| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.07.2012, 13:03
| #1 |
| |  Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" Hallo liebes Forum, ich bin Thomas aus Hamburg und neu hier. Auf der Suche nach einer Lösung für mein Problem bin ich hier gelandet und würde mich freuen, wenn ich hier Hilfe bekomme. Ich bin kein völliger Laie und traue mir die meisten Sachen mit Anleitung auch zu, allerdings bin ich manchmal etwas schusselig oder vergesse, alles zu lesen. Jetzt zu meinem Problem: Ich hatte mir auf meinem Laptop den GVU-Trojaner eingefangen. Beseitigen konnte ich ihn mit Kaspersky Malwarebytes Anti Malware. Geblieben ist danach die Meldung "Problem beim Starten von C:\Users\***\AppData\Local\Temp\roper0dun.exe Das angegebene Modul wurde nicht gefunden". Um diese zu beseitigen, habe ich weiter gegoogelt und bin hier im Trojaner-Board auf eine Anleitung gestoßen für jemanden, der das gleiche Problem hatte (OTL). Achtung: Da ich wieder einmal nicht alles bis zum Ende gelesen hatte, ist mir der Hinweis, dass es sich bei den benutzerdefinierten Scans um spezielle Scans nur für den Rechner des Betroffenen handelte, erst zu spät aufgefallen. Ich habe OTL dann abgebrochen und seitdem bin ich im Internet nur noch eingeschränkt unterwegs. Die meisten Links, wie z.B. bei ebay ein weiteres Bild eines Artikels öffnen, funktionieren nicht. Jetzt habe ich alle Schritte aus dem Thread "Für alle Hilfesuchenden" durchgeführt und hänge die entsprechenden Files an diesen Thread. Ich hoffe, dass mir hier geholfen werden kann. Dafür schon einmal vielen Dank im Voraus. Gruß Thomas Anhang 37980 |
|
16.07.2012, 13:20
| #2 |
  | Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" Hi,
__________________Fix für OTL:
 Code:
ATTFilter
:OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKCU..\Run: [Doabysk] "C:\Users\Thomas Hitscher\AppData\Roaming\Inedan\oxbay.exe" File not found
[2012/07/03 12:01:42 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\Pemaa
[2012/07/03 12:01:42 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\Inedan
[2012/07/03 12:01:42 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\Cait
:Commands
[emptytemp]
[Reboot]
Scan mit SystemLook Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop. 32Bit 64Bit
Code:
ATTFilter
:regfind
roper0dun.exe
roperOdun.exe
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert. AdwareCleaner (AdwCleaner) Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Poste die Logfiles in Code-Tags Download über AdwCleaner by Xplode zum Desktop.  Starte AdwCleaner und klicke Search Nach einiger zeit öffnet ein Logfile (C:\AdwCleaner[xx].txt) poste dessen Inhalt hier ins Forum. TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten... chris chris
__________________ |
|
16.07.2012, 15:29
| #3 |
| | Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" Hallo,
__________________man, das ging ja schnell! Super, vielen Dank erst einmal für die Antwort und die Hilfe. Habe alles so gemacht, wie in Deiner Anleitung beschrieben. Hier ist der OTL-Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/16/2012 12:19:29 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Thomas Hitscher\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.87 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 64.05% Memory free 5.73 Gb Paging File | 4.25 Gb Available in Paging File | 74.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424.66 Gb Total Space | 325.11 Gb Free Space | 76.56% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.44 Gb Free Space | 53.60% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Thomas Hitscher | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/16 12:16:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas Hitscher\Desktop\OTL.exe PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/06/06 11:41:48 | 001,823,160 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012/05/13 18:22:24 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Thomas Hitscher\AppData\Local\Apps\2.0\KNDLZK0X.BYT\N68NNXGB.RQC\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe PRC - [2012/05/08 20:54:37 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/08 20:54:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/08 20:54:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/08 20:54:37 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/05/03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012/05/03 14:07:06 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012/04/30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe PRC - [2012/04/30 21:04:28 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe PRC - [2012/04/04 07:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Systemprogramme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/03/19 13:38:46 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe PRC - [2012/03/19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012/03/19 13:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/08/05 13:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/03/10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/08/03 16:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Programme\Videobearbeitung\HomeCinema\Power2Go\CLMLSvc.exe PRC - [2010/06/17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2010/04/23 16:53:10 | 001,423,904 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/01/13 19:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- c:\Programme\Systemprogramme\RealVNC\VNC4\winvnc4.exe PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/06/14 07:14:58 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll MOD - [2012/06/14 07:14:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012/06/14 07:14:28 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012/06/14 07:14:27 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\37aa8a6e1a69671c23eb916417629682\System.Deployment.ni.dll MOD - [2012/06/14 07:14:02 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll MOD - [2012/05/13 18:22:14 | 000,368,640 | ---- | M] () -- C:\Users\Thomas Hitscher\AppData\Local\Apps\2.0\KNDLZK0X.BYT\N68NNXGB.RQC\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL MOD - [2012/05/10 19:49:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll MOD - [2012/05/10 19:48:24 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012/05/10 19:48:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012/05/10 19:48:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012/05/10 19:48:12 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012/05/10 19:47:41 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/01/08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\Systemprogramme\FileZilla FTP Client\fzshellext.dll MOD - [2010/08/03 16:39:38 | 000,619,816 | ---- | M] () -- C:\Programme\Videobearbeitung\HomeCinema\Power2Go\CLMediaLibrary.dll MOD - [2010/08/03 16:39:32 | 000,013,096 | ---- | M] () -- C:\Programme\Videobearbeitung\HomeCinema\Power2Go\CLMLSvcPS.dll MOD - [2010/05/18 08:49:42 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/05/18 08:49:26 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV - [2012/07/12 11:02:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Kommunikation\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/08 20:54:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/05/08 20:54:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012/04/30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2012/03/19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/08/05 13:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011/08/05 13:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011/08/05 13:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011/06/14 19:08:01 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc) SRV - [2011/05/26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/03/10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- c:\Programme\Systemprogramme\RealVNC\VNC4\winvnc4.exe -- (WinVNC4) SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2012/05/13 18:22:15 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2012/05/08 20:54:37 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/08 20:54:37 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/30 21:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2012/04/20 13:53:00 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2012/01/09 18:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012/01/09 18:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2012/01/09 18:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011/12/15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/12/08 06:22:30 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2011/12/08 06:22:30 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2011/12/08 06:22:30 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2011/10/25 04:52:12 | 000,188,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CxPlrCap.sys -- (CXPLRCAP) DRV - [2011/05/07 17:51:28 | 000,455,256 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/04/01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/02/27 05:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/03 19:06:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/413 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6CEA06E7-F76C-4F26-9972-3F56352A4548}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.ebay.de/" FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Musikprogramme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Thomas Hitscher\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas Hitscher\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas Hitscher\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/05/23 18:42:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme\Systemprogramme\Mozilla Firefox\components [2012/06/17 10:43:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme\Systemprogramme\Mozilla Firefox\plugins [2012/04/13 23:43:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Systemprogramme\Mozilla Firefox\components [2012/06/17 10:43:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Systemprogramme\Mozilla Firefox\plugins [2012/04/13 23:43:18 | 000,000,000 | ---D | M] [2012/07/03 20:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas Hitscher\AppData\Roaming\mozilla\Extensions [2012/07/03 20:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas Hitscher\AppData\Roaming\mozilla\Firefox\Profiles\3i6xbetf.default\extensions [2012/07/03 20:31:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Thomas Hitscher\AppData\Roaming\mozilla\Firefox\Profiles\3i6xbetf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012/03/30 07:26:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas Hitscher\AppData\Roaming\mozilla\Firefox\Profiles\3i6xbetf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/05/10 21:31:25 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Thomas Hitscher\AppData\Roaming\mozilla\Firefox\Profiles\3i6xbetf.default\extensions\ffxtlbr@zonealarm.com [2012/07/03 20:31:40 | 000,002,515 | ---- | M] () -- C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\searchplugins\Search_Results.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WIA6EB~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Programme\Kommunikation\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Programme\Videobearbeitung\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\WIA6EB~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Systemprogramme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Thomas Hitscher\AppData\Local\Apps\2.0\KNDLZK0X.BYT\N68NNXGB.RQC\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [Doabysk] "C:\Users\Thomas Hitscher\AppData\Roaming\Inedan\oxbay.exe" File not found O4 - HKCU..\Run: [EA Core] "C:\Programme\Spiele\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [KiesHelper] C:\Programme\Systemprogramme\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Systemprogramme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O8 - Extra context menu item: add to &BOM - C:\\PROGRA~3\\EBAY\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Kommunikation\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Kommunikation\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Kommunikation\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\WIA6EB~1\Datamngr\datamngr.dll) - C:\PROGRA~1\WIA6EB~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll) - C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{14265378-2cbb-11e1-bc01-1c4bd6e5c276}\Shell - "" = AutoRun O33 - MountPoints2\{14265378-2cbb-11e1-bc01-1c4bd6e5c276}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{532bdd56-8c52-11e1-b28d-1c4bd6e5c276}\Shell - "" = AutoRun O33 - MountPoints2\{532bdd56-8c52-11e1-b28d-1c4bd6e5c276}\Shell\AutoRun\command - "" = H:\DPFMate.exe O33 - MountPoints2\{84e68873-7ce1-11e1-b1fe-1c4bd6e5c276}\Shell - "" = AutoRun O33 - MountPoints2\{84e68873-7ce1-11e1-b1fe-1c4bd6e5c276}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/16 12:16:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas Hitscher\Desktop\OTL.exe [2012/07/16 10:22:04 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten-Dateien [2012/07/15 12:19:09 | 000,000,000 | ---D | C] -- C:\_OTL [2012/07/12 13:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\FreieTonne [2012/07/10 21:49:25 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012/07/06 12:40:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\Malwarebytes [2012/07/06 12:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/06 12:40:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/07/06 12:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/07/06 12:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/06 11:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012/07/03 21:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player [2012/07/03 21:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player [2012/07/03 21:07:46 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\Documents\Any Audio Converter [2012/07/03 21:07:45 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\AnvSoft [2012/07/03 21:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2012/07/03 21:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft [2012/07/03 20:31:44 | 000,360,448 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe [2012/07/03 20:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter [2012/07/03 20:31:42 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\FreeFLVConverter [2012/07/03 20:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter [2012/07/03 20:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar [2012/07/03 12:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2012/07/03 12:01:42 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\Pemaa [2012/07/03 12:01:42 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\Inedan [2012/07/03 12:01:42 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\Cait [2012/07/03 11:59:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/06/25 19:47:22 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Local\Macromedia [2012/06/22 20:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2012/06/16 21:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZAR [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/16 12:16:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas Hitscher\Desktop\OTL.exe [2012/07/16 12:15:56 | 000,000,000 | ---- | M] () -- C:\Users\Thomas Hitscher\defogger_reenable [2012/07/16 12:14:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/16 12:14:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/16 11:32:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1486169328-2368988707-4284464166-1000UA.job [2012/07/16 10:23:05 | 000,050,477 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\Defogger.exe [2012/07/16 10:22:21 | 000,070,552 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012/07/16 10:15:12 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/16 10:15:12 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/16 10:07:34 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2012/07/14 20:32:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1486169328-2368988707-4284464166-1000Core.job [2012/07/13 20:35:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/12 16:21:45 | 000,458,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/07/12 14:39:31 | 000,001,733 | ---- | M] () -- C:\Users\Public\Desktop\FreieTonne-USB.lnk [2012/07/12 14:08:27 | 1204,512,215 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\ft-install-files.zip [2012/07/11 10:14:30 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/07/11 10:14:30 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/07/11 10:14:30 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/07/11 10:14:30 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/07/03 21:14:40 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\FLV Player.lnk [2012/07/03 21:07:41 | 000,001,187 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\Any Audio Converter.lnk [2012/07/03 20:31:45 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk [2012/07/03 20:31:45 | 000,001,083 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\Free FLV Converter.lnk [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/07/03 12:15:18 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2012/07/03 12:01:54 | 000,001,897 | ---- | M] () -- C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/16 12:15:56 | 000,000,000 | ---- | C] () -- C:\Users\Thomas Hitscher\defogger_reenable [2012/07/16 10:23:04 | 000,050,477 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\Defogger.exe [2012/07/16 10:22:04 | 000,070,552 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012/07/12 14:39:31 | 000,001,733 | ---- | C] () -- C:\Users\Public\Desktop\FreieTonne-USB.lnk [2012/07/12 13:28:59 | 1204,512,215 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\ft-install-files.zip [2012/07/06 12:40:37 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/03 21:14:40 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk [2012/07/03 21:07:41 | 000,001,187 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\Any Audio Converter.lnk [2012/07/03 20:31:45 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk [2012/07/03 20:31:45 | 000,001,083 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\Free FLV Converter.lnk [2012/07/03 20:31:43 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx [2012/07/03 20:31:43 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb [2012/07/03 20:31:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx [2012/07/03 12:01:54 | 000,001,897 | ---- | C] () -- C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/05/10 21:25:24 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2012/04/13 23:44:49 | 000,000,875 | ---- | C] () -- C:\Users\Thomas Hitscher\.DChannelDecoder.opt [2012/04/13 23:34:19 | 000,315,444 | ---- | C] () -- C:\Windows\System32\isdnapi32.dll [2012/04/13 23:34:19 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AuerCapiJNINative.dll [2012/04/13 23:34:19 | 000,032,768 | ---- | C] () -- C:\Windows\System32\AuerUsbJNINative.dll [2012/02/05 11:33:18 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2012/01/31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012/01/31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012/01/31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012/01/31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012/01/31 18:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/11/09 20:52:47 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011/11/09 20:37:59 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011/06/16 18:38:11 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll [2011/01/02 11:32:53 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2010/12/19 17:54:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/12/18 22:48:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010/12/18 22:48:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2010/12/18 22:02:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== LOP Check ========== [2012/07/03 21:07:45 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\AnvSoft [2010/12/18 21:59:33 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\Ashampoo [2012/07/03 12:42:29 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\Cait [2012/05/10 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\CheckPoint [2012/02/24 19:35:17 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\Command and Conquer 4 [2012/01/28 22:19:06 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\DAEMON Tools Lite [2012/05/21 21:57:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\FileZilla [2012/07/15 23:35:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\FreeFLVConverter [2011/12/14 20:52:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\go [2011/01/28 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\GoPal Assistant [2012/07/10 18:44:19 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\Inedan [2012/07/03 12:01:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\Pemaa [2012/04/21 17:12:35 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\Samsung [2012/03/10 19:43:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\TeamViewer [2012/04/21 20:21:59 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\Temp [2011/11/02 22:45:46 | 000,000,000 | ---D | M] -- C:\Users\Thomas Hitscher\AppData\Roaming\Total Immersion [2012/07/15 11:57:57 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Als nächstes der Systemlook-Log: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 15:58 on 16/07/2012 by Thomas Hitscher
Administrator - Elevation successful
========== regfind ==========
Searching for "roper0dun.exe"
No data found.
