| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32/Sirefef.FC TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.09.2012, 21:33
| #31 |
 |  Win32/Sirefef.FC Trojaner Mit "fixen" meintest du sicher die Aktion "cure" auswählen, oder? Habe ich getan, neugestartet und nach erneutem Scan folgende Log erhalten: Code:
ATTFilter 22:30:54.0913 2400 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:30:55.0006 2400 ============================================================
22:30:55.0006 2400 Current date / time: 2012/09/12 22:30:55.0006
22:30:55.0006 2400 SystemInfo:
22:30:55.0006 2400
22:30:55.0006 2400 OS Version: 6.1.7601 ServicePack: 1.0
22:30:55.0006 2400 Product type: Workstation
22:30:55.0006 2400 ComputerName: COCO-PC
22:30:55.0006 2400 UserName: Coco
22:30:55.0006 2400 Windows directory: C:\Windows
22:30:55.0006 2400 System windows directory: C:\Windows
22:30:55.0006 2400 Processor architecture: Intel x86
22:30:55.0006 2400 Number of processors: 1
22:30:55.0006 2400 Page size: 0x1000
22:30:55.0006 2400 Boot type: Normal boot
22:30:55.0006 2400 ============================================================
22:30:55.0553 2400 BG loaded
22:30:55.0866 2400 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:30:55.0881 2400 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x939E, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
22:30:55.0881 2400 ============================================================
22:30:55.0881 2400 \Device\Harddisk1\DR1:
22:30:55.0881 2400 MBR partitions:
22:30:55.0881 2400 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
22:30:55.0881 2400 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x10E74800
22:30:55.0881 2400 \Device\Harddisk0\DR0:
22:30:55.0881 2400 MBR partitions:
22:30:55.0881 2400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:30:55.0881 2400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x992F800
22:30:55.0881 2400 ============================================================
22:30:55.0897 2400 C: <-> \Device\Harddisk0\DR0\Partition2
22:30:55.0897 2400 E: <-> \Device\Harddisk1\DR1\Partition1
22:30:55.0897 2400 F: <-> \Device\Harddisk1\DR1\Partition2
22:30:55.0897 2400 ============================================================
22:30:55.0897 2400 Initialize success
22:30:55.0897 2400 ============================================================
22:31:01.0915 3920 ============================================================
22:31:01.0915 3920 Scan started
22:31:01.0915 3920 Mode: Manual; SigCheck; TDLFS;
22:31:01.0915 3920 ============================================================
22:31:02.0415 3920 ================ Scan system memory ========================
22:31:02.0415 3920 System memory - ok
22:31:02.0430 3920 ================ Scan services =============================
22:31:02.0571 3920 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:31:02.0649 3920 1394ohci - ok
22:31:02.0711 3920 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:31:02.0727 3920 ACPI - ok
22:31:02.0758 3920 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:31:02.0774 3920 AcpiPmi - ok
22:31:02.0883 3920 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:31:02.0899 3920 AdobeARMservice - ok
22:31:02.0977 3920 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:31:02.0993 3920 AdobeFlashPlayerUpdateSvc - ok
22:31:03.0040 3920 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:31:03.0071 3920 adp94xx - ok
22:31:03.0102 3920 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:31:03.0118 3920 adpahci - ok
22:31:03.0149 3920 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:31:03.0165 3920 adpu320 - ok
22:31:03.0211 3920 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:31:03.0227 3920 AeLookupSvc - ok
22:31:03.0290 3920 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:31:03.0305 3920 AFD - ok
22:31:03.0336 3920 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:31:03.0336 3920 agp440 - ok
22:31:03.0383 3920 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:31:03.0399 3920 aic78xx - ok
22:31:03.0555 3920 [ 7997B6F02CBDA0E31FA18CC85871B938 ] ALCXWDM C:\Windows\system32\drivers\RTKVAC.SYS
22:31:03.0649 3920 ALCXWDM - ok
22:31:03.0727 3920 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:31:03.0743 3920 ALG - ok
22:31:03.0774 3920 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:31:03.0790 3920 aliide - ok
22:31:03.0821 3920 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:31:03.0836 3920 amdagp - ok
22:31:03.0852 3920 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:31:03.0852 3920 amdide - ok
22:31:03.0899 3920 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:31:03.0915 3920 AmdK8 - ok
22:31:03.0946 3920 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:31:03.0961 3920 AmdPPM - ok
22:31:04.0008 3920 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:31:04.0024 3920 amdsata - ok
22:31:04.0055 3920 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:31:04.0071 3920 amdsbs - ok
22:31:04.0102 3920 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:31:04.0118 3920 amdxata - ok
22:31:04.0149 3920 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:31:04.0180 3920 AppID - ok
22:31:04.0211 3920 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:31:04.0243 3920 AppIDSvc - ok
22:31:04.0274 3920 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:31:04.0305 3920 Appinfo - ok
22:31:04.0336 3920 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:31:04.0352 3920 Apple Mobile Device - ok
22:31:04.0399 3920 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:31:04.0415 3920 AppMgmt - ok
22:31:04.0461 3920 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
22:31:04.0477 3920 arc - ok
22:31:04.0508 3920 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:31:04.0524 3920 arcsas - ok
22:31:04.0555 3920 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:31:04.0571 3920 AsyncMac - ok
22:31:04.0602 3920 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:31:04.0618 3920 atapi - ok
22:31:04.0805 3920 [ 712D8A95E45B070114C5309ADA7358FF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:31:04.0883 3920 atikmdag - ok
