| |
| |||||||
Log-Analyse und Auswertung: Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.07.2012, 21:52
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!?Code:
ATTFilter OTL by OldTimer - Version 3.2.54.0
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.07.2012, 11:34
| #17 |
 | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? alles klar, dann hier das ganze nochmal mit der neueren Version :-)
__________________Code:
ATTFilter OTL logfile created on: 29.07.2012 11:52:43 - Run 3 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 42,40% Memory free 3,50 Gb Paging File | 2,03 Gb Available in Paging File | 57,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 240,07 Gb Free Space | 84,15% Space Free | Partition Type: NTFS Drive D: | 7,45 Gb Total Space | 7,36 Gb Free Space | 98,76% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.07.29 11:47:16 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.03.24 00:35:05 | 000,519,632 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2010.08.11 03:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.11 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.11 03:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.29 00:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2010.06.29 00:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.05.21 00:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.01.22 19:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.01 17:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2010.10.08 07:18:46 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV - [2010.10.08 07:18:46 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV - [2010.10.08 07:18:44 | 000,957,712 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked) SRV - [2010.08.11 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.24 00:25:38 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.03.24 00:25:14 | 000,094,864 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2010.09.02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2010.08.25 03:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.07.21 03:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.04 13:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010.01.22 19:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.01.22 18:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.09.30 19:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.08.24 03:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2374869117-683982660-3895451400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-2374869117-683982660-3895451400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-21-2374869117-683982660-3895451400-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2374869117-683982660-3895451400-1000\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No CLSID value found IE - HKU\S-1-5-21-2374869117-683982660-3895451400-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKU\S-1-5-21-2374869117-683982660-3895451400-1000\..\SearchScopes\{600C4D58-4A68-405B-96AB-10F99457A501}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2374869117-683982660-3895451400-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.t-online.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.05 18:30:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.06 15:15:46 | 000,000,000 | ---D | M] [2011.01.04 17:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.06.05 18:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions [2012.06.05 18:24:46 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de [2012.05.30 09:12:17 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bmv6gdk2.default\searchplugins\icqplugin.xml [2012.06.05 18:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2012.06.01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2374869117-683982660-3895451400-1000\..\Toolbar\WebBrowser: (no name) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F18C1E5-7D2D-4B81-ABB6-D726E5D41432}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk D:\ O33 - MountPoints2\{19e11bce-6f1e-11e0-8087-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{19e11bce-6f1e-11e0-8087-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe O33 - MountPoints2\{7a82be8a-9a77-11e1-bdf6-206a8a25521b}\Shell - "" = AutoRun O33 - MountPoints2\{7a82be8a-9a77-11e1-bdf6-206a8a25521b}\Shell\AutoRun\command - "" = E:\Windows\setup.exe /autorun O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: EgisTecPMMUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: EgisUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.29 11:50:37 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.25 17:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.25 17:00:00 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe ========== Files - Modified Within 30 Days ========== [2012.07.29 11:47:16 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.29 11:37:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.27 20:55:03 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.27 20:55:03 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.27 17:47:06 | 1407,848,448 | -HS- | M] () -- C:\hiberfil.sys [2012.07.26 19:12:05 | 000,632,049 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.07.25 17:00:09 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.07.24 20:23:31 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.24 20:23:31 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.24 20:23:31 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.24 20:23:31 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.24 20:23:31 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.20 21:12:57 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.07.20 21:04:58 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.12 12:15:03 | 000,295,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.07.26 19:12:02 | 000,632,049 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.07.20 21:12:57 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.07.20 21:11:58 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.05.10 10:23:33 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2012.05.10 10:23:33 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2012.04.21 16:19:11 | 000,000,581 | ---- | C] () -- C:\Windows\eReg.dat [2011.01.08 13:07:04 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.04 22:06:48 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011.01.04 17:50:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.11.26 05:05:21 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini [2010.11.26 05:02:44 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.11.26 05:01:54 | 000,001,601 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2010.11.25 20:34:06 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.11.25 20:34:06 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [2010.11.25 20:34:06 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2010.11.25 20:34:06 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2010.11.25 20:26:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.21 20:54:08 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.09.21 20:45:20 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini [2010.09.21 20:45:20 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini [2010.09.21 20:45:20 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini ========== LOP Check ========== [2012.03.31 08:38:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alawar [2011.11.28 16:07:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\aliasworlds [2011.09.07 08:45:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Artifex Mundi [2012.01.03 10:58:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Awem [2012.02.23 11:58:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Boomzap [2011.02.09 16:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.10.24 12:03:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DarkParablesBriarRose_BFG_SE [2011.08.07 21:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dekovir [2011.07.31 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivoGames [2011.08.12 21:35:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Farm Mania 2.1 [2011.12.19 14:02:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Friday's games [2011.12.23 13:04:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Frogwares [2011.11.08 15:08:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Funlinker [2012.04.20 17:07:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gamehouse All My Gods [2011.08.19 11:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GamesCafe [2011.12.16 15:19:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gogii [2011.10.31 12:30:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gourmania2 [2011.11.02 11:18:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GuardiansOfMagic [2012.04.20 18:49:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.05.01 21:36:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InImages [2011.07.04 10:37:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Islands [2011.10.19 20:03:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Islands2 [2012.03.20 19:25:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Islands3 [2011.10.25 21:24:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iWin [2011.01.03 20:55:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.10.07 10:35:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeaceCraft3 [2012.03.21 19:26:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst [2011.11.28 17:25:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\playmink [2012.01.26 15:55:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sahmon Games [2011.10.27 19:30:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Silverback Productions [2012.07.18 14:08:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.03.31 18:48:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpinTop Games [2011.08.18 08:48:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Supermarket Mania 2 [2011.09.02 11:03:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\thejoyoffarming [2012.04.11 18:54:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ThreeDays2 [2011.01.08 13:08:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.06.06 11:16:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.12.09 10:33:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\World-Loom [2011.10.18 11:16:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\YoudaGames [2011.01.17 18:52:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom [2012.04.11 18:32:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom 3 Days Zoo Mystery [2012.06.21 12:10:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.06 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012.03.31 08:38:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alawar [2011.11.28 16:07:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\aliasworlds [2011.09.07 08:45:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Artifex Mundi [2011.01.03 20:10:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI [2012.05.27 09:33:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira [2012.01.03 10:58:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Awem [2012.02.23 