Searching for "roper0dun.exe"
No data found.
-= EOF =-
Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/16/2012 at 16:02:11
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Thomas Hitscher - LAPTOP
# Running from : C:\Users\Thomas Hitscher\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Thomas Hitscher\AppData\LocalLow\Conduit
Folder Found : C:\Users\Thomas Hitscher\AppData\LocalLow\searchquband
Folder Found : C:\Users\Thomas Hitscher\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\Conduit
Folder Found : C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\ConduitCommon
Folder Found : C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\Searchqutoolbar
Folder Found : C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Windows Searchqu Toolbar
Folder Found : C:\Program Files\ZoneAlarm-Sicherheit
File Found : C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\searchplugins\Search_Results.xml
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Found : HKLM\SOFTWARE\SearchquMediabarTb
Key Found : HKLM\SOFTWARE\Software
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7600.16385
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/413
-\\ Mozilla Firefox v4.0 (de)
Profile name : default
File : C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\prefs.js
Found : user_pref("CT2613550..clientLogIsEnabled", false);
Found : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2613550.CTID", "ct2613550");
Found : user_pref("CT2613550.CurrentServerDate", "10-5-2012");
Found : user_pref("CT2613550.DialogsAlignMode", "LTR");
Found : user_pref("CT2613550.DialogsGetterLastCheckTime", "Tue May 08 2012 20:55:02 GMT+0200");
Found : user_pref("CT2613550.DownloadReferralCookieData", "");
Found : user_pref("CT2613550.EMailNotifierCheckInterval", "5");
Found : user_pref("CT2613550.EMailNotifierLabelLength", 6);
Found : user_pref("CT2613550.EMailNotifierPollDate", "Thu May 10 2012 21:23:30 GMT+0200");
Found : user_pref("CT2613550.EMailNotifierSound", "C:\\Windows\\Media\\Garden\\Windows Default.wav");
Found : user_pref("CT2613550.FeedPollDate129254982599602533", "Fri Mar 25 2011 15:54:41 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602539", "Fri Mar 25 2011 15:54:41 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602545", "Fri Mar 25 2011 15:54:42 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602551", "Fri Mar 25 2011 15:54:42 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602557", "Fri Mar 25 2011 15:54:42 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602563", "Fri Mar 25 2011 15:54:42 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602569", "Fri Mar 25 2011 15:54:42 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602575", "Fri Mar 25 2011 15:54:42 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602581", "Fri Mar 25 2011 15:54:42 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602587", "Fri Mar 25 2011 15:54:42 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602593", "Fri Mar 25 2011 15:54:43 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602599", "Fri Mar 25 2011 15:54:43 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602605", "Fri Mar 25 2011 15:54:43 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602611", "Fri Mar 25 2011 15:54:43 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602617", "Fri Mar 25 2011 15:54:43 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602623", "Fri Mar 25 2011 15:54:43 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602629", "Fri Mar 25 2011 15:54:43 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate7861255190875796966", "Wed Jul 13 2011 21:25:10 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255191286404846", "Wed Jul 13 2011 21:25:10 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255191690696803", "Wed Jul 13 2011 21:25:08 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255191830767423", "Wed Jul 13 2011 21:25:10 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255192204641884", "Wed Jul 13 2011 21:25:10 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255192330261614", "Wed Jul 13 2011 21:25:07 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255192609293799", "Wed Jul 13 2011 21:25:10 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255192844976705", "Wed Jul 13 2011 21:25:07 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255193025486845", "Wed Jul 13 2011 21:25:10 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255193127848905", "Wed Jul 13 2011 21:25:10 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255193189289837", "Wed Jul 13 2011 21:25:08 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255193256322449", "Wed Jul 13 2011 21:25:07 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255193310202497", "Wed Jul 13 2011 21:25:10 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255193760634970", "Wed Jul 13 2011 21:25:10 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255193813312257", "Wed Jul 13 2011 21:25:10 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255194862513855", "Wed Jul 13 2011 21:25:07 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate7861255194875474195", "Wed Jul 13 2011 21:25:10 GMT+0200");
Found : user_pref("CT2613550.FeedTTL129254982599602545", 5);
Found : user_pref("CT2613550.FeedTTL129254982599602551", 5);
Found : user_pref("CT2613550.FeedTTL129254982599602575", 2);
Found : user_pref("CT2613550.FeedTTL129254982599602605", 5);
Found : user_pref("CT2613550.FeedTTL129254982599602617", 30);
Found : user_pref("CT2613550.FeedTTL7861255190875796966", 5);
Found : user_pref("CT2613550.FeedTTL7861255191286404846", 2);
Found : user_pref("CT2613550.FeedTTL7861255191830767423", 30);
Found : user_pref("CT2613550.FeedTTL7861255192609293799", 30);
Found : user_pref("CT2613550.FeedTTL7861255192844976705", 5);
Found : user_pref("CT2613550.FeedTTL7861255193256322449", 5);
Found : user_pref("CT2613550.FeedTTL7861255193310202497", 2);
Found : user_pref("CT2613550.FirstServerDate", "19-12-2010");
Found : user_pref("CT2613550.FirstTime", true);
Found : user_pref("CT2613550.FirstTimeFF3", true);
Found : user_pref("CT2613550.FirstTimeSettingsDone", true);
Found : user_pref("CT2613550.FixPageNotFoundErrors", true);
Found : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2613550.HasUserGlobalKeys", true);
Found : user_pref("CT2613550.Initialize", true);
Found : user_pref("CT2613550.InitializeCommonPrefs", true);
Found : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Found : user_pref("CT2613550.InstalledDate", "Sat Dec 18 2010 22:24:33 GMT+0100");
Found : user_pref("CT2613550.IsAlertDBUpdated", true);
Found : user_pref("CT2613550.IsGrouping", false);
Found : user_pref("CT2613550.IsMulticommunity", false);
Found : user_pref("CT2613550.IsOpenThankYouPage", false);
Found : user_pref("CT2613550.IsOpenUninstallPage", true);
Found : user_pref("CT2613550.LanguagePackLastCheckTime", "Sat Dec 18 2010 22:24:45 GMT+0100");
Found : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2613550.LastLogin_2.7.1.3", "Fri Mar 25 2011 15:54:41 GMT+0100");
Found : user_pref("CT2613550.LastLogin_3.10.0.1", "Wed Apr 18 2012 16:07:39 GMT+0200");
Found : user_pref("CT2613550.LastLogin_3.12.0.7", "Wed Apr 25 2012 18:05:19 GMT+0200");
Found : user_pref("CT2613550.LastLogin_3.12.2.3", "Thu May 10 2012 19:49:59 GMT+0200");
Found : user_pref("CT2613550.LastLogin_3.3.3.2", "Sun Jul 24 2011 13:33:58 GMT+0200");
Found : user_pref("CT2613550.LastLogin_3.5.0.12", "Wed Aug 24 2011 16:59:04 GMT+0200");
Found : user_pref("CT2613550.LastLogin_3.6.0.10", "Wed Oct 05 2011 17:59:55 GMT+0200");
Found : user_pref("CT2613550.LastLogin_3.7.0.6", "Wed Nov 09 2011 16:49:00 GMT+0100");
Found : user_pref("CT2613550.LastLogin_3.8.0.8", "Wed Dec 07 2011 21:01:58 GMT+0100");
Found : user_pref("CT2613550.LastLogin_3.8.1.0", "Mon Jan 16 2012 20:29:08 GMT+0100");
Found : user_pref("CT2613550.LastLogin_3.9.0.3", "Thu Mar 08 2012 19:31:16 GMT+0100");
Found : user_pref("CT2613550.LatestVersion", "3.12.2.3");
Found : user_pref("CT2613550.Locale", "de-de");
Found : user_pref("CT2613550.LoginCache", 4);
Found : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Found : user_pref("CT2613550.MCDetectTooltipShow", false);
Found : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Found : user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2613550.RadioIsPodcast", false);
Found : user_pref("CT2613550.RadioMediaID", "8577");
Found : user_pref("CT2613550.RadioMediaType", "Media Player");
Found : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT2613550_RECENT8577");
Found : user_pref("CT2613550.RadioShrinked", "expanded");
Found : user_pref("CT2613550.RadioStationName", "Rock%20n%20Pop%20106!8%20");
Found : user_pref("CT2613550.RadioStationURL", "hxxp://62.75.132.19:80");
Found : user_pref("CT2613550.RadioVolume", "60");
Found : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Found : user_pref("CT2613550.SearchInNewTabEnabled", true);
Found : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2613550.ServiceMapLastCheckTime", "Thu May 10 2012 21:24:58 GMT+0200");
Found : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2613550.SettingsLastCheckTime", "Sat Dec 18 2010 22:24:32 GMT+0100");
Found : user_pref("CT2613550.SettingsLastUpdate", "1291812328");
Found : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Sat Dec 18 2010 22:24:31 GMT+0100");
Found : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
Found : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2613550.UserID", "UN91529305457378263");
Found : user_pref("CT2613550.ValidationData_Search", 1);
Found : user_pref("CT2613550.ValidationData_Toolbar", 2);
Found : user_pref("CT2613550.WeatherNetwork", "");
Found : user_pref("CT2613550.WeatherPollDate", "Thu May 10 2012 21:08:21 GMT+0200");
Found : user_pref("CT2613550.WeatherUnit", "C");
Found : user_pref("CT2613550.alertChannelId", "1006347");
Found : user_pref("CT2613550.backendstorage.facebook_mode", "32");
Found : user_pref("CT2613550.backendstorage.facebook_user_locale", "6465");
Found : user_pref("CT2613550.clientLogIsEnabled", false);
Found : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2613550.components.1000082", true);
Found : user_pref("CT2613550.components.1000234", true);
Found : user_pref("CT2613550.ct2613550.AppTrackingLastCheckTime", "Tue May 08 2012 20:55:18 GMT+0200");
Found : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Found : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 832);
Found : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Found : user_pref("CT2613550.ct2613550.InvalidateCache", false);
Found : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Thu May 10 2012 21:08:20 GMT+0200");
Found : user_pref("CT2613550.ct2613550.Locale", "de-de");
Found : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Thu May 10 2012 21:08:20 GMT+0200");
Found : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
Found : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Found : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Thu May 10 2012 21:08:20 GMT+0200");
Found : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Thu May 10 2012 19:49:57 GMT+0200");
Found : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1334650619");
Found : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Sat Apr 21 2012 15:26:05 GMT+0200");
Found : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2613550.ct2613550.components.1001", true);
Found : user_pref("CT2613550.ct2613550.globalFirstTimeInfoLastCheckTime", "Sun May 06 2012 20:53:19 GMT+0200[...]
Found : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Thu May 10 2012 21:08:20 GMT+0200"[...]
Found : user_pref("CT2613550.ct2613550.toolbarContextMenuLastCheckTime", "Fri Apr 27 2012 22:04:21 GMT+0200"[...]
Found : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2613550.initDone", true);
Found : user_pref("CT2613550.isAppTrackingManagerOn", true);
Found : user_pref("CT2613550.myStuffEnabled", true);
Found : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2613550.oldAppsList", "129171076488700693,129171076488856944,111,129171076488856945,129[...]
