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120620160421.109999
c:\programdata\boost_interprocess\20120620160421.109999\Nobu64AgentService
c:\programdata\boost_interprocess\20120620160421.109999\Nobu64TrayIcon
c:\programdata\FullRemove.exe
c:\users\Christian\1043.MST
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-20 bis 2012-06-20 ))))))))))))))))))))))))))))))
.
.
2012-06-18 14:02 . 2012-06-18 14:02 -------- d-----w- C:\_OTL
2012-06-16 11:51 . 2012-06-16 11:51 -------- d-----w- c:\program files (x86)\Snapshot
2012-06-16 09:12 . 2012-06-16 09:12 -------- d-----w- c:\users\Christian\AppData\Roaming\www.shadowexplorer.com
2012-06-16 09:12 . 2012-06-16 09:12 -------- d-----w- c:\program files (x86)\ShadowExplorer
2012-06-15 14:27 . 2012-06-15 14:27 -------- d-----w- c:\program files (x86)\ESET
2012-06-14 16:40 . 2012-06-14 16:40 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes
2012-06-14 16:39 . 2012-06-14 16:39 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 16:39 . 2012-06-14 16:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-14 16:39 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 16:39 . 2012-06-18 14:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-14 16:39 . 2012-06-14 16:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-12 14:54 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED6FBDC8-40CE-4BF0-B23C-E7579D679CB1}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 14:15 . 2012-01-17 21:44 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 14:15 . 2012-01-17 21:44 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-23 16:01 . 2011-12-25 21:10 24064 ----a-w- c:\windows\SysWow64\FsExService64.Exe
2012-04-23 16:01 . 2011-12-25 21:10 16392 ----a-w- c:\windows\SysWow64\drivers\TFsExDisk.Sys
2012-04-23 16:00 . 2007-10-25 16:26 5632 ----a-w- c:\windows\SysWow64\drivers\StarOpen.sys
2012-04-22 19:59 . 2012-04-22 19:59 3686400 ----a-w- c:\users\Christian\Samsung New PC Studio USB Driver Installer.msi
2012-03-31 06:05 . 2012-05-09 22:37 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 22:37 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 22:37 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-09 22:37 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-09 22:37 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-28 20:11 . 2012-04-23 21:48 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-03-28 20:11 . 2012-03-28 20:11 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-03-28 20:11 . 2012-03-28 20:11 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-03-28 20:11 . 2012-03-28 20:11 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-03-28 20:11 . 2012-03-28 20:11 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-03-28 20:11 . 2012-03-28 20:11 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-03-28 20:11 . 2012-03-28 20:11 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-03-28 20:11 . 2012-03-28 20:11 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-03-28 20:11 . 2012-03-28 20:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-03-28 20:11 . 2012-03-28 20:11 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-03-28 20:11 . 2012-03-28 20:11 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-03-28 20:11 . 2012-03-28 20:11 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-03-28 20:11 . 2012-03-28 20:11 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-03-28 20:11 . 2012-03-28 20:11 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-03-28 20:11 . 2012-03-28 20:11 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-03-28 20:11 . 2012-03-28 20:11 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-03-28 20:11 . 2012-03-28 20:11 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-03-28 20:11 . 2012-04-23 21:47 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe [2012-5-17 200704]
ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [2012-4-17 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 136176]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-02-08 343032]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-10-27 1620584]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe [2011-01-02 9216]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job
- c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 23:23]
.
2012-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job
- c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 23:23]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 23:31]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 23:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant =
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-NPSStartup - (no file)
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-20 16:23:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-20 14:23
.
Vor Suchlauf: 10 Verzeichnis(se), 352.231.174.144 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 351.733.059.584 Bytes frei
.