11:58:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Boomzap [2011.02.09 16:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.10.24 12:03:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DarkParablesBriarRose_BFG_SE [2011.08.07 21:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dekovir [2011.07.31 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivoGames [2011.08.12 21:35:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Farm Mania 2.1 [2011.12.19 14:02:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Friday's games [2011.12.23 13:04:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Frogwares [2011.11.08 15:08:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Funlinker [2012.04.20 17:07:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gamehouse All My Gods [2011.08.19 11:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GamesCafe [2011.12.16 15:19:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gogii [2011.10.31 12:30:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gourmania2 [2011.11.02 11:18:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GuardiansOfMagic [2012.04.20 18:49:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.01.17 18:52:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2011.05.01 21:36:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InImages [2011.07.04 10:37:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Islands [2011.10.19 20:03:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Islands2 [2012.03.20 19:25:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Islands3 [2011.10.25 21:24:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iWin [2011.01.03 20:10:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.06.05 18:32:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.09.21 20:58:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.07.26 19:15:44 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2011.01.04 17:50:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2011.01.03 20:55:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.10.07 10:35:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeaceCraft3 [2012.03.21 19:26:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst [2011.11.28 17:25:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\playmink [2011.11.04 09:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Realore_Whiterra Roads Of Rome [2011.11.03 10:50:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Realore_Whiterra Roads Of Rome 3 [2012.01.26 15:55:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sahmon Games [2011.10.27 19:30:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Silverback Productions [2012.06.06 15:19:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2012.07.18 14:08:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.03.31 18:48:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpinTop Games [2011.08.18 08:48:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Supermarket Mania 2 [2011.09.02 11:03:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\thejoyoffarming [2012.04.11 18:54:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ThreeDays2 [2011.01.08 13:08:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.06.06 11:16:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.09.03 15:08:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR [2011.12.09 10:33:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\World-Loom [2011.10.18 11:16:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\YoudaGames [2011.01.17 18:52:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom [2012.04.11 18:32:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom 3 Days Zoo Mystery < %APPDATA%\*.exe /s > [2010.09.21 20:10:55 | 000,038,200 | ---- | M] () -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.09.21 20:27:33 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.09.21 20:27:33 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:CDFF58FE @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5D7E5A8F @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:93EB7685 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1A60DE96 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E3C56885 < End of report > |
|
29.07.2012, 17:26
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
FF - user.js - File not found
[2012.06.05 18:24:46 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de
[2012.05.30 09:12:17 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bmv6gdk2.default\searchplugins\icqplugin.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2374869117-683982660-3895451400-1000\..\Toolbar\WebBrowser: (no name) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{19e11bce-6f1e-11e0-8087-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{19e11bce-6f1e-11e0-8087-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe
O33 - MountPoints2\{7a82be8a-9a77-11e1-bdf6-206a8a25521b}\Shell - "" = AutoRun
O33 - MountPoints2\{7a82be8a-9a77-11e1-bdf6-206a8a25521b}\Shell\AutoRun\command - "" = E:\Windows\setup.exe /autorun
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:93EB7685
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1A60DE96
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E3C56885
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
29.07.2012, 19:00
| #19 |
| | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? Gut, das scheint soweit auch funktioniert zu haben. Musste zwar neustarten, aber das hattest du ja angekündigt. Danke nochmal für deine Hilfe und deine Mühe, ich wüsste nicht was ich sonst hätte machen sollen. Gruß, Matze Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\weather folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\ticker folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\shopping folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\search\engine folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\search folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\pref folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\phish folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\newtab\initial-thumbs folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\newtab folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\neterror folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\horoscope folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\homebutton folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\highlight folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\help folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\email folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\ebay folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin\brand folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\skin folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\weather folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\ticker folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\shopping folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\search folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\pref folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\phish folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\newtab folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\neterror folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\main folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\horoscope folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\highlight folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\help folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\email folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US\ebay folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\en-US folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\weather folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\ticker folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\shopping folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\search folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\pref folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\phish folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\newtab folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\neterror folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\main folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\horoscope folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\highlight folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\help\page folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\help folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\email folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE\ebay folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale\de-DE folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\locale folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\defaults\preferences folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\defaults folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\weather folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\util folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\tracking folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\ticker folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\shopping folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\search\mcollect folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\search folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\pref folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\phish folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\newtab folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\neterror folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\main folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\hotnews folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\horoscope folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\highlight folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\help folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\email folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content\ebay folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\content folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de\components folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmv6gdk2.default\extensions\toolbar@web.de folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bmv6gdk2.default\searchplugins\icqplugin.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2374869117-683982660-3895451400-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19e11bce-6f1e-11e0-8087-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19e11bce-6f1e-11e0-8087-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19e11bce-6f1e-11e0-8087-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19e11bce-6f1e-11e0-8087-806e6f6e6963}\ not found.
File D:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a82be8a-9a77-11e1-bdf6-206a8a25521b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a82be8a-9a77-11e1-bdf6-206a8a25521b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a82be8a-9a77-11e1-bdf6-206a8a25521b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a82be8a-9a77-11e1-bdf6-206a8a25521b}\ not found.
File E:\Windows\setup.exe /autorun not found.