Found : user_pref("CT2613550.revertSettingsEnabled", true);
Found : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Found : user_pref("CT2613550.testingCtid", "");
Found : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2613550.usagesFlag", 2);
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2613550");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2613550&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Thomas Hitscher\\AppData\\Roaming\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 31 2011 18:37:26 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jul 24 2011 13:33:57 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "1e028694-4e39-4c6e-be79-da6962228966");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 16 2012 19:40:58 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "2d9e71fe-5413-4df8-9d98-e5033559c882");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 08 2012 20:55:0[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu May 10 2012 21:08:19 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "18432776-40e8-40d5-8c3e-8fe41a6ca0ac");
Found : user_pref("browser.search.defaultenginename", "Search Results");
Found : user_pref("browser.search.order.1", "Search Results");
Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=");
*************************
AdwCleaner[R1].txt - [27455 octets] - [16/07/2012 16:02:11]
########## EOF - C:\AdwCleaner[R1].txt - [27584 octets] ##########
Code:
ATTFilter 16:05:13.0887 3176 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
16:05:14.0137 3176 ============================================================
16:05:14.0137 3176 Current date / time: 2012/07/16 16:05:14.0137
16:05:14.0137 3176 SystemInfo:
16:05:14.0137 3176
16:05:14.0137 3176 OS Version: 6.1.7600 ServicePack: 0.0
16:05:14.0137 3176 Product type: Workstation
16:05:14.0137 3176 ComputerName: LAPTOP
16:05:14.0137 3176 UserName: Thomas Hitscher
16:05:14.0137 3176 Windows directory: C:\Windows
16:05:14.0137 3176 System windows directory: C:\Windows
16:05:14.0137 3176 Processor architecture: Intel x86
16:05:14.0137 3176 Number of processors: 4
16:05:14.0137 3176 Page size: 0x1000
16:05:14.0137 3176 Boot type: Normal boot
16:05:14.0137 3176 ============================================================
16:05:14.0620 3176 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:05:14.0636 3176 Drive \Device\Harddisk1\DR1 - Size: 0x7A00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:05:14.0636 3176 ============================================================
16:05:14.0636 3176 \Device\Harddisk0\DR0:
16:05:14.0636 3176 MBR partitions:
16:05:14.0636 3176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:05:14.0636 3176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
16:05:14.0636 3176 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
16:05:14.0636 3176 \Device\Harddisk1\DR1:
16:05:14.0636 3176 MBR partitions:
16:05:14.0636 3176 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3CFDF
16:05:14.0636 3176 ============================================================
16:05:14.0667 3176 C: <-> \Device\Harddisk0\DR0\Partition1
16:05:14.0714 3176 D: <-> \Device\Harddisk0\DR0\Partition2
16:05:14.0714 3176 ============================================================
16:05:14.0714 3176 Initialize success
16:05:14.0714 3176 ============================================================
16:05:50.0095 7448 ============================================================
16:05:50.0095 7448 Scan started
16:05:50.0095 7448 Mode: Manual; SigCheck; TDLFS;
16:05:50.0095 7448 ============================================================
16:05:51.0157 7448 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
16:05:51.0297 7448 1394ohci - ok
16:05:51.0359 7448 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
16:05:51.0391 7448 ACPI - ok
16:05:51.0437 7448 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
16:05:51.0484 7448 AcpiPmi - ok
16:05:51.0609 7448 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:05:51.0640 7448 AdobeARMservice - ok
16:05:51.0734 7448 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:05:51.0765 7448 AdobeFlashPlayerUpdateSvc - ok
16:05:51.0859 7448 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:05:51.0905 7448 adp94xx - ok
16:05:52.0015 7448 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:05:52.0061 7448 adpahci - ok
16:05:52.0093 7448 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:05:52.0140 7448 adpu320 - ok
16:05:52.0156 7448 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:05:52.0203 7448 AeLookupSvc - ok
16:05:52.0281 7448 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
16:05:52.0359 7448 AFD - ok
16:05:52.0406 7448 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
16:05:52.0437 7448 agp440 - ok
16:05:52.0468 7448 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:05:52.0484 7448 aic78xx - ok
16:05:52.0546 7448 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:05:52.0593 7448 ALG - ok
16:05:52.0640 7448 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
16:05:52.0671 7448 aliide - ok
16:05:52.0718 7448 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
16:05:52.0733 7448 amdagp - ok
16:05:52.0749 7448 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
16:05:52.0764 7448 amdide - ok
16:05:52.0811 7448 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:05:52.0842 7448 AmdK8 - ok
16:05:52.0874 7448 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:05:52.0936 7448 AmdPPM - ok
16:05:52.0983 7448 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
16:05:53.0014 7448 amdsata - ok
16:05:53.0045 7448 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:05:53.0076 7448 amdsbs - ok
16:05:53.0092 7448 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
16:05:53.0108 7448 amdxata - ok
16:05:53.0217 7448 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:05:53.0248 7448 AntiVirSchedulerService - ok
16:05:53.0295 7448 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:05:53.0310 7448 AntiVirService - ok
16:05:53.0357 7448 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
16:05:53.0420 7448 AppID - ok
16:05:53.0466 7448 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:05:53.0544 7448 AppIDSvc - ok
16:05:53.0576 7448 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
16:05:53.0622 7448 Appinfo - ok
16:05:53.0685 7448 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:05:53.0716 7448 Apple Mobile Device - ok
16:05:53.0747 7448 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:05:53.0778 7448 arc - ok
16:05:53.0794 7448 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:05:53.0810 7448 arcsas - ok
16:05:53.0856 7448 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:05:53.0903 7448 AsyncMac - ok
16:05:53.0966 7448 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
16:05:53.0997 7448 atapi - ok
16:05:54.0075 7448 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
16:05:54.0137 7448 AudioEndpointBuilder - ok
16:05:54.0153 7448 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
16:05:54.0200 7448 Audiosrv - ok
16:05:54.0278 7448 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
16:05:54.0309 7448 avgntflt - ok
16:05:54.0356 7448 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
16:05:54.0371 7448 avipbb - ok
16:05:54.0402 7448 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
16:05:54.0434 7448 avkmgr - ok
16:05:54.0480 7448 avmaudio (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys
16:05:54.0527 7448 avmaudio - ok
16:05:54.0574 7448 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
16:05:54.0636 7448 AxInstSV - ok
16:05:54.0730 7448 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:05:54.0808 7448 b06bdrv - ok
16:05:54.0870 7448 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:05:54.0964 7448 b57nd60x - ok
16:05:55.0104 7448 BBSvc (483f1162eeebd10bf77fbb32db963370) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:05:55.0136 7448 BBSvc - ok
16:05:55.0198 7448 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:05:55.0229 7448 BBUpdate - ok
16:05:55.0260 7448 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:05:55.0323 7448 BDESVC - ok
16:05:55.0354 7448 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:05:55.0401 7448 Beep - ok
16:05:55.0479 7448 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
16:05:55.0557 7448 BFE - ok
16:05:55.0635 7448 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
16:05:55.0728 7448 BITS - ok
16:05:55.0760 7448 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:05:55.0775 7448 blbdrive - ok
16:05:55.0900 7448 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:05:55.0931 7448 Bonjour Service - ok
16:05:55.0978 7448 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
16:05:56.0025 7448 bowser - ok
16:05:56.0056 7448 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:05:56.0103 7448 BrFiltLo - ok
16:05:56.0118 7448 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:05:56.0150 7448 BrFiltUp - ok
16:05:56.0196 7448 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
16:05:56.0259 7448 Browser - ok
16:05:56.0306 7448 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:05:56.0384 7448 Brserid - ok
16:05:56.0430 7448 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:05:56.0477 7448 BrSerWdm - ok
16:05:56.0524 7448 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:05:56.0571 7448 BrUsbMdm - ok
16:05:56.0586 7448 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:05:56.0649 7448 BrUsbSer - ok
16:05:56.0664 7448 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:05:56.0711 7448 BTHMODEM - ok
16:05:56.0774 7448 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:05:56.0836 7448 bthserv - ok
16:05:56.0883 7448 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:05:56.0930 7448 cdfs - ok
16:05:56.0976 7448 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
16:05:57.0023 7448 cdrom - ok
16:05:57.0054 7448 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
16:05:57.0117 7448 CertPropSvc - ok
16:05:57.0164 7448 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:05:57.0210 7448 circlass - ok
16:05:57.0273 7448 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:05:57.0320 7448 CLFS - ok
16:05:57.0398 7448 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:57.0429 7448 clr_optimization_v2.0.50727_32 - ok
16:05:57.0507 7448 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:57.0522 7448 clr_optimization_v4.0.30319_32 - ok
16:05:57.0554 7448 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:05:57.0600 7448 CmBatt - ok
16:05:57.0632 7448 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
16:05:57.0647 7448 cmdide - ok
16:05:57.0710 7448 CNG (db5e008b3744dd60c8498cbbf2a1cfa6) C:\Windows\system32\Drivers\cng.sys
16:05:57.0741 7448 CNG - ok
16:05:57.0772 7448 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:05:57.0803 7448 Compbatt - ok
16:05:57.0850 7448 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:05:57.0897 7448 CompositeBus - ok
16:05:57.0928 7448 COMSysApp - ok
16:05:57.0959 7448 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:05:57.0975 7448 crcdisk - ok
16:05:58.0037 7448 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
16:05:58.0084 7448 CryptSvc - ok
16:05:58.0146 7448 CXPLRCAP (46dc77a5dc7ad463713c603c019541ba) C:\Windows\system32\drivers\CxPlrCap.sys
16:05:58.0209 7448 CXPLRCAP - ok
16:05:58.0287 7448 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
16:05:58.0349 7448 DcomLaunch - ok
16:05:58.0396 7448 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:05:58.0490 7448 defragsvc - ok
16:05:58.0536 7448 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
16:05:58.0599 7448 DfsC - ok
16:05:58.0677 7448 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
16:05:58.0739 7448 Dhcp - ok
16:05:58.0755 7448 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:05:58.0817 7448 discache - ok
16:05:58.0864 7448 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:05:58.0895 7448 Disk - ok
16:05:58.0926 7448 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
16:05:58.0973 7448 Dnscache - ok
16:05:59.0004 7448 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
16:05:59.0082 7448 dot3svc - ok
16:05:59.0114 7448 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
16:05:59.0176 7448 DPS - ok
16:05:59.0207 7448 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:05:59.0254 7448 drmkaud - ok
16:05:59.0332 7448 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
16:05:59.0394 7448 DXGKrnl - ok
16:05:59.0441 7448 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:05:59.0519 7448 EapHost - ok
16:05:59.0722 7448 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:05:59.0878 7448 ebdrv - ok
16:06:00.0018 7448 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
16:06:00.0081 7448 EFS - ok
16:06:00.0299 7448 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
16:06:00.0362 7448 ehRecvr - ok
16:06:00.0471 7448 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:06:00.0580 7448 ehSched - ok
16:06:00.0705 7448 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:06:00.0798 7448 elxstor - ok
16:06:00.0830 7448 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
16:06:00.0876 7448 ErrDev - ok
16:06:00.0923 7448 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:06:00.0986 7448 EventSystem - ok
16:06:01.0048 7448 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:06:01.0157 7448 exfat - ok
16:06:01.0266 7448 ezGOSvc (da7ed3a484a2a03fd8aec1b3a0db401c) C:\Windows\system32\ezGOSvc.dll
16:06:01.0282 7448 ezGOSvc - ok
16:06:01.0313 7448 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:06:01.0391 7448 fastfat - ok
16:06:01.0454 7448 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
16:06:01.0500 7448 Fax - ok
16:06:01.0547 7448 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:06:01.0594 7448 fdc - ok
16:06:01.0625 7448 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:06:01.0672 7448 fdPHost - ok
16:06:01.0703 7448 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:06:01.0766 7448 FDResPub - ok
16:06:01.0797 7448 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:06:01.0812 7448 FileInfo - ok
16:06:01.0828 7448 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:06:01.0890 7448 Filetrace - ok
16:06:01.0922 7448 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:06:01.0968 7448 flpydisk - ok
16:06:02.0015 7448 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:06:02.0046 7448 FltMgr - ok
16:06:02.0140 7448 FontCache (b6512a85815fdc3d560c3705f5bdb93d) C:\Windows\system32\FntCache.dll
16:06:02.0234 7448 FontCache - ok
16:06:02.0327 7448 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:06:02.0358 7448 FontCache3.0.0.0 - ok
16:06:02.0390 7448 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:06:02.0405 7448 FsDepends - ok
16:06:02.0483 7448 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\Windows\system32\DRIVERS\fssfltr.sys
16:06:02.0499 7448 fssfltr - ok
16:06:02.0670 7448 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:06:02.0764 7448 fsssvc - ok
16:06:02.0904 7448 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
16:06:02.0936 7448 Fs_Rec - ok
16:06:02.0998 7448 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
16:06:03.0029 7448 fvevol - ok
16:06:03.0076 7448 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:06:03.0092 7448 gagp30kx - ok
16:06:03.0138 7448 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:06:03.0170 7448 GEARAspiWDM - ok
16:06:03.0232 7448 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
16:06:03.0294 7448 gpsvc - ok
16:06:03.0326 7448 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:06:03.0372 7448 hcw85cir - ok
16:06:03.0435 7448 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
16:06:03.0497 7448 HdAudAddService - ok
16:06:03.0575 7448 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:06:03.0622 7448 HDAudBus - ok
16:06:03.0669 7448 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
16:06:03.0716 7448 HECI - ok
16:06:03.0747 7448 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:06:03.0778 7448 HidBatt - ok
16:06:03.0825 7448 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:06:03.0887 7448 HidBth - ok
16:06:03.0934 7448 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:06:03.0981 7448 HidIr - ok
16:06:04.0012 7448 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
16:06:04.0074 7448 hidserv - ok
16:06:04.0121 7448 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
16:06:04.0168 7448 HidUsb - ok
16:06:04.0199 7448 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
16:06:04.0246 7448 hkmsvc - ok
16:06:04.0293 7448 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
16:06:04.0324 7448 HomeGroupListener - ok
16:06:04.0386 7448 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
16:06:04.0433 7448 HomeGroupProvider - ok
16:06:04.0480 7448 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:06:04.0511 7448 HpSAMD - ok
16:06:04.0589 7448 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
16:06:04.0667 7448 HTTP - ok
16:06:04.0683 7448 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
16:06:04.0698 7448 hwpolicy - ok
16:06:04.0745 7448 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
16:06:04.0792 7448 i8042prt - ok
16:06:04.0870 7448 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