- - End Of File - - D9867B3C5AB41E8EDDD675D48FB58EFD
Thomas |
|
20.06.2012, 15:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2012, 19:09
| #11 |
| | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne, GMER funktionierte irgendwie nicht Anbei OSAM + aswMBR logs OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:34:34 on 20.06.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Google Inc. Google Chrome 19.0.1084.56 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job" - "Facebook Inc." - C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job" - "Facebook Inc." - C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "bdfsfltr" (bdfsfltr) - "BitDefender" - C:\Windows\System32\DRIVERS\bdfsfltr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NTIDrvr" (NTIDrvr) - "NTI Corporation" - C:\Windows\system32\drivers\NTIDrvr.sys "Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys "Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys "Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys "Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys "TFsExDisk" (TFsExDisk) - ? - C:\Windows\System32\Drivers\TFsExDisk.sys (File not found) "UBHelper" (UBHelper) - "NTI Corporation" - C:\Windows\system32\drivers\UBHelper.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout64" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? - (File not found | COM-object registry key not found) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Facebook Messenger.lnk" - "Facebook" - C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Shortcut exists | File exists) "ZooskMessenger.lnk" - ? - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Nitro PDF Port Monitor" - "Nitro PDF Software" - C:\Windows\system32\nitrolocalmon2.dll "pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll "Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Application Updater" (Application Updater) - ? - "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" (File not found) "Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe "Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe "BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe "Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE "Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe "NitroPDFReaderDriverCreatorReadSpool2" (NitroReaderDriverReadSpool2) - "Nitro PDF Software" - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe "Norton Online Backup" (NOBU) - "Symantec Corporation" - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe "ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files (x86)\ShadowExplorer\sesvc.exe "Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-20 19:36:35
-----------------------------
19:36:35.764 OS Version: Windows x64 6.1.7601 Service Pack 1
19:36:35.764 Number of processors: 4 586 0x2505
19:36:35.780 ComputerName: CHRISTIAN-PC UserName: Christian
19:36:37.683 Initialize success
19:36:58.156 AVAST engine defs: 12062001
19:37:15.613 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:37:15.628 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
19:37:15.644 Disk 0 MBR read successfully
19:37:15.660 Disk 0 MBR scan
19:37:15.660 Disk 0 Windows 7 default MBR code
19:37:15.675 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
19:37:15.691 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
19:37:15.691 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463526 MB offset 27469824
19:37:15.722 Disk 0 scanning C:\Windows\system32\drivers
19:37:26.704 Service scanning
19:37:55.783 Modules scanning
19:37:55.798 Disk 0 trace - called modules:
19:37:55.830 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:37:55.830 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80070e6060]
19:37:55.845 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800510d050]
19:37:57.764 AVAST engine scan C:\Windows
19:38:02.210 AVAST engine scan C:\Windows\system32
19:40:50.800 AVAST engine scan C:\Windows\system32\drivers
19:41:03.904 AVAST engine scan C:\Users\Christian
20:02:29.673 AVAST engine scan C:\ProgramData
20:05:01.992 Scan finished successfully
20:06:47.199 Disk 0 MBR has been saved successfully to "F:\Neuer Ordner\MBR.dat"
20:06:47.230 The log file has been saved successfully to "F:\Neuer Ordner\aswMBR.txt"
|
|
21.06.2012, 10:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 18:31
| #13 |
| | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne, anbei die Logs von Malwarebytes und SASW - SASW hat 931 Teile gefunden - aber größtenteils nur tracking Cookies - die kann ich mit dem Tool doch direkt löschen oder? (Habe noch nix unternommen und das Tool noch offen gelassen) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.21.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Christian :: CHRISTIAN-PC [Administrator] Schutz: Deaktiviert 21.06.2012 16:09:37 mbam-log-2012-06-21 (16-09-37).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 403525 Laufzeit: 45 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/21/2012 at 07:22 PM
Application Version : 5.1.1002
Core Rules Database Version : 8772
Trace Rules Database Version: 6584
Scan type : Complete Scan
Total Scan Time : 02:12:11
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 693
Memory threats detected : 0
Registry items scanned : 69689
Registry threats detected : 0
File items scanned : 178405
File threats detected : 931
Adware.Tracking Cookie