ADS C:\ProgramData\TEMP:CDFF58FE deleted successfully.
ADS C:\ProgramData\TEMP:5D7E5A8F deleted successfully.
ADS C:\ProgramData\TEMP:93EB7685 deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:1A60DE96 deleted successfully.
ADS C:\ProgramData\TEMP:E1F04E8D deleted successfully.
ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
ADS C:\ProgramData\TEMP:0B9176C0 deleted successfully.
ADS C:\ProgramData\TEMP:E3C56885 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 8228302 bytes
->Temporary Internet Files folder emptied: 256065470 bytes
->Java cache emptied: 1828288 bytes
->FireFox cache emptied: 769036037 bytes
->Flash cache emptied: 141615 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3798313 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 12366139 bytes
RecycleBin emptied: 33553003 bytes
Total Files Cleaned = 1.035,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: ***
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.55.0 log created on 07292012_192830
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
File C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.29 19:36:36 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5
Registry entries deleted on Reboot...
|
|
29.07.2012, 20:17
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.07.2012, 20:54
| #21 |
| | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? das Programm hat nichts gefunden, ist das nun gut oder schlecht? Code:
ATTFilter 21:37:31.0602 5076 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:37:31.0617 5076 ============================================================
21:37:31.0617 5076 Current date / time: 2012/07/29 21:37:31.0617
21:37:31.0617 5076 SystemInfo:
21:37:31.0617 5076
21:37:31.0617 5076 OS Version: 6.1.7601 ServicePack: 1.0
21:37:31.0617 5076 Product type: Workstation
21:37:31.0617 5076 ComputerName: ***-PC
21:37:31.0617 5076 UserName: ***
21:37:31.0617 5076 Windows directory: C:\Windows
21:37:31.0617 5076 System windows directory: C:\Windows
21:37:31.0617 5076 Running under WOW64
21:37:31.0617 5076 Processor architecture: Intel x64
21:37:31.0617 5076 Number of processors: 1
21:37:31.0617 5076 Page size: 0x1000
21:37:31.0617 5076 Boot type: Normal boot
21:37:31.0617 5076 ============================================================
21:37:32.0600 5076 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:37:32.0616 5076 ============================================================
21:37:32.0616 5076 \Device\Harddisk0\DR0:
21:37:32.0616 5076 MBR partitions:
21:37:32.0616 5076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
21:37:32.0616 5076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x23A97AB0
21:37:32.0616 5076 ============================================================
21:37:32.0631 5076 C: <-> \Device\Harddisk0\DR0\Partition1
21:37:32.0631 5076 ============================================================
21:37:32.0631 5076 Initialize success
21:37:32.0631 5076 ============================================================
21:37:36.0937 5112 ============================================================
21:37:36.0937 5112 Scan started
21:37:36.0937 5112 Mode: Manual; SigCheck; TDLFS;
21:37:36.0937 5112 ============================================================
21:37:37.0467 5112 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:37:37.0577 5112 1394ohci - ok
21:37:37.0608 5112 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:37:37.0639 5112 ACPI - ok
21:37:37.0686 5112 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:37:37.0717 5112 AcpiPmi - ok
21:37:37.0779 5112 acsock (0ec911d24f14c969e980e92e4371464d) C:\Windows\system32\DRIVERS\acsock64.sys
21:37:37.0951 5112 acsock - ok
21:37:38.0091 5112 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:37:38.0107 5112 AdobeARMservice - ok
21:37:38.0216 5112 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:37:38.0232 5112 adp94xx - ok
21:37:38.0294 5112 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:37:38.0341 5112 adpahci - ok
21:37:38.0372 5112 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:37:38.0388 5112 adpu320 - ok
21:37:38.0419 5112 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:37:38.0637 5112 AeLookupSvc - ok
21:37:38.0700 5112 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:37:38.0934 5112 AFD - ok
21:37:39.0105 5112 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:37:39.0137 5112 agp440 - ok
21:37:39.0199 5112 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:37:39.0293 5112 ALG - ok
21:37:39.0371 5112 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:37:39.0402 5112 aliide - ok
21:37:39.0464 5112 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
21:37:39.0511 5112 AMD External Events Utility - ok
21:37:39.0542 5112 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:37:39.0573 5112 amdide - ok
21:37:39.0620 5112 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:37:39.0698 5112 AmdK8 - ok
21:37:40.0197 5112 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
21:37:40.0447 5112 amdkmdag - ok
21:37:40.0587 5112 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
21:37:40.0650 5112 amdkmdap - ok
21:37:40.0712 5112 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:37:40.0790 5112 AmdPPM - ok
21:37:40.0853 5112 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:37:40.0868 5112 amdsata - ok
21:37:40.0915 5112 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:37:40.0931 5112 amdsbs - ok
21:37:40.0962 5112 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:37:40.0977 5112 amdxata - ok
21:37:41.0087 5112 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:37:41.0133 5112 AntiVirSchedulerService - ok
21:37:41.0211 5112 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:37:41.0243 5112 AntiVirService - ok
21:37:41.0305 5112 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:37:41.0492 5112 AppID - ok
21:37:41.0539 5112 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:37:41.0633 5112 AppIDSvc - ok
21:37:41.0711 5112 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:37:41.0789 5112 Appinfo - ok
21:37:41.0851 5112 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:37:41.0882 5112 arc - ok
21:37:41.0898 5112 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:37:41.0929 5112 arcsas - ok
21:37:41.0960 5112 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:37:42.0023 5112 AsyncMac - ok
21:37:42.0069 5112 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:37:42.0101 5112 atapi - ok
21:37:42.0194 5112 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
21:37:42.0335 5112 AtiHdmiService - ok
21:37:42.0381 5112 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:37:42.0491 5112 AtiPcie - ok
21:37:42.0615 5112 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:37:42.0740 5112 AudioEndpointBuilder - ok
21:37:42.0756 5112 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:37:42.0803 5112 AudioSrv - ok
21:37:42.0896 5112 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
21:37:43.0037 5112 avgntflt - ok
21:37:43.0099 5112 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
21:37:43.0224 5112 avipbb - ok
21:37:43.0255 5112 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:37:43.0364 5112 avkmgr - ok
21:37:43.0489 5112 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:37:43.0614 5112 AxInstSV - ok
21:37:43.0692 5112 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:37:43.0754 5112 b06bdrv - ok
21:37:43.0817 5112 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:37:43.0895 5112 b57nd60a - ok
21:37:44.0253 5112 BCM43XX (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:37:44.0472 5112 BCM43XX - ok
21:37:44.0659 5112 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:37:44.0721 5112 BDESVC - ok
21:37:44.0799 5112 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:37:44.0909 5112 Beep - ok
21:37:45.0018 5112 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:37:45.0143 5112 BFE - ok
21:37:45.0205 5112 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:37:45.0267 5112 BITS - ok
21:37:45.0345 5112 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:37:45.0392 5112 blbdrive - ok
21:37:45.0455 5112 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:37:45.0501 5112 bowser - ok
21:37:45.0533 5112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:37:45.0657 5112 BrFiltLo - ok
21:37:45.0673 5112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:37:45.0689 5112 BrFiltUp - ok
21:37:45.0735 5112 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:37:45.0860 5112 Browser - ok
21:37:45.0907 5112 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:37:45.0954 5112 Brserid - ok
21:37:45.0969 5112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:37:46.0001 5112 BrSerWdm - ok
21:37:46.0016 5112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:37:46.0094 5112 BrUsbMdm - ok
21:37:46.0110 5112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:37:46.0141 5112 BrUsbSer - ok
21:37:46.0188 5112 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:37:46.0219 5112 BTHMODEM - ok
21:37:46.0281 5112 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:37:46.0359 5112 bthserv - ok
21:37:46.0391 5112 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:37:46.0437 5112 cdfs - ok
21:37:46.0515 5112 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:37:46.0578 5112 cdrom - ok
21:37:46.0656 5112 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:37:46.0796 5112 CertPropSvc - ok
21:37:46.0843 5112 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:37:46.0890 5112 circlass - ok
21:37:46.0937 5112 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:37:46.0968 5112 CLFS - ok
21:37:47.0046 5112 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:37:47.0077 5112 clr_optimization_v2.0.50727_32 - ok
21:37:47.0108 5112 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:37:47.0139 5112 clr_optimization_v2.0.50727_64 - ok
21:37:47.0202 5112 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:37:47.0217 5112 clr_optimization_v4.0.30319_32 - ok
21:37:47.0264 5112 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:37:47.0280 5112 clr_optimization_v4.0.30319_64 - ok
21:37:47.0311 5112 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:37:47.0358 5112 CmBatt - ok
21:37:47.0389 5112 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:37:47.0420 5112 cmdide - ok
21:37:47.0498 5112 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
21:37:47.0529 5112 CNG - ok
21:37:47.0576 5112 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:37:47.0592 5112 Compbatt - ok
21:37:47.0654 5112 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:37:47.0701 5112 CompositeBus - ok
21:37:47.0748 5112 COMSysApp - ok
21:37:47.0779 5112 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:37:47.0810 5112 crcdisk - ok
21:37:47.0888 5112 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:37:47.0966 5112 CryptSvc - ok
21:37:48.0138 5112 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:37:48.0185 5112 cvhsvc - ok
21:37:48.0231 5112 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
21:37:48.0372 5112 CVirtA - ok
21:37:48.0621 5112 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
21:37:48.0668 5112 CVPND - ok
21:37:48.0840 5112 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
21:37:48.0949 5112 CVPNDRVA - ok