16:06:04.0917 7448 iaStor - ok
16:06:05.0010 7448 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:06:05.0026 7448 IAStorDataMgrSvc - ok
16:06:05.0104 7448 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
16:06:05.0135 7448 iaStorV - ok
16:06:05.0291 7448 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:06:05.0354 7448 idsvc - ok
16:06:05.0915 7448 igfx (8e9da2e49347af49901526dcd4d0f397) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:06:06.0180 7448 igfx - ok
16:06:06.0336 7448 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:06:06.0368 7448 iirsp - ok
16:06:06.0461 7448 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
16:06:06.0539 7448 IKEEXT - ok
16:06:06.0617 7448 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
16:06:06.0664 7448 Impcd - ok
16:06:06.0882 7448 IntcAzAudAddService (5f9882ba31b7755341bc7773cb1ead62) C:\Windows\system32\drivers\RTKVHDA.sys
16:06:07.0023 7448 IntcAzAudAddService - ok
16:06:07.0194 7448 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:06:07.0272 7448 IntcDAud - ok
16:06:07.0304 7448 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
16:06:07.0335 7448 intelide - ok
16:06:07.0366 7448 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:06:07.0413 7448 intelppm - ok
16:06:07.0444 7448 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:06:07.0491 7448 IPBusEnum - ok
16:06:07.0522 7448 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:06:07.0584 7448 IpFilterDriver - ok
16:06:07.0647 7448 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
16:06:07.0725 7448 iphlpsvc - ok
16:06:07.0756 7448 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:06:07.0772 7448 IPMIDRV - ok
16:06:07.0818 7448 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:06:07.0865 7448 IPNAT - ok
16:06:07.0990 7448 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:06:08.0037 7448 iPod Service - ok
16:06:08.0052 7448 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:06:08.0115 7448 IRENUM - ok
16:06:08.0177 7448 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
16:06:08.0208 7448 isapnp - ok
16:06:08.0240 7448 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
16:06:08.0271 7448 iScsiPrt - ok
16:06:08.0333 7448 ISWKL (ee8bed092a58a4faeb08dc140729189e) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
16:06:08.0364 7448 ISWKL - ok
16:06:08.0427 7448 IswSvc (aa7fd6a7532ef23fdcfc030195c148f9) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
16:06:08.0474 7448 IswSvc - ok
16:06:08.0520 7448 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:06:08.0536 7448 kbdclass - ok
16:06:08.0583 7448 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
16:06:08.0614 7448 kbdhid - ok
16:06:08.0661 7448 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:06:08.0692 7448 KeyIso - ok
16:06:08.0754 7448 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
16:06:08.0770 7448 KL1 - ok
16:06:08.0801 7448 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
16:06:08.0817 7448 kl2 - ok
16:06:08.0895 7448 KLIF (46fa00bef951762919b66269371c22af) C:\Windows\system32\DRIVERS\klif.sys
16:06:08.0942 7448 KLIF - ok
16:06:08.0973 7448 KSecDD (52fc17c8589f11747d01d3cf592673d0) C:\Windows\system32\Drivers\ksecdd.sys
16:06:08.0988 7448 KSecDD - ok
16:06:09.0035 7448 KSecPkg (3e5474b03568cfab834da3c38e8c9efa) C:\Windows\system32\Drivers\ksecpkg.sys
16:06:09.0051 7448 KSecPkg - ok
16:06:09.0113 7448 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:06:09.0176 7448 KtmRm - ok
16:06:09.0222 7448 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys
16:06:09.0238 7448 L1C - ok
16:06:09.0269 7448 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
16:06:09.0300 7448 LanmanServer - ok
16:06:09.0332 7448 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
16:06:09.0394 7448 LanmanWorkstation - ok
16:06:09.0456 7448 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:06:09.0534 7448 lltdio - ok
16:06:09.0597 7448 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:06:09.0690 7448 lltdsvc - ok
16:06:09.0706 7448 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:06:09.0768 7448 lmhosts - ok
16:06:09.0909 7448 LMS (1e2f802846eb944e0333efee7c9532a8) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:06:09.0924 7448 LMS - ok
16:06:09.0971 7448 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:06:09.0987 7448 LSI_FC - ok
16:06:10.0034 7448 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:06:10.0049 7448 LSI_SAS - ok
16:06:10.0080 7448 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:06:10.0096 7448 LSI_SAS2 - ok
16:06:10.0127 7448 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:06:10.0143 7448 LSI_SCSI - ok
16:06:10.0190 7448 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:06:10.0252 7448 luafv - ok
16:06:10.0314 7448 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
16:06:10.0361 7448 Mcx2Svc - ok
16:06:10.0439 7448 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
16:06:10.0470 7448 MDM ( UnsignedFile.Multi.Generic ) - warning
16:06:10.0470 7448 MDM - detected UnsignedFile.Multi.Generic (1)
16:06:10.0502 7448 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:06:10.0517 7448 megasas - ok
16:06:10.0580 7448 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:06:10.0611 7448 MegaSR - ok
16:06:10.0689 7448 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:06:10.0720 7448 Microsoft Office Groove Audit Service - ok
16:06:10.0736 7448 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:06:10.0798 7448 MMCSS - ok
16:06:10.0845 7448 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:06:10.0907 7448 Modem - ok
16:06:10.0938 7448 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:06:10.0985 7448 monitor - ok
16:06:11.0016 7448 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:06:11.0032 7448 mouclass - ok
16:06:11.0094 7448 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:06:11.0172 7448 mouhid - ok
16:06:11.0219 7448 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
16:06:11.0235 7448 mountmgr - ok
16:06:11.0282 7448 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
16:06:11.0297 7448 mpio - ok
16:06:11.0313 7448 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:06:11.0375 7448 mpsdrv - ok
16:06:11.0438 7448 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
16:06:11.0516 7448 MpsSvc - ok
16:06:11.0531 7448 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
16:06:11.0578 7448 MRxDAV - ok
16:06:11.0640 7448 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:06:11.0687 7448 mrxsmb - ok
16:06:11.0734 7448 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:06:11.0812 7448 mrxsmb10 - ok
16:06:11.0859 7448 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:06:11.0890 7448 mrxsmb20 - ok
16:06:11.0937 7448 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
16:06:11.0952 7448 msahci - ok
16:06:11.0984 7448 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
16:06:12.0015 7448 msdsm - ok
16:06:12.0046 7448 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:06:12.0093 7448 MSDTC - ok
16:06:12.0124 7448 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:06:12.0186 7448 Msfs - ok
16:06:12.0202 7448 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:06:12.0249 7448 mshidkmdf - ok
16:06:12.0280 7448 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
16:06:12.0311 7448 msisadrv - ok
16:06:12.0358 7448 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:06:12.0420 7448 MSiSCSI - ok
16:06:12.0420 7448 msiserver - ok
16:06:12.0467 7448 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:06:12.0530 7448 MSKSSRV - ok
16:06:12.0561 7448 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:06:12.0623 7448 MSPCLOCK - ok
16:06:12.0639 7448 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:06:12.0701 7448 MSPQM - ok
16:06:12.0732 7448 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:06:12.0764 7448 MsRPC - ok
16:06:12.0795 7448 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
16:06:12.0826 7448 mssmbios - ok
16:06:12.0857 7448 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:06:12.0888 7448 MSTEE - ok
16:06:12.0904 7448 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:06:12.0935 7448 MTConfig - ok
16:06:12.0951 7448 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:06:12.0982 7448 Mup - ok
16:06:13.0029 7448 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
16:06:13.0091 7448 napagent - ok
16:06:13.0154 7448 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:06:13.0216 7448 NativeWifiP - ok
16:06:13.0294 7448 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
16:06:13.0356 7448 NDIS - ok
16:06:13.0403 7448 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:06:13.0450 7448 NdisCap - ok
16:06:13.0481 7448 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:06:13.0528 7448 NdisTapi - ok
16:06:13.0575 7448 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
16:06:13.0606 7448 Ndisuio - ok
16:06:13.0653 7448 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
16:06:13.0700 7448 NdisWan - ok
16:06:13.0715 7448 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
16:06:13.0746 7448 NDProxy - ok
16:06:13.0778 7448 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:06:13.0840 7448 NetBIOS - ok
16:06:13.0871 7448 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
16:06:13.0965 7448 NetBT - ok
16:06:13.0996 7448 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:06:14.0027 7448 Netlogon - ok
16:06:14.0074 7448 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:06:14.0136 7448 Netman - ok
16:06:14.0183 7448 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:06:14.0261 7448 netprofm - ok
16:06:14.0355 7448 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:06:14.0386 7448 NetTcpPortSharing - ok
16:06:14.0417 7448 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:06:14.0433 7448 nfrd960 - ok
16:06:14.0480 7448 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
16:06:14.0542 7448 NlaSvc - ok
16:06:14.0589 7448 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:06:14.0651 7448 Npfs - ok
16:06:14.0682 7448 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:06:14.0714 7448 nsi - ok
16:06:14.0729 7448 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:06:14.0776 7448 nsiproxy - ok
16:06:14.0932 7448 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
16:06:15.0010 7448 Ntfs - ok
16:06:15.0150 7448 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:06:15.0228 7448 Null - ok
16:06:15.0275 7448 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
16:06:15.0291 7448 nvraid - ok
16:06:15.0338 7448 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
16:06:15.0369 7448 nvstor - ok
16:06:15.0400 7448 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
16:06:15.0431 7448 nv_agp - ok
16:06:15.0540 7448 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:06:15.0587 7448 odserv - ok
16:06:15.0603 7448 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
16:06:15.0650 7448 ohci1394 - ok
16:06:15.0681 7448 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:06:15.0712 7448 ose - ok
16:06:15.0759 7448 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:06:15.0790 7448 p2pimsvc - ok
16:06:15.0852 7448 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:06:15.0884 7448 p2psvc - ok
16:06:15.0915 7448 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:06:15.0977 7448 Parport - ok
16:06:16.0008 7448 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
16:06:16.0024 7448 partmgr - ok
16:06:16.0055 7448 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:06:16.0071 7448 Parvdm - ok
16:06:16.0118 7448 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:06:16.0149 7448 PcaSvc - ok
16:06:16.0196 7448 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
16:06:16.0227 7448 pci - ok
16:06:16.0258 7448 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
16:06:16.0274 7448 pciide - ok
16:06:16.0320 7448 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:06:16.0352 7448 pcmcia - ok
16:06:16.0383 7448 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:06:16.0398 7448 pcw - ok
16:06:16.0492 7448 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:06:16.0570 7448 PEAUTH - ok
16:06:16.0726 7448 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
16:06:16.0851 7448 pla - ok
16:06:17.0022 7448 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
16:06:17.0069 7448 PlugPlay - ok
16:06:17.0100 7448 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:06:17.0116 7448 PNRPAutoReg - ok
16:06:17.0163 7448 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:06:17.0178 7448 PNRPsvc - ok
16:06:17.0225 7448 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
16:06:17.0303 7448 PolicyAgent - ok
16:06:17.0350 7448 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
16:06:17.0397 7448 Power - ok
16:06:17.0459 7448 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:06:17.0522 7448 PptpMiniport - ok
16:06:17.0553 7448 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:06:17.0615 7448 Processor - ok
16:06:17.0678 7448 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
16:06:17.0724 7448 ProfSvc - ok
16:06:17.0740 7448 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:06:17.0771 7448 ProtectedStorage - ok
16:06:17.0818 7448 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:06:17.0880 7448 Psched - ok
16:06:17.0974 7448 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:06:18.0005 7448 PSI_SVC_2 - ok
16:06:18.0146 7448 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:06:18.0224 7448 ql2300 - ok
16:06:18.0364 7448 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:06:18.0395 7448 ql40xx - ok
16:06:18.0442 7448 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:06:18.0536 7448 QWAVE - ok
16:06:18.0582 7448 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:06:18.0614 7448 QWAVEdrv - ok
16:06:18.0692 7448 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
16:06:18.0707 7448 RapiMgr - ok
16:06:18.0738 7448 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:06:18.0801 7448 RasAcd - ok
16:06:18.0848 7448 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:06:18.0910 7448 RasAgileVpn - ok
16:06:18.0941 7448 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:06:18.0988 7448 RasAuto - ok
16:06:19.0019 7448 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:06:19.0066 7448 Rasl2tp - ok
16:06:19.0113 7448 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
16:06:19.0206 7448 RasMan - ok
16:06:19.0253 7448 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:06:19.0316 7448 RasPppoe - ok
16:06:19.0362 7448 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:06:19.0425 7448 RasSstp - ok
16:06:19.0472 7448 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
16:06:19.0534 7448 rdbss - ok
16:06:19.0565 7448 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:06:19.0612 7448 rdpbus - ok
16:06:19.0628 7448 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:06:19.0674 7448 RDPCDD - ok
16:06:19.0706 7448 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:06:19.0737 7448 RDPENCDD - ok
16:06:19.0768 7448 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:06:19.0799 7448 RDPREFMP - ok
16:06:19.0846 7448 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
16:06:19.0893 7448 RDPWD - ok
16:06:19.0955 7448 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
16:06:19.0986 7448 rdyboost - ok
16:06:20.0033 7448 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:06:20.0080 7448 RemoteAccess - ok
16:06:20.0111 7448 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:06:20.0158 7448 RemoteRegistry - ok
16:06:20.0267 7448 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files\CyberLink\Shared files\RichVideo.exe
16:06:20.0298 7448 RichVideo ( UnsignedFile.Multi.Generic ) - warning
16:06:20.0298 7448 RichVideo - detected UnsignedFile.Multi.Generic (1)
16:06:20.0330 7448 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:06:20.0392 7448 RpcEptMapper - ok
16:06:20.0423 7448 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:06:20.0454 7448 RpcLocator - ok
16:06:20.0486 7448 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
16:06:20.0532 7448 RpcSs - ok
16:06:20.0564 7448 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:06:20.0642 7448 rspndr - ok
16:06:20.0688 7448 RSUSBSTOR (0340a381b920a6e68178b832889f33f8) C:\Windows\System32\Drivers\RtsUStor.sys
16:06:20.0704 7448 RSUSBSTOR - ok
16:06:20.0829 7448 rtl8192se (b5e9979fbb26fc059bd87a81f763d5da) C:\Windows\system32\DRIVERS\rtl8192se.sys
16:06:20.0876 7448 rtl8192se - ok
16:06:20.0907 7448 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:06:20.0922 7448 SamSs - ok
16:06:20.0969 7448 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
16:06:21.0000 7448 sbp2port - ok
16:06:21.0047 7448 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:06:21.0110 7448 SCardSvr - ok
16:06:21.0156 7448 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
16:06:21.0203 7448 scfilter - ok
16:06:21.0281 7448 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
16:06:21.0375 7448 Schedule - ok
16:06:21.0406 7448 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
16:06:21.0468 7448 SCPolicySvc - ok
16:06:21.0500 7448 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
16:06:21.0531 7448 SDRSVC - ok