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@cts.metricsdirect[2].txt [ /cts.metricsdirect ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@cts.zroitracker[2].txt [ /cts.zroitracker ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@msnportal.112.2o7[2].txt [ /msnportal.112.2o7 ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@www.windowsmedia[2].txt [ /www.windowsmedia ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\PI02B2VN.txt [ /fastclick.net ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\0ULAVK72.txt [ /track.adform.net ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\KOGMOH16.txt [ /smartadserver.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\IZ4KIDMD.txt [ /ad.zanox.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\9416XNUM.txt [ /microsoftwllivemkt.112.2o7.net ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\UI2O16CP.txt [ /zanox.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\FYHGO4CA.txt [ /mediaplex.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\GSMBR3VZ.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\9UA8BKLE.txt [ /tracking.quisma.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\XNYPNJ9U.txt [ /apmebf.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\KZH75YX2.txt [ /www.zanox-affiliate.de ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\9YCB9K68.txt [ /www.adxpansion.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\YCJ8ZGWI.txt [ /adxpansion.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\82EP05NU.txt [ /adfarm1.adition.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\Y8N0ZQ8S.txt [ /doubleclick.net ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\ETN01ZG6.txt [ /atdmt.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\EQCP9RTR.txt [ /bs.serving-sys.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\6OMGF33P.txt [ /serving-sys.com ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\2PS4PTYR.txt [ /adform.net ]
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\YPWRW072.txt [ /zanox-affiliate.de ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VZ9FEVNK.txt [ Cookie:christian@hightraffic.hugoboss.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BD3IUD22.txt [ Cookie:christian@fastclick.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7U9LU7JF.txt [ Cookie:christian@track.adform.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJKO0U7O.txt [ Cookie:christian@tradedoubler.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TN697KMX.txt [ Cookie:christian@specificclick.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BV85XJ3.txt [ Cookie:christian@pornfish.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OI9CNXIT.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1018081631/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZZ15HZKB.txt [ Cookie:christian@eas4.emediate.eu/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2A4O7K2G.txt [ Cookie:christian@questionmarket.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W28QZVCG.txt [ Cookie:christian@ad.zanox.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0YF6I6M.txt [ Cookie:christian@clkads.com/adServe/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@de.sitestat[1].txt [ Cookie:christian@de.sitestat.com/is24/is24/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YZ9S91QH.txt [ Cookie:christian@msnportal.112.2o7.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@adultmatchfirm[2].txt [ Cookie:christian@adultmatchfirm.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QAPES0RD.txt [ Cookie:christian@zanox.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T3FQGBJK.txt [ Cookie:christian@fl01.ct2.comclick.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@www.trendstats[2].txt [ Cookie:christian@www.trendstats.nl/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LC5APZK8.txt [ Cookie:christian@ads.247activemedia.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4NUI6JJ7.txt [ Cookie:christian@yadro.ru/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\P6KR89AP.txt [ Cookie:christian@ad1.adfarm1.adition.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NWIQLVPN.txt [ Cookie:christian@exoclick.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QOGLXWWQ.txt [ Cookie:christian@traffictrack.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IROD8M99.txt [ Cookie:christian@leylines.solution.weborama.fr/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@partypoker[2].txt [ Cookie:christian@partypoker.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ZQ65VQP.txt [ Cookie:christian@tracking.quisma.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AKO0QZCR.txt [ Cookie:christian@de.pornhub.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3FDQ0CDG.txt [ Cookie:christian@hitbox.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IY99ZHNN.txt [ Cookie:christian@clkads.com/adServe/banners ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B00G8MSD.txt [ Cookie:christian@clkads.com/adServe/static/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@dealtime[1].txt [ Cookie:christian@dealtime.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NN623ANL.txt [ Cookie:christian@my.brandwire.tv/Brandwire/deliverAd/flashBannerXml/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9H4BVXST.txt [ Cookie:christian@ads.ventivmedia.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LU2TJPSY.txt [ Cookie:christian@adtech.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\78DIY6SF.txt [ Cookie:christian@adsrv1.admediate.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PPAVJ9D.txt [ Cookie:christian@media6degrees.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KCCYSA0I.txt [ Cookie:christian@vodafonegroup.122.2o7.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\88OKWHCR.txt [ Cookie:christian@imrworldwide.com/cgi-bin ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N5LMNO04.txt [ Cookie:christian@www.etracker.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWY0CVCW.txt [ Cookie:christian@www.pornhubgold.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\94W3PC9H.txt [ Cookie:christian@ad3.adfarm1.adition.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8N1HGBUJ.txt [ Cookie:christian@h.atdmt.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DLXW0UTY.txt [ Cookie:christian@adfarm1.adition.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9LE0X7DG.txt [ Cookie:christian@ero-advertising.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SU9KE5L6.txt [ Cookie:christian@adultfriendfinder.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MBBOK7T.txt [ Cookie:christian@doubleclick.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@ads.zeusclicks[1].txt [ Cookie:christian@ads.zeusclicks.