21:37:49.0121 5112 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:37:49.0214 5112 DcomLaunch - ok
21:37:49.0277 5112 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:37:49.0339 5112 defragsvc - ok
21:37:49.0417 5112 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:37:49.0495 5112 DfsC - ok
21:37:49.0557 5112 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:37:49.0604 5112 Dhcp - ok
21:37:49.0635 5112 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:37:49.0698 5112 discache - ok
21:37:49.0745 5112 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:37:49.0760 5112 Disk - ok
21:37:49.0823 5112 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
21:37:49.0838 5112 DNE - ok
21:37:49.0901 5112 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:37:49.0947 5112 Dnscache - ok
21:37:49.0994 5112 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:37:50.0072 5112 dot3svc - ok
21:37:50.0088 5112 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:37:50.0150 5112 DPS - ok
21:37:50.0197 5112 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:37:50.0244 5112 drmkaud - ok
21:37:50.0337 5112 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
21:37:50.0478 5112 DsiWMIService - ok
21:37:50.0587 5112 dtpd - ok
21:37:50.0712 5112 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:37:50.0774 5112 DXGKrnl - ok
21:37:50.0821 5112 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:37:50.0899 5112 EapHost - ok
21:37:51.0180 5112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:37:51.0289 5112 ebdrv - ok
21:37:51.0429 5112 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:37:51.0507 5112 EFS - ok
21:37:51.0617 5112 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:37:51.0710 5112 ehRecvr - ok
21:37:51.0757 5112 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:37:51.0804 5112 ehSched - ok
21:37:51.0897 5112 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:37:52.0022 5112 ElbyCDIO - ok
21:37:52.0085 5112 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:37:52.0116 5112 elxstor - ok
21:37:52.0303 5112 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:37:52.0443 5112 ePowerSvc - ok
21:37:52.0553 5112 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:37:52.0584 5112 ErrDev - ok
21:37:52.0677 5112 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:37:52.0740 5112 EventSystem - ok
21:37:52.0787 5112 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:37:52.0833 5112 exfat - ok
21:37:52.0865 5112 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:37:52.0943 5112 fastfat - ok
21:37:53.0036 5112 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:37:53.0067 5112 Fax - ok
21:37:53.0099 5112 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:37:53.0114 5112 fdc - ok
21:37:53.0145 5112 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:37:53.0192 5112 fdPHost - ok
21:37:53.0223 5112 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:37:53.0270 5112 FDResPub - ok
21:37:53.0301 5112 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:37:53.0317 5112 FileInfo - ok
21:37:53.0364 5112 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:37:53.0411 5112 Filetrace - ok
21:37:53.0442 5112 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:37:53.0473 5112 flpydisk - ok
21:37:53.0551 5112 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:37:53.0582 5112 FltMgr - ok
21:37:53.0691 5112 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:37:53.0785 5112 FontCache - ok
21:37:53.0879 5112 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:37:53.0910 5112 FontCache3.0.0.0 - ok
21:37:53.0988 5112 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:37:54.0019 5112 FsDepends - ok
21:37:54.0050 5112 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:37:54.0066 5112 Fs_Rec - ok
21:37:54.0144 5112 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:37:54.0175 5112 fvevol - ok
21:37:54.0206 5112 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:37:54.0222 5112 gagp30kx - ok
21:37:54.0300 5112 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:37:54.0362 5112 gpsvc - ok
21:37:54.0440 5112 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
21:37:54.0581 5112 GREGService - ok
21:37:54.0674 5112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:37:54.0737 5112 hcw85cir - ok
21:37:54.0830 5112 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:37:54.0908 5112 HdAudAddService - ok
21:37:54.0955 5112 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:37:54.0986 5112 HDAudBus - ok
21:37:55.0017 5112 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:37:55.0049 5112 HidBatt - ok
21:37:55.0064 5112 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:37:55.0095 5112 HidBth - ok
21:37:55.0111 5112 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:37:55.0127 5112 HidIr - ok
21:37:55.0173 5112 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:37:55.0267 5112 hidserv - ok
21:37:55.0329 5112 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:37:55.0361 5112 HidUsb - ok
21:37:55.0407 5112 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:37:55.0517 5112 hkmsvc - ok
21:37:55.0579 5112 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:37:55.0641 5112 HomeGroupListener - ok
21:37:55.0719 5112 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:37:55.0766 5112 HomeGroupProvider - ok
21:37:55.0813 5112 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:37:55.0844 5112 HpSAMD - ok
21:37:55.0953 5112 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:37:56.0047 5112 HTTP - ok
21:37:56.0094 5112 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:37:56.0109 5112 hwpolicy - ok
21:37:56.0172 5112 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:37:56.0203 5112 i8042prt - ok
21:37:56.0281 5112 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:37:56.0297 5112 iaStorV - ok
21:37:56.0468 5112 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:37:56.0531 5112 idsvc - ok
21:37:56.0952 5112 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:37:57.0186 5112 igfx - ok
21:37:57.0311 5112 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:37:57.0342 5112 iirsp - ok
21:37:57.0404 5112 iked - ok
21:37:57.0529 5112 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:37:57.0607 5112 IKEEXT - ok
21:37:57.0794 5112 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
21:37:57.0981 5112 IntcAzAudAddService - ok
21:37:58.0169 5112 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:37:58.0200 5112 intelide - ok
21:37:58.0231 5112 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:37:58.0262 5112 intelppm - ok
21:37:58.0293 5112 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:37:58.0371 5112 IPBusEnum - ok
21:37:58.0418 5112 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:37:58.0527 5112 IpFilterDriver - ok
21:37:58.0590 5112 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:37:58.0668 5112 iphlpsvc - ok
21:37:58.0715 5112 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:37:58.0777 5112 IPMIDRV - ok
21:37:58.0839 5112 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:37:58.0917 5112 IPNAT - ok
21:37:58.0995 5112 ipsecd - ok
21:37:59.0027 5112 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:37:59.0120 5112 IRENUM - ok
21:37:59.0151 5112 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:37:59.0183 5112 isapnp - ok
21:37:59.0245 5112 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:37:59.0261 5112 iScsiPrt - ok
21:37:59.0292 5112 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:37:59.0307 5112 kbdclass - ok
21:37:59.0339 5112 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:37:59.0385 5112 kbdhid - ok
21:37:59.0432 5112 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:37:59.0448 5112 KeyIso - ok
21:37:59.0510 5112 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
21:37:59.0526 5112 KSecDD - ok
21:37:59.0588 5112 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
21:37:59.0604 5112 KSecPkg - ok
21:37:59.0651 5112 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:37:59.0729 5112 ksthunk - ok
21:37:59.0775 5112 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:37:59.0838 5112 KtmRm - ok
21:37:59.0885 5112 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
21:37:59.0994 5112 L1C - ok
21:38:00.0025 5112 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
21:38:00.0041 5112 L1E - ok
21:38:00.0134 5112 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:38:00.0228 5112 LanmanServer - ok
21:38:00.0275 5112 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:38:00.0368 5112 LanmanWorkstation - ok
21:38:00.0415 5112 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:38:00.0477 5112 lltdio - ok
21:38:00.0524 5112 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:38:00.0587 5112 lltdsvc - ok
21:38:00.0602 5112 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:38:00.0649 5112 lmhosts - ok
21:38:00.0711 5112 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:38:00.0727 5112 LSI_FC - ok
21:38:00.0758 5112 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:38:00.0774 5112 LSI_SAS - ok
21:38:00.0805 5112 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:38:00.0821 5112 LSI_SAS2 - ok
21:38:00.0836 5112 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:38:00.0852 5112 LSI_SCSI - ok
21:38:00.0883 5112 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:38:00.0945 5112 luafv - ok
21:38:01.0023 5112 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:38:01.0086 5112 Mcx2Svc - ok
21:38:01.0133 5112 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:38:01.0164 5112 megasas - ok
21:38:01.0211 5112 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:38:01.0242 5112 MegaSR - ok
21:38:01.0289 5112 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:38:01.0367 5112 MMCSS - ok
21:38:01.0398 5112 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:38:01.0460 5112 Modem - ok
21:38:01.0491 5112 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:38:01.0538 5112 monitor - ok
21:38:01.0601 5112 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:38:01.0632 5112 mouclass - ok
21:38:01.0679 5112 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:38:01.0694 5112 mouhid - ok
21:38:01.0741 5112 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:38:01.0772 5112 mountmgr - ok
21:38:01.0913 5112 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:38:01.0959 5112 MozillaMaintenance - ok
21:38:01.0991 5112 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:38:02.0022 5112 mpio - ok
21:38:02.0053 5112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:38:02.0115 5112 mpsdrv - ok
21:38:02.0193 5112 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:38:02.0271 5112 MpsSvc - ok
21:38:02.0303 5112 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:38:02.0349 5112 MRxDAV - ok
21:38:02.0396 5112 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:38:02.0474 5112 mrxsmb - ok
21:38:02.0537 5112 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:38:02.0599 5112 mrxsmb10 - ok
21:38:02.0646 5112 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:38:02.0661 5112 mrxsmb20 - ok
21:38:02.0708 5112 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:38:02.0724 5112 msahci - ok
21:38:02.0771 5112 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:38:02.0786 5112 msdsm - ok