16:06:21.0578 7448 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:06:21.0624 7448 secdrv - ok
16:06:21.0624 7448 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:06:21.0702 7448 seclogon - ok
16:06:21.0718 7448 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
16:06:21.0780 7448 SENS - ok
16:06:21.0812 7448 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:06:21.0874 7448 SensrSvc - ok
16:06:21.0890 7448 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:06:21.0921 7448 Serenum - ok
16:06:21.0983 7448 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:06:22.0014 7448 Serial - ok
16:06:22.0046 7448 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:06:22.0077 7448 sermouse - ok
16:06:22.0108 7448 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
16:06:22.0155 7448 SessionEnv - ok
16:06:22.0170 7448 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
16:06:22.0217 7448 sffdisk - ok
16:06:22.0248 7448 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:06:22.0280 7448 sffp_mmc - ok
16:06:22.0295 7448 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:06:22.0342 7448 sffp_sd - ok
16:06:22.0373 7448 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:06:22.0420 7448 sfloppy - ok
16:06:22.0482 7448 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:06:22.0560 7448 SharedAccess - ok
16:06:22.0623 7448 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
16:06:22.0670 7448 ShellHWDetection - ok
16:06:22.0716 7448 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
16:06:22.0732 7448 sisagp - ok
16:06:22.0748 7448 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:06:22.0763 7448 SiSRaid2 - ok
16:06:22.0794 7448 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:06:22.0810 7448 SiSRaid4 - ok
16:06:23.0060 7448 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:06:23.0122 7448 Skype C2C Service - ok
16:06:23.0200 7448 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) D:\Programme\Kommunikation\Skype\Updater\Updater.exe
16:06:23.0231 7448 SkypeUpdate - ok
16:06:23.0418 7448 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:06:23.0496 7448 Smb - ok
16:06:23.0559 7448 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:06:23.0606 7448 SNMPTRAP - ok
16:06:23.0668 7448 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:06:23.0699 7448 spldr - ok
16:06:23.0746 7448 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
16:06:23.0793 7448 Spooler - ok
16:06:23.0980 7448 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
16:06:24.0058 7448 sppsvc - ok
16:06:24.0183 7448 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
16:06:24.0230 7448 sppuinotify - ok
16:06:24.0308 7448 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
16:06:24.0370 7448 srv - ok
16:06:24.0417 7448 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
16:06:24.0464 7448 srv2 - ok
16:06:24.0495 7448 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
16:06:24.0542 7448 srvnet - ok
16:06:24.0588 7448 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:06:24.0682 7448 SSDPSRV - ok
16:06:24.0744 7448 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
16:06:24.0760 7448 ssmdrv - ok
16:06:24.0791 7448 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:06:24.0854 7448 SstpSvc - ok
16:06:24.0900 7448 ss_bus (54946449a0eb74915a4bb34f7ee51a5a) C:\Windows\system32\DRIVERS\ss_bus.sys
16:06:24.0932 7448 ss_bus - ok
16:06:24.0978 7448 ss_mdfl (4450bc0b2e9d7d9b90e3c3de4ea00a78) C:\Windows\system32\DRIVERS\ss_mdfl.sys
16:06:25.0010 7448 ss_mdfl - ok
16:06:25.0056 7448 ss_mdm (30b8d0dd01ead1243f329caf7d7d1517) C:\Windows\system32\DRIVERS\ss_mdm.sys
16:06:25.0072 7448 ss_mdm - ok
16:06:25.0103 7448 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:06:25.0119 7448 stexstor - ok
16:06:25.0197 7448 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
16:06:25.0275 7448 StiSvc - ok
16:06:25.0290 7448 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
16:06:25.0306 7448 swenum - ok
16:06:25.0353 7448 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:06:25.0431 7448 swprv - ok
16:06:25.0509 7448 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys
16:06:25.0540 7448 SynTP - ok
16:06:25.0649 7448 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
16:06:25.0712 7448 SysMain - ok
16:06:25.0743 7448 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
16:06:25.0774 7448 TabletInputService - ok
16:06:25.0805 7448 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
16:06:25.0883 7448 TapiSrv - ok
16:06:25.0961 7448 tbhsd (d7f411c5af992bb44e86083a6aa7b045) C:\Windows\system32\drivers\tbhsd.sys
16:06:25.0992 7448 tbhsd - ok
16:06:26.0024 7448 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:06:26.0070 7448 TBS - ok
16:06:26.0242 7448 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
16:06:26.0304 7448 Tcpip - ok
16:06:26.0554 7448 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
16:06:26.0601 7448 TCPIP6 - ok
16:06:26.0741 7448 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
16:06:26.0819 7448 tcpipreg - ok
16:06:26.0835 7448 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
16:06:26.0882 7448 TDPIPE - ok
16:06:26.0897 7448 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
16:06:26.0928 7448 TDTCP - ok
16:06:26.0960 7448 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
16:06:27.0022 7448 tdx - ok
16:06:27.0287 7448 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
16:06:27.0350 7448 TeamViewer7 - ok
16:06:27.0474 7448 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
16:06:27.0506 7448 TermDD - ok
16:06:27.0552 7448 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
16:06:27.0646 7448 TermService - ok
16:06:27.0677 7448 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:06:27.0724 7448 Themes - ok
16:06:27.0755 7448 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:06:27.0802 7448 THREADORDER - ok
16:06:27.0833 7448 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:06:27.0880 7448 TrkWks - ok
16:06:27.0942 7448 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
16:06:27.0974 7448 TrustedInstaller - ok
16:06:28.0005 7448 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:06:28.0067 7448 tssecsrv - ok
16:06:28.0098 7448 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
16:06:28.0161 7448 tunnel - ok
16:06:28.0208 7448 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:06:28.0223 7448 uagp35 - ok
16:06:28.0254 7448 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
16:06:28.0332 7448 udfs - ok
16:06:28.0364 7448 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:06:28.0410 7448 UI0Detect - ok
16:06:28.0473 7448 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:06:28.0488 7448 uliagpkx - ok
16:06:28.0520 7448 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
16:06:28.0582 7448 umbus - ok
16:06:28.0629 7448 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:06:28.0660 7448 UmPass - ok
16:06:28.0941 7448 UNS (af905f4966cfc8b973623ab150cd4b2b) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:06:29.0003 7448 UNS - ok
16:06:29.0175 7448 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:06:29.0237 7448 upnphost - ok
16:06:29.0315 7448 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:06:29.0362 7448 USBAAPL - ok
16:06:29.0409 7448 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
16:06:29.0456 7448 usbccgp - ok
16:06:29.0502 7448 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
16:06:29.0534 7448 usbcir - ok
16:06:29.0580 7448 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
16:06:29.0627 7448 usbehci - ok
16:06:29.0674 7448 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
16:06:29.0736 7448 usbhub - ok
16:06:29.0768 7448 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
16:06:29.0799 7448 usbohci - ok
16:06:29.0830 7448 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:06:29.0892 7448 usbprint - ok
16:06:29.0924 7448 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:06:29.0970 7448 USBSTOR - ok
16:06:30.0002 7448 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
16:06:30.0033 7448 usbuhci - ok
16:06:30.0095 7448 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
16:06:30.0142 7448 usbvideo - ok
16:06:30.0173 7448 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:06:30.0236 7448 UxSms - ok
16:06:30.0267 7448 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:06:30.0298 7448 VaultSvc - ok
16:06:30.0329 7448 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:06:30.0345 7448 vdrvroot - ok
16:06:30.0407 7448 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
16:06:30.0454 7448 vds - ok
16:06:30.0501 7448 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:06:30.0532 7448 vga - ok
16:06:30.0563 7448 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:06:30.0626 7448 VgaSave - ok
16:06:30.0672 7448 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
16:06:30.0704 7448 vhdmp - ok
16:06:30.0766 7448 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
16:06:30.0797 7448 viaagp - ok
16:06:30.0813 7448 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:06:30.0844 7448 ViaC7 - ok
16:06:30.0875 7448 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
16:06:30.0906 7448 viaide - ok
16:06:30.0922 7448 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
16:06:30.0938 7448 volmgr - ok
16:06:31.0000 7448 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:06:31.0031 7448 volmgrx - ok
16:06:31.0078 7448 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
16:06:31.0094 7448 volsnap - ok
16:06:31.0203 7448 Vsdatant (6292c794ba68e0f46a6d45468461afe1) C:\Windows\system32\DRIVERS\vsdatant.sys
16:06:31.0250 7448 Vsdatant - ok
16:06:31.0312 7448 vsmon - ok
16:06:31.0343 7448 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:06:31.0374 7448 vsmraid - ok
16:06:31.0499 7448 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
16:06:31.0562 7448 VSS - ok
16:06:31.0577 7448 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
16:06:31.0624 7448 vwifibus - ok
16:06:31.0655 7448 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
16:06:31.0686 7448 vwififlt - ok
16:06:31.0733 7448 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
16:06:31.0780 7448 vwifimp - ok
16:06:31.0858 7448 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:06:31.0967 7448 W32Time - ok
16:06:31.0998 7448 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:06:32.0014 7448 WacomPen - ok
16:06:32.0061 7448 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:06:32.0123 7448 WANARP - ok
16:06:32.0123 7448 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:06:32.0170 7448 Wanarpv6 - ok
16:06:32.0295 7448 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
16:06:32.0373 7448 wbengine - ok
16:06:32.0420 7448 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:06:32.0466 7448 WbioSrvc - ok
16:06:32.0560 7448 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
16:06:32.0591 7448 WcesComm - ok
16:06:32.0638 7448 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
16:06:32.0700 7448 wcncsvc - ok
16:06:32.0747 7448 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:06:32.0794 7448 WcsPlugInService - ok
16:06:32.0856 7448 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:06:32.0888 7448 Wd - ok
16:06:32.0950 7448 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:06:32.0997 7448 Wdf01000 - ok
16:06:33.0044 7448 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:06:33.0106 7448 WdiServiceHost - ok
16:06:33.0106 7448 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:06:33.0137 7448 WdiSystemHost - ok
16:06:33.0184 7448 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
16:06:33.0246 7448 WebClient - ok
16:06:33.0293 7448 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:06:33.0356 7448 Wecsvc - ok
16:06:33.0371 7448 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:06:33.0402 7448 wercplsupport - ok
16:06:33.0449 7448 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:06:33.0480 7448 WerSvc - ok
16:06:33.0496 7448 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:06:33.0527 7448 WfpLwf - ok
16:06:33.0558 7448 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:06:33.0574 7448 WIMMount - ok
16:06:33.0699 7448 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:06:33.0777 7448 WinDefend - ok
16:06:33.0792 7448 WinHttpAutoProxySvc - ok
16:06:33.0855 7448 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:06:33.0933 7448 Winmgmt - ok
16:06:34.0042 7448 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
16:06:34.0136 7448 WinRM - ok
16:06:34.0214 7448 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
16:06:34.0245 7448 WinUsb - ok
16:06:34.0370 7448 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) c:\Programme\Systemprogramme\RealVNC\VNC4\WinVNC4.exe
16:06:34.0401 7448 WinVNC4 - ok
16:06:34.0463 7448 WisLMSvc (4c69a8e2e159c1c59bc4b688e9dd7f8c) C:\Program Files\Launch Manager\WisLMSvc.exe
16:06:34.0479 7448 WisLMSvc - ok
16:06:34.0572 7448 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:06:34.0650 7448 Wlansvc - ok
16:06:34.0822 7448 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:06:34.0869 7448 wlidsvc - ok
16:06:35.0025 7448 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:06:35.0072 7448 WmiAcpi - ok
16:06:35.0134 7448 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:06:35.0196 7448 wmiApSrv - ok
16:06:35.0368 7448 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:06:35.0430 7448 WMPNetworkSvc - ok
16:06:35.0524 7448 WMZuneComm (017695393afffed8de58abd1b085be6d) C:\Program Files\Zune\WMZuneComm.exe
16:06:35.0571 7448 WMZuneComm - ok
16:06:35.0711 7448 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:06:35.0758 7448 WPCSvc - ok
16:06:35.0789 7448 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
16:06:35.0820 7448 WPDBusEnum - ok
16:06:35.0883 7448 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:06:35.0961 7448 ws2ifsl - ok
16:06:35.0992 7448 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
16:06:36.0023 7448 wscsvc - ok
16:06:36.0039 7448 WSearch - ok
16:06:36.0195 7448 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
16:06:36.0304 7448 wuauserv - ok
16:06:36.0460 7448 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:06:36.0554 7448 WudfPf - ok
16:06:36.0585 7448 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:06:36.0647 7448 WUDFRd - ok
16:06:36.0694 7448 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
16:06:36.0741 7448 wudfsvc - ok
16:06:36.0772 7448 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:06:36.0834 7448 WwanSvc - ok
16:06:37.0193 7448 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) C:\Program Files\Zune\ZuneNss.exe
16:06:37.0443 7448 ZuneNetworkSvc - ok
16:06:37.0568 7448 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
16:06:37.0614 7448 ZuneWlanCfgSvc - ok
16:06:37.0646 7448 MBR (0x1B8) (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0
16:06:40.0610 7448 \Device\Harddisk0\DR0 - ok
16:06:40.0625 7448 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
16:06:43.0168 7448 \Device\Harddisk1\DR1 - ok
16:06:43.0184 7448 Boot (0x1200) (f31dc2512ad53822a7e28369d1c5e63f) \Device\Harddisk0\DR0\Partition0
16:06:43.0184 7448 \Device\Harddisk0\DR0\Partition0 - ok
16:06:43.0230 7448 Boot (0x1200) (880637bea931fe8c03abed6dd053f59b) \Device\Harddisk0\DR0\Partition1
16:06:43.0230 7448 \Device\Harddisk0\DR0\Partition1 - ok
16:06:43.0262 7448 Boot (0x1200) (41300ec0d0bbc9dab6d46fb8d03c5f51) \Device\Harddisk0\DR0\Partition2
16:06:43.0262 7448 \Device\Harddisk0\DR0\Partition2 - ok
16:06:43.0262 7448 Boot (0x1200) (ab965133ae643175db92613dfc0b7cf4) \Device\Harddisk1\DR1\Partition0
16:06:43.0262 7448 \Device\Harddisk1\DR1\Partition0 - ok
16:06:43.0262 7448 ============================================================
16:06:43.0262 7448 Scan finished
16:06:43.0262 7448 ============================================================
16:06:43.0277 3764 Detected object count: 2
16:06:43.0277 3764 Actual detected object count: 2
16:06:57.0739 3764 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:57.0739 3764 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:57.0739 3764 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:57.0739 3764 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
Leider ist die Meldung "...roper0dun.exe..." immer noch vorhanden, die Links im Internet funktionieren aber schon einmal wieder! Bis hierhin schon einmal DANKE! Gruß Thomas |
|
16.07.2012, 16:28
| #4 |
| | Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" Hi, Du hast einen OTL-Scan ausgeführt, und nicht das Script abfahren lassen. Lies Dir den letzten Post von mir nochmal durch und lass dann OTL das script durchführen. AdwareCleaner Schliesse alle offenstehende Fenster und starte AdwCleaner (Win7/Vista: Als Administrator ausführen)
Dein Rechner wird neu gestartet und es öffnet sich ein Logfile (C:\AdwCleaner[xx].txt), poste dessen Inhalt hier ins Forum. Superantispyware (SASW): http://www.trojaner-board.de/51871-a...tispyware.html chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
16.07.2012, 19:44
| #5 |
| | Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" So, da bin ich wieder. Sorry, das mit OTL  Ich hoffe, diesmal ist es das Script gewesen. OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Doabysk not found.