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@stat.dealtime[1].txt [ Cookie:christian@stat.dealtime.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ETRLO18Q.txt [ Cookie:christian@unitymedia.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DBZPJKIZ.txt [ Cookie:christian@stats.bmw.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F0UO6QB0.txt [ Cookie:christian@pornhubgold.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXJ8FYQY.txt [ Cookie:christian@eyewonder.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BWFSR65R.txt [ Cookie:christian@statse.webtrendslive.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WD8QINBE.txt [ Cookie:christian@2o7.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@da-tracking[2].txt [ Cookie:christian@da-tracking.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5IPZXTNS.txt [ Cookie:christian@adform.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9RYCAH9G.txt [ Cookie:christian@youporn.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T1NR6OG6.txt [ Cookie:christian@accounts.google.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QKD95X92.txt [ Cookie:christian@counter.sexsuche.tv/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U56BTNFB.txt [ Cookie:christian@de.sitestat.com/hamburg/hamburg/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XW946E8P.txt [ Cookie:christian@atdmt.combing.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z53H2XDR.txt [ Cookie:christian@track.effiliation.com/servlet/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\668HSEIW.txt [ Cookie:christian@adxpose.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UVT3P9W9.txt [ Cookie:christian@zedo.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PT94EJJ6.txt [ Cookie:christian@pornbanana.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJ0R0E1A.txt [ Cookie:christian@revsci.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VG8P1BT2.txt [ Cookie:christian@trafficholder.com/cgi-bin/traffic/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2PYANH2Y.txt [ Cookie:christian@de.sitestat.com/laola1/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SY8W1XPM.txt [ Cookie:christian@ihg.db.advertising.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YLW5IQ2B.txt [ Cookie:christian@sunporno.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\00YSCQ7M.txt [ Cookie:christian@sex-area.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BHHEESB.txt [ Cookie:christian@markussexblog.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0QDDVNVV.txt [ Cookie:christian@advertising.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VPFKXV2F.txt [ Cookie:christian@www.sunporno.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NIO14EC5.txt [ Cookie:christian@ehg-gaddispartners.hitbox.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q8OXR0IP.txt [ Cookie:christian@invitemedia.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\06TF4ZMF.txt [ Cookie:christian@eas.apm.emediate.eu/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8Y8KKNH1.txt [ Cookie:christian@www.freeporn.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OWAZHAB5.txt [ Cookie:christian@openx.sexsearchcom.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4DGN64E6.txt [ Cookie:christian@www.1malemedia.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SEKVE1A1.txt [ Cookie:christian@www.office-discount.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WINM6IEN.txt [ Cookie:christian@sexkiste.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8047SJNV.txt [ Cookie:christian@ads.crakmedia.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KMSBIGIP.txt [ Cookie:christian@insightexpressai.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1UF6X56L.txt [ Cookie:christian@xxx-freeporn.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8Z3ENHMM.txt [ Cookie:christian@overture.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ED1EOMRL.txt [ Cookie:christian@orgasms.xxx/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1BZ56LC.txt [ Cookie:christian@de.sitestat.com/sueddeutscher/stuttgarter-nachrichten/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J6VB85YQ.txt [ Cookie:christian@www.office-discount.de/webapp/wcs/stores/servlet/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\P17NHX0O.txt [ Cookie:christian@vagosex.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3DGOUXKZ.txt [ Cookie:christian@www.adxpansion.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y9492324.txt [ Cookie:christian@adserver.anschlusstor.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\52YRGBIH.txt [ Cookie:christian@www.sexarena.tv/ultimate/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\A3Y2WN4N.txt [ Cookie:christian@www.vagosex.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@adserver2.exgfnetwork[1].txt [ Cookie:christian@adserver2.exgfnetwork.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BJVRQA83.txt [ Cookie:christian@clicksor.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GK62BC5.txt [ Cookie:christian@ad4.adfarm1.adition.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZOBO4IJS.txt [ Cookie:christian@ads2.zeusclicks.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WY5NBZK8.txt [ Cookie:christian@amateur-porno-tgp.com/st/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z8R0YR5U.txt [ Cookie:christian@pornhublive.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PAWAW6JZ.txt [ Cookie:christian@amateur-porno-tgp.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KI5N7GCV.txt [ Cookie:christian@adxpansion.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJ8MVW54.txt [ Cookie:christian@pornrabbit.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VT1GFFIQ.txt [ Cookie:christian@ad.adserver01.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OQ161INY.txt [ Cookie:christian@de.sitestat.com/titus/de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6IGHOS67.txt [ Cookie:christian@de.sitestat.com/hamburg/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VXK5BAHH.txt [ Cookie:christian@gonzoxxxmovies.