21:38:02.0817 5112 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:38:02.0849 5112 MSDTC - ok
21:38:02.0895 5112 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:38:02.0927 5112 Msfs - ok
21:38:02.0973 5112 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:38:03.0020 5112 mshidkmdf - ok
21:38:03.0051 5112 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:38:03.0067 5112 msisadrv - ok
21:38:03.0114 5112 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:38:03.0176 5112 MSiSCSI - ok
21:38:03.0176 5112 msiserver - ok
21:38:03.0223 5112 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:38:03.0270 5112 MSKSSRV - ok
21:38:03.0285 5112 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:38:03.0348 5112 MSPCLOCK - ok
21:38:03.0379 5112 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:38:03.0441 5112 MSPQM - ok
21:38:03.0488 5112 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:38:03.0519 5112 MsRPC - ok
21:38:03.0566 5112 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:38:03.0582 5112 mssmbios - ok
21:38:03.0644 5112 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:38:03.0738 5112 MSTEE - ok
21:38:03.0753 5112 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:38:03.0785 5112 MTConfig - ok
21:38:03.0831 5112 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:38:03.0847 5112 Mup - ok
21:38:03.0894 5112 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:38:04.0003 5112 mwlPSDFilter - ok
21:38:04.0034 5112 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:38:04.0143 5112 mwlPSDNServ - ok
21:38:04.0253 5112 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:38:04.0424 5112 mwlPSDVDisk - ok
21:38:04.0533 5112 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
21:38:04.0580 5112 MWLService - ok
21:38:04.0658 5112 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:38:04.0736 5112 napagent - ok
21:38:04.0814 5112 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:38:04.0861 5112 NativeWifiP - ok
21:38:04.0986 5112 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:38:05.0033 5112 NDIS - ok
21:38:05.0064 5112 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:38:05.0126 5112 NdisCap - ok
21:38:05.0157 5112 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:38:05.0204 5112 NdisTapi - ok
21:38:05.0267 5112 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:38:05.0345 5112 Ndisuio - ok
21:38:05.0407 5112 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:38:05.0469 5112 NdisWan - ok
21:38:05.0516 5112 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:38:05.0579 5112 NDProxy - ok
21:38:05.0625 5112 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:38:05.0703 5112 NetBIOS - ok
21:38:05.0766 5112 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:38:05.0828 5112 NetBT - ok
21:38:05.0875 5112 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:38:05.0891 5112 Netlogon - ok
21:38:05.0937 5112 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:38:06.0015 5112 Netman - ok
21:38:06.0062 5112 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:38:06.0125 5112 netprofm - ok
21:38:06.0203 5112 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:38:06.0218 5112 NetTcpPortSharing - ok
21:38:06.0265 5112 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:38:06.0296 5112 nfrd960 - ok
21:38:06.0374 5112 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:38:06.0437 5112 NlaSvc - ok
21:38:06.0749 5112 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:38:06.0827 5112 NOBU - ok
21:38:06.0936 5112 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:38:06.0983 5112 Npfs - ok
21:38:07.0014 5112 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:38:07.0076 5112 nsi - ok
21:38:07.0107 5112 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:38:07.0139 5112 nsiproxy - ok
21:38:07.0310 5112 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:38:07.0404 5112 Ntfs - ok
21:38:07.0513 5112 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
21:38:07.0544 5112 NTI IScheduleSvc - ok
21:38:07.0669 5112 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:38:07.0794 5112 NTIDrvr - ok
21:38:07.0825 5112 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:38:07.0856 5112 Null - ok
21:38:07.0919 5112 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:38:07.0950 5112 nvraid - ok
21:38:07.0981 5112 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:38:08.0012 5112 nvstor - ok
21:38:08.0043 5112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:38:08.0059 5112 nv_agp - ok
21:38:08.0090 5112 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:38:08.0106 5112 ohci1394 - ok
21:38:08.0231 5112 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:38:08.0262 5112 ose - ok
21:38:08.0667 5112 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:38:08.0901 5112 osppsvc - ok
21:38:09.0026 5112 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:38:09.0057 5112 p2pimsvc - ok
21:38:09.0120 5112 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:38:09.0135 5112 p2psvc - ok
21:38:09.0198 5112 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:38:09.0229 5112 Parport - ok
21:38:09.0291 5112 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:38:09.0307 5112 partmgr - ok
21:38:09.0323 5112 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:38:09.0354 5112 PcaSvc - ok
21:38:09.0401 5112 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:38:09.0432 5112 pci - ok
21:38:09.0447 5112 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:38:09.0463 5112 pciide - ok
21:38:09.0510 5112 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:38:09.0541 5112 pcmcia - ok
21:38:09.0557 5112 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:38:09.0572 5112 pcw - ok
21:38:09.0635 5112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:38:09.0697 5112 PEAUTH - ok
21:38:09.0775 5112 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:38:09.0791 5112 PerfHost - ok
21:38:09.0915 5112 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:38:10.0009 5112 pla - ok
21:38:10.0103 5112 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:38:10.0165 5112 PlugPlay - ok
21:38:10.0212 5112 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:38:10.0259 5112 PNRPAutoReg - ok
21:38:10.0337 5112 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:38:10.0368 5112 PNRPsvc - ok
21:38:10.0446 5112 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:38:10.0524 5112 PolicyAgent - ok
21:38:10.0571 5112 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:38:10.0633 5112 Power - ok
21:38:10.0727 5112 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:38:10.0805 5112 PptpMiniport - ok
21:38:10.0851 5112 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:38:10.0898 5112 Processor - ok
21:38:10.0945 5112 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:38:10.0976 5112 ProfSvc - ok
21:38:11.0007 5112 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:38:11.0039 5112 ProtectedStorage - ok
21:38:11.0085 5112 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:38:11.0132 5112 Psched - ok
21:38:11.0273 5112 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:38:11.0319 5112 ql2300 - ok
21:38:11.0429 5112 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:38:11.0460 5112 ql40xx - ok
21:38:11.0491 5112 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:38:11.0522 5112 QWAVE - ok
21:38:11.0553 5112 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:38:11.0585 5112 QWAVEdrv - ok
21:38:11.0631 5112 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:38:11.0725 5112 RasAcd - ok
21:38:11.0787 5112 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:38:11.0819 5112 RasAgileVpn - ok
21:38:11.0865 5112 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:38:11.0912 5112 RasAuto - ok
21:38:11.0959 5112 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:38:12.0006 5112 Rasl2tp - ok
21:38:12.0068 5112 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:38:12.0146 5112 RasMan - ok
21:38:12.0193 5112 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:38:12.0287 5112 RasPppoe - ok
21:38:12.0302 5112 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:38:12.0365 5112 RasSstp - ok
21:38:12.0427 5112 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:38:12.0489 5112 rdbss - ok
21:38:12.0505 5112 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:38:12.0567 5112 rdpbus - ok
21:38:12.0599 5112 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:38:12.0661 5112 RDPCDD - ok
21:38:12.0692 5112 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:38:12.0755 5112 RDPENCDD - ok
21:38:12.0770 5112 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:38:12.0817 5112 RDPREFMP - ok
21:38:12.0864 5112 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:38:12.0911 5112 RDPWD - ok
21:38:12.0989 5112 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:38:13.0020 5112 rdyboost - ok
21:38:13.0051 5112 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:38:13.0113 5112 RemoteAccess - ok
21:38:13.0145 5112 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:38:13.0207 5112 RemoteRegistry - ok
21:38:13.0238 5112 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:38:13.0301 5112 RpcEptMapper - ok
21:38:13.0347 5112 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:38:13.0379 5112 RpcLocator - ok
21:38:13.0457 5112 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:38:13.0503 5112 RpcSs - ok
21:38:13.0550 5112 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:38:13.0613 5112 rspndr - ok
21:38:13.0675 5112 RSUSBSTOR (9beb5f18a418ff70659ce2e356829568) C:\Windows\System32\Drivers\RtsUStor.sys
21:38:13.0815 5112 RSUSBSTOR - ok
21:38:13.0862 5112 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:38:13.0878 5112 SamSs - ok
21:38:13.0909 5112 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:38:13.0925 5112 sbp2port - ok
21:38:13.0971 5112 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:38:14.0034 5112 SCardSvr - ok
21:38:14.0065 5112 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:38:14.0112 5112 scfilter - ok
21:38:14.0252 5112 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:38:14.0377 5112 Schedule - ok
21:38:14.0424 5112 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:38:14.0471 5112 SCPolicySvc - ok
21:38:14.0517 5112 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:38:14.0549 5112 SDRSVC - ok
21:38:14.0595 5112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:38:14.0689 5112 secdrv - ok
21:38:14.0720 5112 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:38:14.0767 5112 seclogon - ok
21:38:14.0798 5112 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:38:14.0845 5112 SENS - ok
21:38:14.0876 5112 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:38:14.0907 5112 SensrSvc - ok
21:38:14.0939 5112 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:38:14.0954 5112 Serenum - ok
21:38:14.0985 5112 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:38:15.0032 5112 Serial - ok
21:38:15.0110 5112 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:38:15.0141 5112 sermouse - ok
21:38:15.0204 5112 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:38:15.0266 5112 SessionEnv - ok
21:38:15.0313 5112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:38:15.0360 5112 sffdisk - ok