Folder C:\Users\Thomas Hitscher\AppData\Roaming\Pemaa\ not found.
Folder C:\Users\Thomas Hitscher\AppData\Roaming\Inedan\ not found.
Folder C:\Users\Thomas Hitscher\AppData\Roaming\Cait\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Thomas Hitscher
->Temp folder emptied: 1777823 bytes
->Temporary Internet Files folder emptied: 1347473 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16043295 bytes
->Flash cache emptied: 877 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1117532 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 19.00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07162012_175207
Files\Folders moved on Reboot...
C:\Users\Thomas Hitscher\AppData\Local\Temp\~DF9DF457C4B093C94C.TMP moved successfully.
C:\Windows\temp\ZLT00b37.TMP moved successfully.
PendingFileRenameOperations files...
File C:\Users\Thomas Hitscher\AppData\Local\Temp\~DF9DF457C4B093C94C.TMP not found!
File C:\Windows\temp\ZLT00b37.TMP not found!
Registry entries deleted on Reboot...
Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/16/2012 at 18:01:07
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Thomas Hitscher - LAPTOP
# Running from : C:\Users\Thomas Hitscher\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Thomas Hitscher\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Thomas Hitscher\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Thomas Hitscher\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\Conduit
Folder Deleted : C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\ConduitCommon
Folder Deleted : C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\Searchqutoolbar
Folder Deleted : C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Windows Searchqu Toolbar
Folder Deleted : C:\Program Files\ZoneAlarm-Sicherheit
File Deleted : C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7600.16385
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/413 --> hxxp://www.google.com
-\\ Mozilla Firefox v4.0 (de)
Profile name : default
File : C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\prefs.js
C:\Users\Thomas Hitscher\AppData\Roaming\Mozilla\Firefox\Profiles\3i6xbetf.default\user.js ... Deleted !
Deleted : user_pref("CT2613550..clientLogIsEnabled", false);
Deleted : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2613550.CTID", "ct2613550");
Deleted : user_pref("CT2613550.CurrentServerDate", "10-5-2012");
Deleted : user_pref("CT2613550.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2613550.DialogsGetterLastCheckTime", "Tue May 08 2012 20:55:02 GMT+0200");
Deleted : user_pref("CT2613550.DownloadReferralCookieData", "");
Deleted : user_pref("CT2613550.EMailNotifierCheckInterval", "5");
Deleted : user_pref("CT2613550.EMailNotifierLabelLength", 6);
Deleted : user_pref("CT2613550.EMailNotifierPollDate", "Thu May 10 2012 21:23:30 GMT+0200");
Deleted : user_pref("CT2613550.EMailNotifierSound", "C:\\Windows\\Media\\Garden\\Windows Default.wav");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602533", "Fri Mar 25 2011 15:54:41 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602539", "Fri Mar 25 2011 15:54:41 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602545", "Fri Mar 25 2011 15:54:42 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602551", "Fri Mar 25 2011 15:54:42 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602557", "Fri Mar 25 2011 15:54:42 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602563", "Fri Mar 25 2011 15:54:42 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602569", "Fri Mar 25 2011 15:54:42 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602575", "Fri Mar 25 2011 15:54:42 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602581", "Fri Mar 25 2011 15:54:42 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602587", "Fri Mar 25 2011 15:54:42 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602593", "Fri Mar 25 2011 15:54:43 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602599", "Fri Mar 25 2011 15:54:43 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602605", "Fri Mar 25 2011 15:54:43 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602611", "Fri Mar 25 2011 15:54:43 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602617", "Fri Mar 25 2011 15:54:43 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602623", "Fri Mar 25 2011 15:54:43 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602629", "Fri Mar 25 2011 15:54:43 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate7861255190875796966", "Wed Jul 13 2011 21:25:10 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255191286404846", "Wed Jul 13 2011 21:25:10 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255191690696803", "Wed Jul 13 2011 21:25:08 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255191830767423", "Wed Jul 13 2011 21:25:10 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255192204641884", "Wed Jul 13 2011 21:25:10 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255192330261614", "Wed Jul 13 2011 21:25:07 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255192609293799", "Wed Jul 13 2011 21:25:10 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255192844976705", "Wed Jul 13 2011 21:25:07 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193025486845", "Wed Jul 13 2011 21:25:10 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193127848905", "Wed Jul 13 2011 21:25:10 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193189289837", "Wed Jul 13 2011 21:25:08 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193256322449", "Wed Jul 13 2011 21:25:07 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193310202497", "Wed Jul 13 2011 21:25:10 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193760634970", "Wed Jul 13 2011 21:25:10 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193813312257", "Wed Jul 13 2011 21:25:10 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255194862513855", "Wed Jul 13 2011 21:25:07 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255194875474195", "Wed Jul 13 2011 21:25:10 GMT+0200");
Deleted : user_pref("CT2613550.FeedTTL129254982599602545", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602551", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602575", 2);
Deleted : user_pref("CT2613550.FeedTTL129254982599602605", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602617", 30);
Deleted : user_pref("CT2613550.FeedTTL7861255190875796966", 5);
Deleted : user_pref("CT2613550.FeedTTL7861255191286404846", 2);
Deleted : user_pref("CT2613550.FeedTTL7861255191830767423", 30);
Deleted : user_pref("CT2613550.FeedTTL7861255192609293799", 30);
Deleted : user_pref("CT2613550.FeedTTL7861255192844976705", 5);
Deleted : user_pref("CT2613550.FeedTTL7861255193256322449", 5);
Deleted : user_pref("CT2613550.FeedTTL7861255193310202497", 2);
Deleted : user_pref("CT2613550.FirstServerDate", "19-12-2010");
Deleted : user_pref("CT2613550.FirstTime", true);
Deleted : user_pref("CT2613550.FirstTimeFF3", true);
Deleted : user_pref("CT2613550.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2613550.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2613550.HasUserGlobalKeys", true);
Deleted : user_pref("CT2613550.Initialize", true);
Deleted : user_pref("CT2613550.InitializeCommonPrefs", true);
Deleted : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2613550.InstalledDate", "Sat Dec 18 2010 22:24:33 GMT+0100");
Deleted : user_pref("CT2613550.IsAlertDBUpdated", true);
Deleted : user_pref("CT2613550.IsGrouping", false);
Deleted : user_pref("CT2613550.IsMulticommunity", false);
Deleted : user_pref("CT2613550.IsOpenThankYouPage", false);
Deleted : user_pref("CT2613550.IsOpenUninstallPage", true);
Deleted : user_pref("CT2613550.LanguagePackLastCheckTime", "Sat Dec 18 2010 22:24:45 GMT+0100");
Deleted : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2613550.LastLogin_2.7.1.3", "Fri Mar 25 2011 15:54:41 GMT+0100");
Deleted : user_pref("CT2613550.LastLogin_3.10.0.1", "Wed Apr 18 2012 16:07:39 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.12.0.7", "Wed Apr 25 2012 18:05:19 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.12.2.3", "Thu May 10 2012 19:49:59 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.3.3.2", "Sun Jul 24 2011 13:33:58 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.5.0.12", "Wed Aug 24 2011 16:59:04 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.6.0.10", "Wed Oct 05 2011 17:59:55 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.7.0.6", "Wed Nov 09 2011 16:49:00 GMT+0100");
Deleted : user_pref("CT2613550.LastLogin_3.8.0.8", "Wed Dec 07 2011 21:01:58 GMT+0100");
Deleted : user_pref("CT2613550.LastLogin_3.8.1.0", "Mon Jan 16 2012 20:29:08 GMT+0100");
Deleted : user_pref("CT2613550.LastLogin_3.9.0.3", "Thu Mar 08 2012 19:31:16 GMT+0100");
Deleted : user_pref("CT2613550.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2613550.Locale", "de-de");
Deleted : user_pref("CT2613550.LoginCache", 4);
Deleted : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2613550.MCDetectTooltipShow", false);
Deleted : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2613550.RadioIsPodcast", false);
Deleted : user_pref("CT2613550.RadioMediaID", "8577");
Deleted : user_pref("CT2613550.RadioMediaType", "Media Player");
Deleted : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT2613550_RECENT8577");
Deleted : user_pref("CT2613550.RadioShrinked", "expanded");
Deleted : user_pref("CT2613550.RadioStationName", "Rock%20n%20Pop%20106!8%20");
Deleted : user_pref("CT2613550.RadioStationURL", "hxxp://62.75.132.19:80");
Deleted : user_pref("CT2613550.RadioVolume", "60");
Deleted : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Deleted : user_pref("CT2613550.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2613550.ServiceMapLastCheckTime", "Thu May 10 2012 21:24:58 GMT+0200");
Deleted : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2613550.SettingsLastCheckTime", "Sat Dec 18 2010 22:24:32 GMT+0100");
Deleted : user_pref("CT2613550.SettingsLastUpdate", "1291812328");
Deleted : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Sat Dec 18 2010 22:24:31 GMT+0100");
Deleted : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
Deleted : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2613550.UserID", "UN91529305457378263");
Deleted : user_pref("CT2613550.ValidationData_Search", 1);
Deleted : user_pref("CT2613550.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2613550.WeatherNetwork", "");
Deleted : user_pref("CT2613550.WeatherPollDate", "Thu May 10 2012 21:08:21 GMT+0200");
Deleted : user_pref("CT2613550.WeatherUnit", "C");
Deleted : user_pref("CT2613550.alertChannelId", "1006347");
Deleted : user_pref("CT2613550.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT2613550.backendstorage.facebook_user_locale", "6465");
Deleted : user_pref("CT2613550.clientLogIsEnabled", false);
Deleted : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2613550.components.1000082", true);
Deleted : user_pref("CT2613550.components.1000234", true);
Deleted : user_pref("CT2613550.ct2613550.AppTrackingLastCheckTime", "Tue May 08 2012 20:55:18 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 832);
Deleted : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2613550.ct2613550.InvalidateCache", false);
Deleted : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Thu May 10 2012 21:08:20 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.Locale", "de-de");
Deleted : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Thu May 10 2012 21:08:20 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Thu May 10 2012 21:08:20 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Thu May 10 2012 19:49:57 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1334650619");
Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Sat Apr 21 2012 15:26:05 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2613550.ct2613550.components.1001", true);
Deleted : user_pref("CT2613550.ct2613550.globalFirstTimeInfoLastCheckTime", "Sun May 06 2012 20:53:19 GMT+0200[...]
Deleted : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Thu May 10 2012 21:08:20 GMT+0200"[...]
Deleted : user_pref("CT2613550.ct2613550.toolbarContextMenuLastCheckTime", "Fri Apr 27 2012 22:04:21 GMT+0200"[...]
Deleted : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2613550.initDone", true);
Deleted : user_pref("CT2613550.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2613550.myStuffEnabled", true);
Deleted : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2613550.oldAppsList", "129171076488700693,129171076488856944,111,129171076488856945,129[...]