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@track.effiliation[1].txt [ Cookie:christian@track.effiliation.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4J5O89G0.txt [ Cookie:christian@atdmt.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IN08RXT7.txt [ Cookie:christian@bs.serving-sys.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWGD8SG2.txt [ Cookie:christian@tracker.pegsanalytics.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3C7H03P.txt [ Cookie:christian@de.sitestat.com/laola1/hsv-de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CITQAX1M.txt [ Cookie:christian@deutschepostag.112.2o7.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FXWZ33EC.txt [ Cookie:christian@adserver02.profiwerber.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BARZ4AAI.txt [ Cookie:christian@zanox-affiliate.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2D67TT40.txt [ Cookie:christian@content.yieldmanager.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E6CKJWLG.txt [ Cookie:christian@freeporn.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LDXQKKH8.txt [ Cookie:christian@mediacorp.112.2o7.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZI9012M7.txt [ Cookie:christian@guj.122.2o7.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6018D06F.txt [ Cookie:christian@google.de/intl/de/ads/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S0O3FQDJ.txt [ Cookie:christian@in.getclicky.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UOQWX1Q3.txt [ Cookie:christian@server.adform.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\REF3B0VF.txt [ Cookie:christian@userporn.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZHKY1R4.txt [ Cookie:christian@amazon-adsystem.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2BWCWQS.txt [ Cookie:christian@toplist.eu/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7XBV65VW.txt [ Cookie:christian@rts.pgmediaserve.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IMETRC1H.txt [ Cookie:christian@ad1.dyntracker.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NH2NIO2E.txt [ Cookie:christian@tribalfusion.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4G5WFL16.txt [ Cookie:christian@a.revenuemax.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OMMLQ2L7.txt [ Cookie:christian@xm.xtendmedia.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5GVJVAZI.txt [ Cookie:christian@girlsteachsex.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1R0R5N1R.txt [ Cookie:christian@clickbank.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\83GI44ET.txt [ Cookie:christian@yieldmanager.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9QC4EE90.txt [ Cookie:christian@ru4.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MD5ETWZA.txt [ Cookie:christian@vesseltracker.abendblatt.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ULC6SERD.txt [ Cookie:christian@www.adultrevads.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9R1JIVI1.txt [ Cookie:christian@www.pornbanana.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJA12WNY.txt [ Cookie:christian@tracking.hrs.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CCLNDFYQ.txt [ Cookie:christian@media.gan-online.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\83KVOIST.txt [ Cookie:christian@kontera.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EO0SNASQ.txt [ Cookie:christian@dyntracker.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FY5ECRUD.txt [ Cookie:christian@tracking.oe24.at// ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\22A891NH.txt [ Cookie:christian@counters.gigya.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4RLL7INK.txt [ Cookie:christian@de.sitestat.com/laola1/laola1-tv/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2TD3Z41M.txt [ Cookie:christian@tracking.mlsat02.de/tmobile/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNXST0Q1.txt [ Cookie:christian@myroitracking.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XHA4EYZL.txt [ Cookie:christian@adx.chip.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0TVN5ZV4.txt [ Cookie:christian@banner.holidaycheck.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3JS6S90O.txt [ Cookie:christian@ads.quartermedia.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JE8RZSLR.txt [ Cookie:christian@advertising.fussball-liveticker.eu/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UL5XWGYR.txt [ Cookie:christian@ads2.bartime.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZUH669AG.txt [ Cookie:christian@free.socialsexnetwork.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W1UCT9G9.txt [ Cookie:christian@de.sitestat.com/is24-community/is24-community/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JH24U7FA.txt [ Cookie:christian@cbs.112.2o7.net/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6XV21O51.txt [ Cookie:christian@legolas-media.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0DHR19W.txt [ Cookie:christian@pornhub.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VMATP4TL.txt [ Cookie:christian@ad2.adfarm1.adition.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\33FQDQRW.txt [ Cookie:christian@c.atdmt.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C91BRQ9A.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1069159172/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F26XJWU1.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1058396328/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZPCF9IY9.txt [ Cookie:christian@vesseltracker.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S8X25DA8.txt [ Cookie:christian@ad.yieldmanager.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DD2TPYAO.txt [ Cookie:christian@www.clickygo.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KR63KLKW.txt [ Cookie:christian@euros4click.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NCH6B8MJ.txt [ Cookie:christian@fr.sitestat.com/eurosport/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E4E0O6E3.txt [ Cookie:christian@www.rungisexpress.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\766CNK2S.txt [ Cookie:christian@www.burstnet.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\R9CWOJMP.txt [ Cookie:christian@delivery.atkmedia.de/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5BOI0HV.txt [ Cookie:christian@toplist.cz/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8GWIEG2M.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1047508216/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CUHJX3U8.txt [ Cookie:christian@mediaservices-d.openxenterprise.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IY5IDGZ4.txt [ Cookie:christian@trackfox2.com/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U3FH7374.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1041485753/ ]