21:38:15.0391 5112 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:38:15.0422 5112 sffp_mmc - ok
21:38:15.0438 5112 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:38:15.0469 5112 sffp_sd - ok
21:38:15.0500 5112 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:38:15.0531 5112 sfloppy - ok
21:38:15.0656 5112 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:38:15.0703 5112 Sftfs - ok
21:38:15.0843 5112 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:38:15.0875 5112 sftlist - ok
21:38:15.0921 5112 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:38:15.0937 5112 Sftplay - ok
21:38:15.0953 5112 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:38:15.0968 5112 Sftredir - ok
21:38:15.0999 5112 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:38:16.0015 5112 Sftvol - ok
21:38:16.0077 5112 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:38:16.0109 5112 sftvsa - ok
21:38:16.0171 5112 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:38:16.0233 5112 SharedAccess - ok
21:38:16.0311 5112 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:38:16.0421 5112 ShellHWDetection - ok
21:38:16.0436 5112 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:38:16.0452 5112 SiSRaid2 - ok
21:38:16.0483 5112 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:38:16.0499 5112 SiSRaid4 - ok
21:38:16.0530 5112 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:38:16.0577 5112 Smb - ok
21:38:16.0623 5112 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:38:16.0670 5112 SNMPTRAP - ok
21:38:16.0701 5112 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:38:16.0717 5112 spldr - ok
21:38:16.0826 5112 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:38:16.0873 5112 Spooler - ok
21:38:17.0138 5112 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:38:17.0247 5112 sppsvc - ok
21:38:17.0357 5112 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:38:17.0435 5112 sppuinotify - ok
21:38:17.0513 5112 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:38:17.0575 5112 srv - ok
21:38:17.0637 5112 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:38:17.0700 5112 srv2 - ok
21:38:17.0747 5112 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:38:17.0793 5112 srvnet - ok
21:38:17.0856 5112 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:38:17.0965 5112 SSDPSRV - ok
21:38:17.0981 5112 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:38:18.0043 5112 SstpSvc - ok
21:38:18.0074 5112 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:38:18.0090 5112 stexstor - ok
21:38:18.0152 5112 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:38:18.0230 5112 stisvc - ok
21:38:18.0277 5112 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:38:18.0308 5112 swenum - ok
21:38:18.0371 5112 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:38:18.0449 5112 swprv - ok
21:38:18.0511 5112 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
21:38:18.0636 5112 SynTP - ok
21:38:18.0807 5112 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:38:18.0901 5112 SysMain - ok
21:38:19.0026 5112 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:38:19.0057 5112 TabletInputService - ok
21:38:19.0104 5112 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:38:19.0151 5112 TapiSrv - ok
21:38:19.0182 5112 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:38:19.0275 5112 TBS - ok
21:38:19.0494 5112 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:38:19.0587 5112 Tcpip - ok
21:38:19.0868 5112 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:38:19.0931 5112 TCPIP6 - ok
21:38:20.0087 5112 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:38:20.0180 5112 tcpipreg - ok
21:38:20.0227 5112 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:38:20.0274 5112 TDPIPE - ok
21:38:20.0305 5112 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:38:20.0336 5112 TDTCP - ok
21:38:20.0383 5112 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:38:20.0461 5112 tdx - ok
21:38:20.0508 5112 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:38:20.0523 5112 TermDD - ok
21:38:20.0586 5112 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:38:20.0664 5112 TermService - ok
21:38:20.0711 5112 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:38:20.0742 5112 Themes - ok
21:38:20.0789 5112 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:38:20.0851 5112 THREADORDER - ok
21:38:20.0867 5112 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:38:20.0929 5112 TrkWks - ok
21:38:21.0038 5112 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:38:21.0116 5112 TrustedInstaller - ok
21:38:21.0147 5112 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:38:21.0194 5112 tssecsrv - ok
21:38:21.0288 5112 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:38:21.0335 5112 TsUsbFlt - ok
21:38:21.0413 5112 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:38:21.0506 5112 tunnel - ok
21:38:21.0537 5112 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:38:21.0553 5112 uagp35 - ok
21:38:21.0600 5112 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:38:21.0709 5112 UBHelper - ok
21:38:21.0771 5112 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:38:21.0849 5112 udfs - ok
21:38:21.0912 5112 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:38:21.0927 5112 UI0Detect - ok
21:38:21.0974 5112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:38:21.0990 5112 uliagpkx - ok
21:38:22.0021 5112 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:38:22.0052 5112 umbus - ok
21:38:22.0099 5112 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:38:22.0115 5112 UmPass - ok
21:38:22.0224 5112 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:38:22.0349 5112 Updater Service - ok
21:38:22.0489 5112 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:38:22.0567 5112 upnphost - ok
21:38:22.0614 5112 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:38:22.0661 5112 usbccgp - ok
21:38:22.0707 5112 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:38:22.0723 5112 usbcir - ok
21:38:22.0754 5112 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:38:22.0785 5112 usbehci - ok
21:38:22.0848 5112 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
21:38:23.0004 5112 usbfilter - ok
21:38:23.0066 5112 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:38:23.0129 5112 usbhub - ok
21:38:23.0160 5112 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:38:23.0191 5112 usbohci - ok
21:38:23.0222 5112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:38:23.0253 5112 usbprint - ok
21:38:23.0316 5112 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:38:23.0347 5112 usbscan - ok
21:38:23.0378 5112 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:38:23.0425 5112 USBSTOR - ok
21:38:23.0472 5112 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:38:23.0503 5112 usbuhci - ok
21:38:23.0550 5112 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:38:23.0581 5112 usbvideo - ok
21:38:23.0612 5112 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:38:23.0675 5112 UxSms - ok
21:38:23.0721 5112 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:38:23.0737 5112 VaultSvc - ok
21:38:23.0799 5112 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
21:38:23.0955 5112 VClone - ok
21:38:24.0080 5112 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:38:24.0111 5112 vdrvroot - ok
21:38:24.0189 5112 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:38:24.0267 5112 vds - ok
21:38:24.0314 5112 vflt (00c7df4f50962ba218ab60d32869100b) C:\Windows\system32\DRIVERS\vfilter.sys
21:38:24.0361 5112 vflt - ok
21:38:24.0423 5112 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:38:24.0455 5112 vga - ok
21:38:24.0486 5112 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:38:24.0548 5112 VgaSave - ok
21:38:24.0595 5112 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:38:24.0626 5112 vhdmp - ok
21:38:24.0642 5112 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:38:24.0657 5112 viaide - ok
21:38:24.0673 5112 vnet (a99ca064ad11266fe7067a79bf78bbb5) C:\Windows\system32\DRIVERS\virtualnet.sys
21:38:24.0735 5112 vnet - ok
21:38:24.0767 5112 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:38:24.0798 5112 volmgr - ok
21:38:24.0860 5112 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:38:24.0891 5112 volmgrx - ok
21:38:24.0954 5112 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:38:25.0001 5112 volsnap - ok
21:38:25.0110 5112 vpnagent (0e097e4d63e39fd2583db1cf5cfe3ad5) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
21:38:25.0141 5112 vpnagent - ok
21:38:25.0172 5112 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
21:38:25.0188 5112 vpnva - ok
21:38:25.0235 5112 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:38:25.0250 5112 vsmraid - ok
21:38:25.0422 5112 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:38:25.0531 5112 VSS - ok
21:38:25.0656 5112 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:38:25.0703 5112 vwifibus - ok
21:38:25.0734 5112 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:38:25.0796 5112 vwififlt - ok
21:38:25.0874 5112 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:38:25.0937 5112 W32Time - ok
21:38:25.0968 5112 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:38:25.0999 5112 WacomPen - ok
21:38:26.0046 5112 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:38:26.0124 5112 WANARP - ok
21:38:26.0139 5112 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:38:26.0186 5112 Wanarpv6 - ok
21:38:26.0358 5112 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:38:26.0436 5112 WatAdminSvc - ok
21:38:26.0576 5112 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:38:26.0654 5112 wbengine - ok
21:38:26.0779 5112 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:38:26.0826 5112 WbioSrvc - ok
21:38:26.0888 5112 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:38:26.0935 5112 wcncsvc - ok
21:38:26.0951 5112 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:38:26.0997 5112 WcsPlugInService - ok
21:38:27.0091 5112 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:38:27.0122 5112 Wd - ok
21:38:27.0216 5112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:38:27.0247 5112 Wdf01000 - ok
21:38:27.0278 5112 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:38:27.0403 5112 WdiServiceHost - ok
21:38:27.0419 5112 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:38:27.0434 5112 WdiSystemHost - ok
21:38:27.0497 5112 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:38:27.0559 5112 WebClient - ok
21:38:27.0621 5112 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:38:27.0699 5112 Wecsvc - ok
21:38:27.0731 5112 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:38:27.0793 5112 wercplsupport - ok
21:38:27.0824 5112 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:38:27.0887 5112 WerSvc - ok
21:38:27.0965 5112 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:38:28.0027 5112 WfpLwf - ok
21:38:28.0043 5112 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:38:28.0058 5112 WIMMount - ok
21:38:28.0089 5112 WinDefend - ok
21:38:28.0105 5112 WinHttpAutoProxySvc - ok
21:38:28.0183 5112 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:38:28.0245 5112 Winmgmt - ok
21:38:28.0401 5112 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:38:28.0526 5112 WinRM - ok