Deleted : user_pref("CT2613550.revertSettingsEnabled", true);
Deleted : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2613550.testingCtid", "");
Deleted : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2613550.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2613550");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2613550&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Thomas Hitscher\\AppData\\Roaming\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 31 2011 18:37:26 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jul 24 2011 13:33:57 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "1e028694-4e39-4c6e-be79-da6962228966");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 16 2012 19:40:58 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "2d9e71fe-5413-4df8-9d98-e5033559c882");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 08 2012 20:55:0[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu May 10 2012 21:08:19 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "18432776-40e8-40d5-8c3e-8fe41a6ca0ac");
Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=");
*************************
AdwCleaner[R1].txt - [27586 octets] - [16/07/2012 16:02:11]
AdwCleaner[S1].txt - [28299 octets] - [16/07/2012 18:01:07]
########## EOF - C:\AdwCleaner[S1].txt - [28428 octets] ##########
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/16/2012 at 08:21 PM
Application Version : 5.5.1006
Core Rules Database Version : 8904
Trace Rules Database Version: 6716
Scan type : Complete Scan
Total Scan Time : 02:05:43
Operating System Information
Windows 7 Home Premium 32-bit (Build 6.01.7600)
UAC On - Administrator
Memory items scanned : 882
Memory threats detected : 0
Registry items scanned : 37056
Registry threats detected : 0
File items scanned : 259360
File threats detected : 471
Adware.Tracking Cookie
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\thomas_hitscher@2o7[2].txt [ /2o7 ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\thomas_hitscher@atdmt[2].txt [ /atdmt ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\thomas_hitscher@doubleclick[1].txt [ /doubleclick ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\thomas_hitscher@go.easybitsmedia[1].txt [ /go.easybitsmedia ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\thomas_hitscher@overture[1].txt [ /overture ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\thomas_hitscher@smartadserver[2].txt [ /smartadserver ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\thomas_hitscher@smartadserver[3].txt [ /smartadserver ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\thomas_hitscher@viacom.adbureau[2].txt [ /viacom.adbureau ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\8UWYP1T2.txt [ /c.atdmt.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\CVED8EZO.txt [ /doubleclick.net ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\Z51DQ15I.txt [ /smartadserver.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\R7BP0J8Y.txt [ /atdmt.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\C3TWJZ53.txt [ /mediaplex.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\3DEFCE3M.txt [ /serving-sys.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\N3Y6UQII.txt [ /go.easybitsmedia.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\JDGWWBDF.txt [ /myroitracking.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\496LTNXS.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\YKUYLPOG.txt [ /liveperson.net ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\UGBYQQJJ.txt [ /tracking.quisma.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\R24QAOCC.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\MVXLQJ5K.txt [ /bs.serving-sys.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\OTIOJMTU.txt [ /statcounter.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\3C4KX78F.txt [ /apmebf.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\UTB1L2SF.txt [ /ad.zanox.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\JXSQUJAR.txt [ /ads.creative-serving.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\XSW0PPT3.txt [ /dyntracker.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\UHZC4K3F.txt [ /atdmt.combing.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\JWJVDAMI.txt [ /zanox.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\PPH7AIK6.txt [ /clicksor.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\IGG56H6A.txt [ /ad.yieldmanager.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\A1MQUZNU.txt [ /adfarm1.adition.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\DBKQADXL.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\DQYYZSDF.txt [ /imrworldwide.com ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\B15VQCI3.txt [ /fastclick.net ]
C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Cookies\1RRJ13KX.txt [ /www.windowsmedia.com ]
C:\USERS\THOMAS HITSCHER\AppData\Roaming\Microsoft\Windows\Cookies\Low\N991ULJS.txt [ Cookie:thomas hitscher@c.atdmt.com/ ]
C:\USERS\THOMAS HITSCHER\AppData\Roaming\Microsoft\Windows\Cookies\Low\5U2H8EI6.txt [ Cookie:thomas hitscher@doubleclick.net/ ]
C:\USERS\THOMAS HITSCHER\AppData\Roaming\Microsoft\Windows\Cookies\Low\thomas_hitscher@zanox-affiliate[1].txt [ Cookie:thomas hitscher@zanox-affiliate.de/ ]
C:\USERS\THOMAS HITSCHER\AppData\Roaming\Microsoft\Windows\Cookies\Low\U9DGE2TC.txt [ Cookie:thomas hitscher@atdmt.com/ ]
C:\USERS\THOMAS HITSCHER\AppData\Roaming\Microsoft\Windows\Cookies\Low\thomas_hitscher@tradedoubler[1].txt [ Cookie:thomas hitscher@tradedoubler.com/ ]
C:\USERS\THOMAS HITSCHER\AppData\Roaming\Microsoft\Windows\Cookies\Low\thomas_hitscher@msnportal.112.2o7[1].txt [ Cookie:thomas hitscher@msnportal.112.2o7.net/ ]
C:\USERS\THOMAS HITSCHER\AppData\Roaming\Microsoft\Windows\Cookies\Low\thomas_hitscher@traffictrack[1].txt [ Cookie:thomas hitscher@traffictrack.de/ ]
C:\USERS\THOMAS HITSCHER\AppData\Roaming\Microsoft\Windows\Cookies\Low\thomas_hitscher@apmebf[2].txt [ Cookie:thomas hitscher@apmebf.com/ ]
C:\USERS\THOMAS HITSCHER\AppData\Roaming\Microsoft\Windows\Cookies\Low\UUQQZBK6.txt [ Cookie:thomas hitscher@atdmt.combing.com/ ]
C:\USERS\THOMAS HITSCHER\AppData\Roaming\Microsoft\Windows\Cookies\Low\thomas_hitscher@adfarm1.adition[2].txt [ Cookie:thomas hitscher@adfarm1.adition.com/ ]
C:\USERS\THOMAS HITSCHER\AppData\Roaming\Microsoft\Windows\Cookies\Low\thomas_hitscher@questionmarket[2].txt [ Cookie:thomas hitscher@questionmarket.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\8UWYP1T2.txt [ Cookie:thomas hitscher@c.atdmt.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\CVED8EZO.txt [ Cookie:thomas hitscher@doubleclick.net/ ]
C:\USERS\THOMAS HITSCHER\Cookies\Z51DQ15I.txt [ Cookie:thomas hitscher@smartadserver.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\R7BP0J8Y.txt [ Cookie:thomas hitscher@atdmt.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\3DEFCE3M.txt [ Cookie:thomas hitscher@serving-sys.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\496LTNXS.txt [ Cookie:thomas hitscher@ad2.adfarm1.adition.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\YKUYLPOG.txt [ Cookie:thomas hitscher@liveperson.net/ ]
C:\USERS\THOMAS HITSCHER\Cookies\UGBYQQJJ.txt [ Cookie:thomas hitscher@tracking.quisma.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\R24QAOCC.txt [ Cookie:thomas hitscher@ad1.adfarm1.adition.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\OTIOJMTU.txt [ Cookie:thomas hitscher@statcounter.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\3C4KX78F.txt [ Cookie:thomas hitscher@apmebf.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\UTB1L2SF.txt [ Cookie:thomas hitscher@ad.zanox.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\XSW0PPT3.txt [ Cookie:thomas hitscher@dyntracker.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\UHZC4K3F.txt [ Cookie:thomas hitscher@atdmt.combing.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\JWJVDAMI.txt [ Cookie:thomas hitscher@zanox.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\PPH7AIK6.txt [ Cookie:thomas hitscher@clicksor.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\A1MQUZNU.txt [ Cookie:thomas hitscher@adfarm1.adition.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\DBKQADXL.txt [ Cookie:thomas hitscher@ad3.adfarm1.adition.com/ ]
C:\USERS\THOMAS HITSCHER\Cookies\DQYYZSDF.txt [ Cookie:thomas hitscher@imrworldwide.com/cgi-bin ]
C:\USERS\THOMAS HITSCHER\Cookies\B15VQCI3.txt [ Cookie:thomas hitscher@fastclick.net/ ]
C:\USERS\THOMAS HITSCHER\Cookies\1RRJ13KX.txt [ Cookie:thomas hitscher@www.windowsmedia.com/ ]
C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\THOMAS_HITSCHER@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\THOMAS_HITSCHER@ADX.CHIP[2].TXT [ /ADX.CHIP ]
C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\THOMAS_HITSCHER@AD.CHIP[1].TXT [ /AD.CHIP ]
.apmebf.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.conrad.122.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.de.at.atwola.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.ads.crakmedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.myhammer.122.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.lego.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.microsoftwllivemkt.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.mswmw7mobilemainprod.122.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wgliogdzcko.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
banner.slashcam.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.kakakucom.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjlywldzilp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wnliahdzcfp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.lradx.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.lradx.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.trackalyzer.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.nuon.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
stat.vattenfall.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6whlouoc5kao.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjliwid5gdp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aek4ahd5ieo.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.sonyeurope.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
zbox.zanox.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
banner.mp-infoverlag.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.stats.ebay.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjlouncjkgp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.shipfinder.co [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.shipfinder.co [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.shipfinder.co [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.shipfinder.org [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.shipfinder.org [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.shipfinder.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.shipfinder.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.servestats.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.urbia.wwe-media.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aekiwkcjeep.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmkowjcpcdp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjk4ggczego.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjligicjsap.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjloaldpolp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wdlokgdjadp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjliwoc5ilp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjlywpcjwgo.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wml4wldjkbp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ads2.medianord.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
s4.trafficmaxx.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.superrtl.122.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wgkiwpcpceo.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkowhdjweo.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aekiaocpclo.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.youporn.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.enoratraffic.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.pornobilder24.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.gqporno.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.gqporno.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.gqporno.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ads.amateur-porno-blog.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.gqporno.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.gqporno.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.nissaneurope.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.sex-geizkragen.ch [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.sex-geizkragen.ch [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.pornme.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.pornme.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.pornme.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.nl.picclick.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.nl.picclick.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfkoamcjwkp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wgkykndpkho.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.autoscout24.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.benl.picclick.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.benl.picclick.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmmiqmdjmao.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.ad-track.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
img-cdn.mediaplex.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
secure.img-cdn.mediaplex.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ebusiness.springer-business-media.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.ad-emea.doubleclick.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.ad-emea.doubleclick.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
e2.emediate.se [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ads.crakmedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.sexad.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjliwjczsbp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmliwod5mlp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjlykhd5cao.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.ad-emea.doubleclick.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
tracking.klicktel.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
teufel-media.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfk4soajabo.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
adserver.ip-phone-forum.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
dk-adserver.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.snapfish.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wckyogdjohp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.rezidor.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wgkowhd5sgo.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.blogads.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.meet-teens.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.meet-teens.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.meet-teens.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.meet-teens.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.meet-teens.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.penis-bilder.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.penis-bilder.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aelyagcpmlp.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfkowocpiep.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
server.adform.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.myroitracking.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
tracking.mobile.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.active-tracking.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.active-tracking.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.active-tracking.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.usenext.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.philips.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
delivery.atkmedia.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wbkogpazweo.stats.esomniture.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\THOMAS HITSCHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3I6XBETF.DEFAULT\COOKIES.SQLITE ]
Adware.Lop
C:\PROGRAMDATA\FREIETONNE\USR\GIMPPORTABLE\APP\GIMP\LIB\GIMP\2.0\PLUG-INS\METADATA.EXE
Trojan.Agent/Gen-FakeAlert[Local]
C:\PROGRAMDATA\FREIETONNE\XAMPP\APACHE\BIN\SQLITE.EXE
C:\PROGRAMDATA\FREIETONNE\XAMPP\APACHE\BIN\SQLITE3.EXE
Danke schon mal. Thomas |
|
17.07.2012, 06:43
| #6 |
| | Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" Hi, Rechner neu starten, wenn die Fehlermeldung kommen sollte "roper0dun.exe", bitte abkopieren und posten (wurde nicht in der Reg nicht gefunden). Diese beiden Dateien über www.virustotal.com prüfen lassen, es kann sein das es ein f/p ist (Fehlmeldung) Code:
ATTFilter C:\PROGRAMDATA\FREIETONNE\XAMPP\APACHE\BIN\SQLITE.EXE
C:\PROGRAMDATA\FREIETONNE\XAMPP\APACHE\BIN\SQLITE3.EXE
__________________ --> Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" |
|
17.07.2012, 10:25
| #7 |
| | Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" Moinsen, ich habe den Rechner heute morgen neu gestartet, hier ist die Fehlermeldung:  Die beiden Dateien habe ich prüfen lassen - kein Ergebnis. Hast Du noch Ideen, was ich machen könnte? Sonst muss ich mit der Fehlermeldung leben... Thomas |
|
17.07.2012, 13:27
| #8 |
| | Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" Hi, hmm, wir machen mal folgendes: Anleitung & Download: http://www.trojaner-board.de/51464-a...-ccleaner.html Die Registry (blaues Würfel-Symbol linke Seite) musst du mehrmals durchsuchen und bereinigen lassen, bis nichts mehr gefunden wird. Installation des cCleaners ohne die Toolbar! Benutzerdefinierte Installation wählen. Dann startest du den Rechner im normalen Modus neu. Nur Download über: Redirecting... Start->Ausführen, eingeben:msconfig. Suche dann unter "Systemstart" die "roper0dun.exe". Poste ein neues OTL-Log... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) Geändert von Chris4You (17.07.2012 um 13:40 Uhr) |
|
18.07.2012, 10:52
| #9 |
| | Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" Moin Moin! Sooo, alles soweit durchgeführt. Als erstes habe ich CCleaner mehrmals allgemein und über die Registry laufen lassen, bis keine Funde mehr auftauchten. Dann in der msconfig die Datei gesucht und auch gefunden:  Dann noch mal OTL gestartet, und hier ist das Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/18/2012 10:48:05 AM - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Thomas Hitscher\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.87 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 64.81% Memory free 5.73 Gb Paging File | 4.02 Gb Available in Paging File | 70.12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424.66 Gb Total Space | 327.05 Gb Free Space | 77.02% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.44 Gb Free Space | 53.60% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Thomas Hitscher | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/16 12:16:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas Hitscher\Desktop\OTL.exe PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/06/26 19:33:03 | 003,906,432 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012/05/13 18:22:24 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Thomas Hitscher\AppData\Local\Apps\2.0\KNDLZK0X.BYT\N68NNXGB.RQC\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe PRC - [2012/05/08 20:54:37 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/08 20:54:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/08 20:54:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/08 20:54:37 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/05/03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012/05/03 14:07:06 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012/04/30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe PRC - [2012/04/30 21:04:28 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe PRC - [2012/04/04 07:05:28 | 000,021,392 | ---- | M] () -- C:\Programme\Systemprogramme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012/04/04 07:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Systemprogramme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/03/19 13:38:46 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe PRC - [2012/03/19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012/03/19 13:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2011/08/05 13:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/03/10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/08/03 16:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Programme\Videobearbeitung\HomeCinema\Power2Go\CLMLSvc.exe PRC - [2010/06/17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2010/04/23 16:53:10 | 001,423,904 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/01/13 19:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- c:\Programme\Systemprogramme\RealVNC\VNC4\winvnc4.exe PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/07/17 11:23:57 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012/07/17 11:23:57 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012/07/16 18:09:56 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012/07/16 18:09:56 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012/07/16 17:56:35 | 000,115,137 | ---- | M] () -- C:\Users\Thomas Hitscher\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll MOD - [2012/06/14 07:14:58 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll MOD - [2012/06/14 07:14:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012/06/14 07:14:28 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012/06/14 07:14:27 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\37aa8a6e1a69671c23eb916417629682\System.Deployment.ni.dll MOD - [2012/06/14 07:14:02 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll MOD - [2012/06/13 21:13:43 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012/06/13 21:10:02 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012/06/13 21:09:47 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012/06/13 21:09:35 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012/06/13 21:09:32 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012/05/13 18:22:14 | 000,368,640 | ---- | M] () -- C:\Users\Thomas Hitscher\AppData\Local\Apps\2.0\KNDLZK0X.BYT\N68NNXGB.RQC\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL MOD - [2012/05/10 21:04:37 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012/05/10 21:03:05 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012/05/10 21:02:56 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012/05/10 19:49:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll MOD - [2012/05/10 19:48:24 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012/05/10 19:48:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012/05/10 19:48:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012/05/10 19:48:12 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012/05/10 19:47:41 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012/05/10 16:11:58 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012/05/10 16:08:33 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012/05/10 16:08:29 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012/05/10 16:08:23 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012/05/10 16:08:16 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012/04/04 07:05:28 | 000,021,392 | ---- | M] () -- C:\Programme\Systemprogramme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/01/08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\Systemprogramme\FileZilla FTP Client\fzshellext.dll MOD - [2010/08/03 16:39:38 | 000,619,816 | ---- | M] () -- C:\Programme\Videobearbeitung\HomeCinema\Power2Go\CLMediaLibrary.dll MOD - [2010/08/03 16:39:32 | 000,013,096 | ---- | M] () -- C:\Programme\Videobearbeitung\HomeCinema\Power2Go\CLMLSvcPS.dll MOD - [2010/05/18 08:49:42 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/05/18 08:49:26 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV - [2012/07/12 11:02:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Kommunikation\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/08 20:54:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/05/08 20:54:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012/04/30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2012/03/19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011/08/05 13:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011/08/05 13:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011/08/05 13:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011/06/14 19:08:01 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc) SRV - [2011/05/26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/03/10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- c:\Programme\Systemprogramme\RealVNC\VNC4\winvnc4.exe -- (WinVNC4) SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2012/05/13 18:22:15 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2012/05/08 20:54:37 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/08 20:54:37 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/30 21:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2012/04/20 13:53:00 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2012/01/09 18:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012/01/09 18:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2012/01/09 18:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011/12/15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/12/08 06:22:30 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2011/12/08 06:22:30 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2011/12/08 06:22:30 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2011/10/25 04:52:12 | 000,188,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CxPlrCap.sys -- (CXPLRCAP) DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/05/07 17:51:28 | 000,455,256 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/04/01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/02/27 05:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/03 19:06:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6CEA06E7-F76C-4F26-9972-3F56352A4548}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.ebay.de/" FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Musikprogramme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Thomas Hitscher\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas Hitscher\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas Hitscher\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/05/23 18:42:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme\Systemprogramme\Mozilla Firefox\components [2012/06/17 10:43:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme\Systemprogramme\Mozilla Firefox\plugins [2012/04/13 23:43:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Systemprogramme\Mozilla Firefox\components [2012/06/17 10:43:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Systemprogramme\Mozilla Firefox\plugins [2012/04/13 23:43:18 | 000,000,000 | ---D | M] [2012/07/03 20:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas Hitscher\AppData\Roaming\mozilla\Extensions [2012/07/17 11:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas Hitscher\AppData\Roaming\mozilla\Firefox\Profiles\3i6xbetf.default\extensions [2012/03/30 07:26:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas Hitscher\AppData\Roaming\mozilla\Firefox\Profiles\3i6xbetf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/05/10 21:31:25 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Thomas Hitscher\AppData\Roaming\mozilla\Firefox\Profiles\3i6xbetf.default\extensions\ffxtlbr@zonealarm.com O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Programme\Kommunikation\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Programme\Videobearbeitung\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Systemprogramme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Thomas Hitscher\AppData\Local\Apps\2.0\KNDLZK0X.BYT\N68NNXGB.RQC\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [KiesHelper] C:\Programme\Systemprogramme\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Systemprogramme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O8 - Extra context menu item: add to &BOM - C:\\PROGRA~3\\EBAY\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Kommunikation\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Kommunikation\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\WIA6EB~1\Datamngr\datamngr.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{14265378-2cbb-11e1-bc01-1c4bd6e5c276}\Shell - "" = AutoRun O33 - MountPoints2\{14265378-2cbb-11e1-bc01-1c4bd6e5c276}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{532bdd56-8c52-11e1-b28d-1c4bd6e5c276}\Shell - "" = AutoRun O33 - MountPoints2\{532bdd56-8c52-11e1-b28d-1c4bd6e5c276}\Shell\AutoRun\command - "" = H:\DPFMate.exe O33 - MountPoints2\{84e68873-7ce1-11e1-b1fe-1c4bd6e5c276}\Shell - "" = AutoRun O33 - MountPoints2\{84e68873-7ce1-11e1-b1fe-1c4bd6e5c276}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/18 10:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/07/18 10:17:19 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\Thomas Hitscher\Desktop\ccsetup320.exe [2012/07/16 18:09:46 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\SUPERAntiSpyware.com [2012/07/16 18:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/07/16 18:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/07/16 18:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/07/16 12:16:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas Hitscher\Desktop\OTL.exe [2012/07/16 10:22:04 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten-Dateien [2012/07/15 12:19:09 | 000,000,000 | ---D | C] -- C:\_OTL [2012/07/12 15:06:41 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/07/12 13:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\FreieTonne [2012/07/12 10:53:35 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012/07/10 21:49:25 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012/07/06 12:40:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\Malwarebytes [2012/07/06 12:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/06 12:40:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/07/06 12:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/07/06 12:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/03 21:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player [2012/07/03 21:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player [2012/07/03 21:07:46 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\Documents\Any Audio Converter [2012/07/03 21:07:45 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\AnvSoft [2012/07/03 21:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2012/07/03 21:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft [2012/07/03 20:31:44 | 000,360,448 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe [2012/07/03 20:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter [2012/07/03 20:31:43 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL [2012/07/03 20:31:43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL [2012/07/03 20:31:43 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PICCLP32.OCX [2012/07/03 20:31:42 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL [2012/07/03 20:31:42 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL [2012/07/03 20:31:42 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PCCLPFR.DLL [2012/07/03 20:31:42 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Roaming\FreeFLVConverter [2012/07/03 20:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter [2012/07/03 12:15:18 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drvc.dll [2012/07/03 12:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2012/07/03 11:59:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/06/27 21:40:44 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/06/27 21:40:44 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/06/27 21:40:21 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/06/27 21:40:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/06/27 21:40:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/06/25 19:47:22 | 000,000,000 | ---D | C] -- C:\Users\Thomas Hitscher\AppData\Local\Macromedia [2012/06/22 20:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2012/06/21 21:48:45 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/06/21 21:48:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe ========== Files - Modified Within 30 Days ========== [2012/07/18 10:41:44 | 000,016,128 | ---- | M] () -- C:\Users\Thomas Hitscher\Documents\cc_20120718_104131.reg [2012/07/18 10:39:47 | 000,001,314 | ---- | M] () -- C:\Users\Thomas Hitscher\Documents\cc_20120718_103936.reg [2012/07/18 10:32:54 | 000,402,534 | ---- | M] () -- C:\Users\Thomas Hitscher\Documents\cc_20120718_103221.reg [2012/07/18 10:32:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1486169328-2368988707-4284464166-1000UA.job [2012/07/18 10:27:50 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/18 10:27:50 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/18 10:26:27 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1486169328-2368988707-4284464166-1000Core.job [2012/07/18 10:19:21 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/07/18 10:16:22 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/07/18 10:16:22 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/07/18 10:16:22 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/07/18 10:16:22 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/07/18 10:15:58 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\Thomas Hitscher\Desktop\ccsetup320.exe [2012/07/18 10:12:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/18 10:12:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/17 11:22:22 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2012/07/16 18:09:17 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/07/16 15:55:55 | 000,001,583 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\LAPTOP - Verknüpfung.lnk [2012/07/16 15:49:02 | 000,624,883 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\adwcleaner.exe [2012/07/16 15:47:46 | 000,139,264 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\SystemLook.exe [2012/07/16 12:47:21 | 000,302,592 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\1td0q07i.exe [2012/07/16 12:16:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas Hitscher\Desktop\OTL.exe [2012/07/16 12:15:56 | 000,000,000 | ---- | M] () -- C:\Users\Thomas Hitscher\defogger_reenable [2012/07/16 10:23:05 | 000,050,477 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\Defogger.exe [2012/07/16 10:22:21 | 000,070,552 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012/07/13 20:35:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/12 16:21:45 | 000,458,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/07/12 14:39:31 | 000,001,733 | ---- | M] () -- C:\Users\Public\Desktop\FreieTonne-USB.lnk [2012/07/12 14:08:27 | 1204,512,215 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\ft-install-files.zip [2012/07/12 11:02:20 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/07/12 11:02:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/07/03 21:14:40 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\FLV Player.lnk [2012/07/03 21:07:41 | 000,001,187 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\Any Audio Converter.lnk [2012/07/03 20:31:45 | 000,001,083 | ---- | M] () -- C:\Users\Thomas Hitscher\Desktop\Free FLV Converter.lnk [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/07/03 12:15:18 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2012/07/03 12:01:54 | 000,001,897 | ---- | M] () -- C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ========== Files Created - No Company Name ========== [2012/07/18 10:41:33 | 000,016,128 | ---- | C] () -- C:\Users\Thomas Hitscher\Documents\cc_20120718_104131.reg [2012/07/18 10:39:37 | 000,001,314 | ---- | C] () -- C:\Users\Thomas Hitscher\Documents\cc_20120718_103936.reg [2012/07/18 10:32:33 | 000,402,534 | ---- | C] () -- C:\Users\Thomas Hitscher\Documents\cc_20120718_103221.reg [2012/07/18 10:19:21 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/07/16 18:09:17 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/07/16 16:01:44 | 000,624,883 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\adwcleaner.exe [2012/07/16 15:58:05 | 000,139,264 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\SystemLook.exe [2012/07/16 15:55:55 | 000,001,583 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\LAPTOP - Verknüpfung.lnk [2012/07/16 12:47:21 | 000,302,592 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\1td0q07i.exe [2012/07/16 12:15:56 | 000,000,000 | ---- | C] () -- C:\Users\Thomas Hitscher\defogger_reenable [2012/07/16 10:23:04 | 000,050,477 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\Defogger.exe [2012/07/16 10:22:04 | 000,070,552 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012/07/12 14:39:31 | 000,001,733 | ---- | C] () -- C:\Users\Public\Desktop\FreieTonne-USB.lnk [2012/07/12 13:28:59 | 1204,512,215 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\ft-install-files.zip [2012/07/06 12:40:37 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/03 21:14:40 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk [2012/07/03 21:07:41 | 000,001,187 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\Any Audio Converter.lnk [2012/07/03 20:31:45 | 000,001,083 | ---- | C] () -- C:\Users\Thomas Hitscher\Desktop\Free FLV Converter.lnk [2012/07/03 20:31:43 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx [2012/07/03 20:31:43 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb [2012/07/03 20:31:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx [2012/07/03 12:01:54 | 000,001,897 | ---- | C] () -- C:\Users\Thomas Hitscher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/05/10 21:25:24 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2012/04/13 23:44:49 | 000,000,875 | ---- | C] () -- C:\Users\Thomas Hitscher\.DChannelDecoder.opt [2012/04/13 23:34:19 | 000,315,444 | ---- | C] () -- C:\Windows\System32\isdnapi32.dll [2012/04/13 23:34:19 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AuerCapiJNINative.dll [2012/04/13 23:34:19 | 000,032,768 | ---- | C] () -- C:\Windows\System32\AuerUsbJNINative.dll [2012/02/05 11:33:18 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2012/01/31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012/01/31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012/01/31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012/01/31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012/01/31 18:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/11/09 20:52:47 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011/11/09 20:37:59 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011/06/16 18:38:11 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll [2011/01/02 11:32:53 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2010/12/19 17:54:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/12/18 22:48:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010/12/18 22:48:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2010/12/18 22:02:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys < End of report > [/CODE] DIe Meldung erscheint noch immer... Hoffnungslos?? |
|
18.07.2012, 11:07
| #10 |
| | Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" Hi, den Eintrag in msconfig auswählen und den Haken davor wegnehmen, OK und neu Starten. Du musst dazu als Admin angemeldet sein! chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
18.07.2012, 14:59
| #11 |
| | Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" Hi Chris, hat funktioniert, keine Meldung mehr wg. roper0dun.exe. Muss jetzt noch irgendetwas gemacht werden, oder bin ich jetzt durch? Vielen vielen Dank für Deine Hilfe. Gruß Thomas |
|
18.07.2012, 15:04
| #12 |
| | Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" Hi, das sollte es erstmal gewesen sein... OTL und den Killer löschen, das Verzeichnis C:\_OTL löschen. Die restlichen Scanner (SASW) kannst Du drauf lassen und ab- und an updaten und Scannen. Um AdwCleaner zu deinstallieren: Starte AdwCleaner und klicke Uninstall und AdwCleaner wird entfernt. Rechner absichern: Zusätzlich zu Avira und der Windows-Firewall noch Threadfire-free Herunterladen Kostenlos). Zum Surfen Firefox mit den PlugIns "WOT" (http://filepony.de/?q=WOT) und "NoScript" (http://filepony.de/download-noscript//)) verwenden, einen "Guest"-Account (keine Adminrechte! XP: (Schritt 6: Eingeschränkte Rechte für Viren - Schritt für Schritt: Windows XP absichern - CHIP Online, Vista/Win7: Windows-7-Anleitung: Benutzerkonten anlegen und verwalten - NETZWELT) anlegen. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe" |
| abgebrochen, anleitung, anti, appdata, beim starten, bild, das angegebene modul wurde nicht gefunden, ebay, eingeschränkt, forum, internet, kaspersky, laptop, links, lösung, malwarebytes, meldung, modul, neu, problem, problem beim starten von c, rechner, starten, suche, temp, thomas, trojaner-board, öffnen |
Linear-Darstellung