C:\USERS\CHRISTIAN\Cookies\PI02B2VN.txt [ Cookie:christian@fastclick.net/ ]
C:\USERS\CHRISTIAN\Cookies\0ULAVK72.txt [ Cookie:christian@track.adform.net/ ]
C:\USERS\CHRISTIAN\Cookies\IZ4KIDMD.txt [ Cookie:christian@ad.zanox.com/ ]
C:\USERS\CHRISTIAN\Cookies\christian@msnportal.112.2o7[2].txt [ Cookie:christian@msnportal.112.2o7.net/ ]
C:\USERS\CHRISTIAN\Cookies\UI2O16CP.txt [ Cookie:christian@zanox.com/ ]
C:\USERS\CHRISTIAN\Cookies\GSMBR3VZ.txt [ Cookie:christian@ad1.adfarm1.adition.com/ ]
C:\USERS\CHRISTIAN\Cookies\9UA8BKLE.txt [ Cookie:christian@tracking.quisma.com/ ]
C:\USERS\CHRISTIAN\Cookies\9YCB9K68.txt [ Cookie:christian@www.adxpansion.com/ ]
C:\USERS\CHRISTIAN\Cookies\christian@cts.metricsdirect[2].txt [ Cookie:christian@cts.metricsdirect.com/ ]
C:\USERS\CHRISTIAN\Cookies\YCJ8ZGWI.txt [ Cookie:christian@adxpansion.com/ ]
C:\USERS\CHRISTIAN\Cookies\82EP05NU.txt [ Cookie:christian@adfarm1.adition.com/ ]
C:\USERS\CHRISTIAN\Cookies\Y8N0ZQ8S.txt [ Cookie:christian@doubleclick.net/ ]
C:\USERS\CHRISTIAN\Cookies\ETN01ZG6.txt [ Cookie:christian@atdmt.com/ ]
C:\USERS\CHRISTIAN\Cookies\EQCP9RTR.txt [ Cookie:christian@bs.serving-sys.com/ ]
C:\USERS\CHRISTIAN\Cookies\2PS4PTYR.txt [ Cookie:christian@adform.net/ ]
C:\USERS\CHRISTIAN\Cookies\YPWRW072.txt [ Cookie:christian@zanox-affiliate.de/ ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftwllivemkt.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a.revenuemax.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertstream.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnportal.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.guj.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad-emea.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad-emea.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads2.bartime.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas4.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.enoratraffic.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gostats.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
7.rotator.wigetmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bwincom.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornme.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornme.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.pornme.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tto2.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.3gnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.klicktel.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads2.bartime.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.foodporndaily.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.foodporndaily.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.ventivmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.crakmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.alphaporno-de.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.alphaporno-de.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adnetwork.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.easydate.biz [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.ed.cupidplc.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
secure.img-cdn.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww1.alphaporno-de.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.parispornmovies.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.parispornmovies.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.alphateenies.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.alphateenies.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.alphaporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.alphaporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trackingindahouse.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.77tracking.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.syndication.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.syndication.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sexad.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.3gnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver1.mokono.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xm.xtendmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad-emea.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wdk4wgc5wco.stats.esomniture.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stepstone.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas4.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.warnerbros.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.emediate.dk [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.emediate.dk [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.gan-online.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpansion.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
hellporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hellporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hellporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.activetraffic.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.activetraffic.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.ardmediathek.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
studivz.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