21:38:28.0698 5112 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:38:28.0745 5112 WinUsb - ok
21:38:28.0854 5112 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:38:28.0932 5112 Wlansvc - ok
21:38:28.0994 5112 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:38:29.0041 5112 WmiAcpi - ok
21:38:29.0119 5112 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:38:29.0181 5112 wmiApSrv - ok
21:38:29.0228 5112 WMPNetworkSvc - ok
21:38:29.0259 5112 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:38:29.0306 5112 WPCSvc - ok
21:38:29.0353 5112 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:38:29.0369 5112 WPDBusEnum - ok
21:38:29.0415 5112 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:38:29.0447 5112 ws2ifsl - ok
21:38:29.0478 5112 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:38:29.0525 5112 wscsvc - ok
21:38:29.0525 5112 WSearch - ok
21:38:29.0774 5112 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:38:29.0868 5112 wuauserv - ok
21:38:29.0977 5112 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:38:30.0086 5112 WudfPf - ok
21:38:30.0133 5112 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:38:30.0195 5112 WUDFRd - ok
21:38:30.0242 5112 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:38:30.0289 5112 wudfsvc - ok
21:38:30.0320 5112 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:38:30.0398 5112 WwanSvc - ok
21:38:30.0461 5112 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:38:30.0819 5112 \Device\Harddisk0\DR0 - ok
21:38:30.0835 5112 Boot (0x1200) (5696e3be1841692ed9f6fe78fe2e5b78) \Device\Harddisk0\DR0\Partition0
21:38:30.0835 5112 \Device\Harddisk0\DR0\Partition0 - ok
21:38:30.0866 5112 Boot (0x1200) (cbdf352542589cd25810e1cb8c2c855e) \Device\Harddisk0\DR0\Partition1
21:38:30.0866 5112 \Device\Harddisk0\DR0\Partition1 - ok
21:38:30.0882 5112 ============================================================
21:38:30.0882 5112 Scan finished
21:38:30.0882 5112 ============================================================
21:38:30.0897 1744 Detected object count: 0
21:38:30.0897 1744 Actual detected object count: 0
|
|
30.07.2012, 08:22
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.07.2012, 20:12
| #23 |
| | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? hier de Bericht von ComboFix, es lief soweit alles glatt. Code:
ATTFilter ComboFix 12-07-30.01 - *** 30.07.2012 19:50:15.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1790.875 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\SysWow64\lsprst7.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-28 bis 2012-07-30 ))))))))))))))))))))))))))))))
.
.
2012-07-30 18:40 . 2012-07-30 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 17:28 . 2012-07-29 17:28 -------- d-----w- C:\_OTL
2012-07-27 22:02 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CA4E710-AF2C-41C7-956A-5FBF64173C44}\mpengine.dll
2012-07-25 15:00 . 2012-07-25 15:00 -------- d-----w- c:\program files (x86)\ESET
2012-07-12 08:42 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 05:05 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 08:36 . 2011-01-23 19:20 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 11:46 . 2012-06-05 16:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-22 13:51 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 13:52 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 13:52 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 13:52 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 13:51 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 13:52 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 13:51 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 13:51 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 13:51 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-03-07 12:53 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-13 10:41 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 10:41 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 10:41 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 13:24 . 2012-05-27 07:28 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-03-23 519632]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2011-03-23 94864]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-07-21 247400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-03-23 435152]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-22 6233088]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-22 161280]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-25 76912]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\bmv6gdk2.default\
FF - prefs.js: browser.startup.homepage - www.t-online.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atibtmon.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-30 21:03:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-30 19:03
.
Vor Suchlauf: 9 Verzeichnis(se), 258.168.909.824 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 257.561.456.640 Bytes frei
.
- - End Of File - - F085502C268FE494D91E41B69D05F5F6
|
|
30.07.2012, 21:20
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.07.2012, 17:39
| #25 |
| | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? also GMER schrieb folgendes: "GMER has not found any system modifications." Ich lass grad jetzt die beiden anderen Programme drüberlaufen... und nun die beiden anderen Berichte. Gruß, Matze Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:43:21 on 31.07.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 13.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acsock" (acsock) - "Cisco Systems, Inc." - C:\Windows\System32\DRIVERS\acsock64.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - ? - C:\Windows\system32\Drivers\CVPNDRVA.sys (File found, but it contains no detailed information) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys "Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys "Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys "Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys "Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files (x86)\WinRAR\rarext.dll {B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.4" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.4\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k "Cisco AnyConnect Secure Mobility Agent for Windows" - "Cisco Systems, Inc." - "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized "LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe "Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Cisco AnyConnect Secure Mobility Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe "Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE "Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe "GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe "Norton Online Backup" (NOBU) - "Symantec Corporation" - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "ShrewSoft DNS Proxy Daemon" (dtpd) - ? - C:\Program Files\ShrewSoft\VPN Client\dtpd.exe (File found, but it contains no detailed information) "ShrewSoft IKE Daemon" (iked) - ? - C:\Program Files\ShrewSoft\VPN Client\iked.exe (File found, but it contains no detailed information) "ShrewSoft IPSEC Daemon" (ipsecd) - ? - C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe (File found, but it contains no detailed information) "Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-31 18:43:55
-----------------------------
18:43:55.795 OS Version: Windows x64 6.1.7601 Service Pack 1
18:43:55.795 Number of processors: 1 586 0x603
18:43:55.810 ComputerName: ***-PC UserName: ***
18:43:56.590 Initialize success
18:46:00.505 AVAST engine defs: 12073101
18:46:51.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:46:51.829 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC60F Size: 305245MB BusType: 11
18:46:51.860 Disk 0 MBR read successfully
18:46:51.860 Disk 0 MBR scan
18:46:51.860 Disk 0 Windows VISTA default MBR code
18:46:51.876 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
18:46:51.907 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
18:46:51.938 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292143 MB offset 26830848
18:46:51.954 Disk 0 scanning C:\Windows\system32\drivers
18:47:04.449 Service scanning
18:47:44.214 Modules scanning
18:47:44.229 Disk 0 trace - called modules:
18:47:44.260 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:47:44.791 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002214060]
18:47:44.806 3 CLASSPNP.SYS[fffff880019a243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8001f94060]
18:47:45.586 AVAST engine scan C:\Windows
18:47:50.422 AVAST engine scan C:\Windows\system32
18:51:46.700 AVAST engine scan C:\Windows\system32\drivers
18:52:01.817 AVAST engine scan C:\Users\***
18:53:00.520 AVAST engine scan C:\ProgramData
18:54:08.832 Scan finished successfully
18:54:53.885 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:54:53.901 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBRLog.txt"
|
|
01.08.2012, 16:21
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.08.2012, 19:43
| #27 |
| | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? das hört sich doch mal gut an, vielen Dank schonmal  Also dann hier mal die Logs von Malwarebytes und Superantispyware.Gruß, Matze P.S.: Konntest du erkennen, ob auf dem Laptop ein Virus oder etwas in der Art war? Das ein odere andere Programm hat ja immer mal wieder etwas gefunden... Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.02.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 02.08.2012 19:12:20 mbam-log-2012-08-02 (19-12-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 327528 Laufzeit: 1 Stunde(n), 17 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/01/2012 at 10:59 PM
Application Version : 5.5.1012
Core Rules Database Version : 8992
Trace Rules Database Version: 6804
Scan type : Complete Scan
Total Scan Time : 00:59:13
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 749
Memory threats detected : 0
Registry items scanned : 65021
Registry threats detected : 0
File items scanned : 48428
File threats detected : 595
Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@advertising[2].txt [ /advertising ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adx.chip[2].txt [ /adx.chip ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@cdn.at.atwola[1].txt [ /cdn.at.atwola ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@statse.webtrendslive[1].txt [ /statse.webtrendslive ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tacoda.at.atwola[1].txt [ /tacoda.at.atwola ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@yadro[2].txt [ /yadro ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\C285J65R.txt [ /doubleclick.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\YSQNAO3G.txt [ /www.zanox-affiliate.de ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\5BP57IJR.txt [ /adfarm1.adition.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\DBY03DIM.txt [ /tracking.quisma.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\38FRHPVL.txt [ /ad.zanox.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\5PEWSC01.txt [ /zanox-affiliate.de ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\V00RCIT3.txt [ /fastclick.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\B6SJ66VH.txt [ /adform.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\5O5VLU2S.txt [ /ad2.adfarm1.adition.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\F4I7HXLK.txt [ /mediaplex.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EB8IQNXW.txt [ /apmebf.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EPY999U3.txt [ /adserver.gs ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\XZ5BVBWO.txt [ /tradedoubler.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\ASJPJED8.txt [ /zanox.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\SYGL5RUA.txt [ /invitemedia.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\3NIVJ40Z.txt [ /c.atdmt.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EF9GKS3U.txt [ /atdmt.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\95B3T6L7.txt [ /ad1.adfarm1.adition.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\DL0J7Z0F.txt [ /track.adform.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\8BTDKQ2W.txt [ /imrworldwide.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\KKYLDOBX.txt [ /smartadserver.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\XL01NGQP.txt [ /serving-sys.com ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\HRW171BF.txt [ Cookie:***@doubleclick.net/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\AHTRTCSI.txt [ Cookie:***@adfarm1.adition.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\LDCC4CKN.txt [ Cookie:***@ad4.adfarm1.adition.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@content.yieldmanager[2].txt [ Cookie:***@content.yieldmanager.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@tracking.quisma[2].txt [ Cookie:***@tracking.quisma.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\GM16QBCB.txt [ Cookie:***@adx.chip.de/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@adviva[1].txt [ Cookie:***@adviva.net/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@ad.zanox[1].txt [ Cookie:***@ad.zanox.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@ad.yieldmanager[2].txt [ Cookie:***@ad.yieldmanager.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:***@microsoftinternetexplorer.112.2o7.net/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@zanox-affiliate[1].txt [ Cookie:***@zanox-affiliate.de/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@fastclick[1].txt [ Cookie:***@fastclick.net/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@www.googleadservices[1].txt [ Cookie:***@www.googleadservices.com/pagead/conversion/993119703/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@unitymedia[2].txt [ Cookie:***@unitymedia.de/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\W2TN8IXF.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\F95ZHM5F.txt [ Cookie:***@mediaplex.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\1TSOVM19.txt [ Cookie:***@revsci.net/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@zanox[1].txt [ Cookie:***@zanox.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\VHIGMI1R.txt [ Cookie:***@tradedoubler.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@content.yieldmanager[3].txt [ Cookie:***@content.yieldmanager.com/ak/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@yadro[2].txt [ Cookie:***@yadro.ru/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@msnportal.112.2o7[1].txt [ Cookie:***@msnportal.112.2o7.net/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@xiti[1].txt [ Cookie:***@xiti.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\MKSLZ516.txt [ Cookie:***@atdmt.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@imrworldwide[2].txt [ Cookie:***@imrworldwide.com/cgi-bin ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJ966IVA.txt [ Cookie:***@serving-sys.com/ ]
C:\USERS\***\Cookies\C285J65R.txt [ Cookie:***@doubleclick.net/ ]
C:\USERS\***\Cookies\YSQNAO3G.txt [ Cookie:***@www.zanox-affiliate.de/ ]
C:\USERS\***\Cookies\5BP57IJR.txt [ Cookie:***@adfarm1.adition.com/ ]
C:\USERS\***\Cookies\***@content.yieldmanager[1].txt [ Cookie:***@content.yieldmanager.com/ ]
C:\USERS\***\Cookies\DBY03DIM.txt [ Cookie:***@tracking.quisma.com/ ]
C:\USERS\***\Cookies\***@adx.chip[2].txt [ Cookie:***@adx.chip.de/ ]
C:\USERS\***\Cookies\***@cdn.at.atwola[1].txt [ Cookie:***@cdn.at.atwola.com/ ]
C:\USERS\***\Cookies\38FRHPVL.txt [ Cookie:***@ad.zanox.com/ ]
C:\USERS\***\Cookies\***@ad.yieldmanager[1].txt [ Cookie:***@ad.yieldmanager.com/ ]
C:\USERS\***\Cookies\5PEWSC01.txt [ Cookie:***@zanox-affiliate.de/ ]
C:\USERS\***\Cookies\V00RCIT3.txt [ Cookie:***@fastclick.net/ ]
C:\USERS\***\Cookies\***@advertising[2].txt [ Cookie:***@advertising.com/ ]
C:\USERS\***\Cookies\B6SJ66VH.txt [ Cookie:***@adform.net/ ]
C:\USERS\***\Cookies\5O5VLU2S.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
C:\USERS\***\Cookies\F4I7HXLK.txt [ Cookie:***@mediaplex.com/ ]
C:\USERS\***\Cookies\XZ5BVBWO.txt [ Cookie:***@tradedoubler.com/ ]
C:\USERS\***\Cookies\ASJPJED8.txt [ Cookie:***@zanox.com/ ]
C:\USERS\***\Cookies\***@yadro[2].txt [ Cookie:***@yadro.ru/ ]
C:\USERS\***\Cookies\EF9GKS3U.txt [ Cookie:***@atdmt.com/ ]
C:\USERS\***\Cookies\95B3T6L7.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]
C:\USERS\***\Cookies\DL0J7Z0F.txt [ Cookie:***@track.adform.net/ ]
C:\USERS\***\Cookies\***@tacoda.at.atwola[1].txt [ Cookie:***@tacoda.at.atwola.com/ ]
C:\USERS\***\Cookies\8BTDKQ2W.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
C:\USERS\***\Cookies\XL01NGQP.txt [ Cookie:***@serving-sys.com/ ]
.im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.vodafonegroup.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
tracking.livingo.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
tracking.livingo.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.3pagen.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.cunda.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
stat.aldi.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.loyaltypartner.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adserver.gs [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ads.247activemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adsrv1.admediate.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.nhhotelessa.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.shop2market.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
partners.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.aim4media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
partners.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.c1.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.opodo.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.horyzon-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.horyzon-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.horyzon-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.horyzon-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.rezidor.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.ihg.db.advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.holidaycheckag.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.daimlerag.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
weihnachtsmarkt-finder.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
media1.comnos.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
media.stage-entertainment.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adserver.fck.onvert.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
advertising.youdagames.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ads2.fettspielen.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adserver2.clipkit.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ads2.fettspielen.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.stepstone.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adserv.kwick.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adserv.kwick.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.ikea.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
banner.testberichte.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
e2.emediate.se [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.thomascookag.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.unister-adservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.ads2.net2day.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.microsoftwllivemkt.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ads2.net2day.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ads2.net2day.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ads2.net2day.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ads2.net2day.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ads2.net2day.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ads3.net2day.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tuiinteractive.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
commons.wikimedia.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.unister-adservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.unister-adservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.unister-adservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adserver.gb5.motorpresse.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
messagespace.advertserve.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.oxtrack.cafebabel.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.snapfish.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
server.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
s08.flagcounter.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adserver.flughafen-stuttgart.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adserver.flughafen-stuttgart.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.active-tracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.active-tracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.active-tracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.kaspersky.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
a.visualrevenue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adserver.flughafen-stuttgart.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
server.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.unister-adservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adformdsp.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMV6GDK2.DEFAULT\COOKIES.SQLITE ]
Geändert von Matze01 (02.08.2012 um 19:48 Uhr) |
|
03.08.2012, 16:06
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!?Code:
ATTFilter UAC On - Limited User
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.08.2012, 16:29
| #29 |
| | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? ne ich dachte eigentlich mit Rechtsklick und "Als Administrator ausführen" Soll ich es nochmal drüberlaufen lassen? |
|
03.08.2012, 20:19
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? Nein, dann ist das ein Bug von diesem Programm, hab ich schon öfter beobachtet  Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows-Verschüsselungstrojaner weg und irgendwie doch nicht?!? |
| adobe, antivirus, autorun, avira, entfernen, explorer, firefox, format, frage, home, hängen, keylogger, launch, locker, logfile, mail-account, malwarebytes, microsoft, mozilla, mywinlocker, nicht mehr öffnen, opera, plug-in, problem, programme, realtek, registry, scan, searchscopes, symantec, undelivered, warnung |
Linear-Darstellung