studivz.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adviva.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.mindshare.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.skydeutschland.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediathek.daserste.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediathek.daserste.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.sim-technik.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quartermedia.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.netdebit-counter.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myroitracking.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gostats.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
7.rotator.wigetmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.dyntracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad4.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediathek.daserste.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
banners.victor.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.victor.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
partners.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@LIVEPERSON[3].TXT [ /LIVEPERSON ]
C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@XITI[1].TXT [ /XITI ]
C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@WEBORAMA[2].TXT [ /WEBORAMA ]
C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@WWW.ADULT-MATCHFIRM[1].TXT [ /WWW.ADULT-MATCHFIRM ]
C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@ADS.GLISPA[2].TXT [ /ADS.GLISPA ]
C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@WWW.PIXELTRACK66[2].TXT [ /WWW.PIXELTRACK66 ]
C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@LIVEPERSON[1].TXT [ /LIVEPERSON ]
C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@SERVER.IAD.LIVEPERSON[2].TXT [ /SERVER.IAD.LIVEPERSON ]
C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@TRACKING.3GNET[1].TXT [ /TRACKING.3GNET ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.vagosex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ads.crakmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.sevenoneintermedia.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
track.advolution.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.free-porn.at.pn [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
adserver.itsfogo.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.gfuck.org [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.parispornmovies.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.sunporno.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adxpansion.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.freetube8porn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.gostats.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.porno-hub.at [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.porno-hub.at [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornocino.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.longporntube.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.mofosex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.lusthaus2.bannerdealer.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornerbros.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.de.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.de.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.profilbanner.me [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.usenext.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.usenext.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.snapfish.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
adsrv.admediate.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
adsrv.admediate.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
mediapartner.bigpoint.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.blog.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.sexkiste.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.sexkiste.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.free-sexfilms.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.free-sexfilms.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.diesexkiste.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
count.multirella.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.fuckshow.org [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.elitepornos.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornme.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.microsoftwllivemkt.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.pornlongvideos.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.porntube.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.gfuck.org [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.freeadulttube.org [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
tracking.gameforge.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
pornhubhd.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornhubhd.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.crazyhomesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adultadworld.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.trackmatics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.thomascookag.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.independent.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornrabbit.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.facebookofsex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.pornme.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornhubgold.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornhitz.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
counters.gigya.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
stats.o2crew.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
stats.o2crew.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.elitepartner.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.elitepartner.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.elitemedianet.d3.sc.omtrdc.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornrabbit.videosz.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.cuntstube.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.naiadsystems.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.porn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.porn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pumpmyteenass.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.freesexdump.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.dafuckbook.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.dafuckbook.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.freesexdoor.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.freesexdoor.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.freesexdoor.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.freeporn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.sexgoesmobile.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.vodafonegroup.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.stepstone.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
tracker.pegsanalytics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
tracker.pegsanalytics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.hausfrauensex69.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.sexseiten.cc [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.ipad-sex.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.sexseiten.cc [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornhome.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.sexkontakt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.sexgeizkragen.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.sexgeizkragen.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.sexkontakte.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.sexcounter.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.hansesex.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.viewablemedia.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.track.gridlockparadise.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
www.adultrevads.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.sexybundestag.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
static.sunporno.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.www.tracktec.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
labelfinder.gq-magazin.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.labelfinder.gq-magazin.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.labelfinder.gq-magazin.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
adserver2.exgfnetwork.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.de.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.de.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.de.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.heussmedia.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ads.ventivmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
adserv.chirurgie-portal.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.mediaran.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
tags.trackinganalytics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
tags.trackinganalytics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.microsoftwlsearchcrm.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
count.asnetworks.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.syndication.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.syndication.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.sunporno.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.enoratraffic.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.pornrabbit.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.track.gridlockparadise.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
labelfinder.vogue.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.thelabelfinder.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.www.thelabelfinder.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.www.thelabelfinder.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad.piximedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ads2.bartime.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.bauermedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.bauermedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
leads.383media.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
leads.383media.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.calumetphoto.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
|
|
21.06.2012, 19:35
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2012, 12:57
| #15 |
| | Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo Arne, danke für den Tipp und natürlich ein großes Dankeschön für deine super Hilfe!!! Das System läuft jetzt wieder super, wie es soll - lediglich die Dateien sind durch die Verschlüsselung unbrauchbar (die die ich jetzt getestet habe) Ich nehme an, dass der folgende Link aktuell ist und es darüber hinaus keine Möglichkeiten gibt die Dateien wieder her zu stellen? http://www.trojaner-board.de/114783-...ubersicht.html Ansonsten muss ich mich, bzw. in dem FAlle mein Bekannter, gedulden, bis es dafür eine Lösung gibt (wer kein Backup macht ist wohl selber schuld  )Des Weiteren habe ich meinem Bekannten mal gebeten mir die Zip wie gewünscht in eml Format zur Verfügung zu stellen, damit ich Euch die Daten übersenden kann! Viele Grüße Thomas |
|
| Themen zu Verschlüsselungs Trojaner - Rechnung von Pearlfection.de |
| administrator, adware.clickpotato, adware.hotbar, adware.hotbar.cp, adware.questbrowse, adware.seekmo, adware.shopperreports, anlage, autostart, babylon toolbar, babylontoolbar, bingbar, candy, canon, dateien, dateisystem, e-mail, explorer, heuristiks/extra, heuristiks/shuriken, install.exe, launch, limited.com/facebook, locker, löschen, malware.trace, microsoft office starter 2010, mozilla, mywinlocker, nvpciflt.sys, opencandy, pdfforge toolbar, plug-in, programm, richtlinie, safer networking, searchscopes, security scan, shopperreports, smartbar, spotify web helper, temp, trojan.agent, update, usb 2.0, user agent, version=1.0, virus, wichtige daten, win32/toolbar.babylon |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