22:31:04.0930 3920 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:31:04.0961 3920 AudioEndpointBuilder - ok
22:31:04.0977 3920 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:31:05.0024 3920 Audiosrv - ok
22:31:05.0055 3920 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:31:05.0071 3920 AxInstSV - ok
22:31:05.0118 3920 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
22:31:05.0149 3920 b06bdrv - ok
22:31:05.0180 3920 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:31:05.0196 3920 b57nd60x - ok
22:31:05.0258 3920 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:31:05.0274 3920 BDESVC - ok
22:31:05.0305 3920 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:31:05.0336 3920 Beep - ok
22:31:05.0352 3920 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:31:05.0368 3920 blbdrive - ok
22:31:05.0430 3920 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:31:05.0446 3920 Bonjour Service - ok
22:31:05.0477 3920 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:31:05.0477 3920 bowser - ok
22:31:05.0508 3920 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:31:05.0524 3920 BrFiltLo - ok
22:31:05.0555 3920 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:31:05.0571 3920 BrFiltUp - ok
22:31:05.0602 3920 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
22:31:05.0633 3920 Browser - ok
22:31:05.0649 3920 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:31:05.0680 3920 Brserid - ok
22:31:05.0727 3920 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:31:05.0743 3920 BrSerWdm - ok
22:31:05.0790 3920 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:31:05.0805 3920 BrUsbMdm - ok
22:31:05.0836 3920 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:31:05.0852 3920 BrUsbSer - ok
22:31:05.0883 3920 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:31:05.0899 3920 BTHMODEM - ok
22:31:05.0946 3920 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:31:05.0977 3920 bthserv - ok
22:31:06.0008 3920 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:31:06.0040 3920 cdfs - ok
22:31:06.0086 3920 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:31:06.0102 3920 cdrom - ok
22:31:06.0149 3920 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:31:06.0180 3920 CertPropSvc - ok
22:31:06.0211 3920 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
22:31:06.0227 3920 circlass - ok
22:31:06.0258 3920 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:31:06.0274 3920 CLFS - ok
22:31:06.0336 3920 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:31:06.0336 3920 clr_optimization_v2.0.50727_32 - ok
22:31:06.0415 3920 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:31:06.0430 3920 clr_optimization_v4.0.30319_32 - ok
22:31:06.0446 3920 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:31:06.0461 3920 CmBatt - ok
22:31:06.0493 3920 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:31:06.0493 3920 cmdide - ok
22:31:06.0540 3920 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
22:31:06.0571 3920 CNG - ok
22:31:06.0571 3920 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:31:06.0586 3920 Compbatt - ok
22:31:06.0618 3920 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:31:06.0633 3920 CompositeBus - ok
22:31:06.0665 3920 COMSysApp - ok
22:31:06.0727 3920 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:31:06.0743 3920 crcdisk - ok
22:31:06.0790 3920 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:31:06.0805 3920 CryptSvc - ok
22:31:06.0852 3920 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
22:31:06.0868 3920 CSC - ok
22:31:06.0899 3920 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
22:31:06.0915 3920 CscService - ok
22:31:06.0961 3920 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:31:06.0995 3920 DcomLaunch - ok
22:31:07.0026 3920 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:31:07.0073 3920 defragsvc - ok
22:31:07.0088 3920 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:31:07.0120 3920 DfsC - ok
22:31:07.0182 3920 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:31:07.0213 3920 Dhcp - ok
22:31:07.0229 3920 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:31:07.0276 3920 discache - ok
22:31:07.0307 3920 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
22:31:07.0323 3920 Disk - ok
22:31:07.0354 3920 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
22:31:07.0370 3920 dmvsc - ok
22:31:07.0385 3920 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:31:07.0401 3920 Dnscache - ok
22:31:07.0448 3920 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:31:07.0479 3920 dot3svc - ok
22:31:07.0510 3920 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:31:07.0541 3920 DPS - ok
22:31:07.0573 3920 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:31:07.0588 3920 drmkaud - ok
22:31:07.0635 3920 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:31:07.0666 3920 DXGKrnl - ok
22:31:07.0713 3920 [ 04238864710460C5682E260207D06192 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
22:31:07.0729 3920 eamonm - ok
22:31:07.0760 3920 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:31:07.0791 3920 EapHost - ok
22:31:07.0916 3920 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
22:31:07.0979 3920 ebdrv - ok
22:31:07.0995 3920 efavdrv - ok
22:31:08.0026 3920 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:31:08.0041 3920 EFS - ok
22:31:08.0073 3920 [ DEFF87F04AB5F6DD5EDF2B80853BBE10 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
22:31:08.0088 3920 ehdrv - ok
22:31:08.0151 3920 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:31:08.0182 3920 ehRecvr - ok
22:31:08.0198 3920 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:31:08.0213 3920 ehSched - ok
22:31:08.0291 3920 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
22:31:08.0323 3920 ekrn - ok
22:31:08.0370 3920 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:31:08.0385 3920 elxstor - ok
22:31:08.0432 3920 [ 5BA193CA0AE31209AAA39939CE6736B2 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
22:31:08.0448 3920 epfw - ok
22:31:08.0463 3920 [ 9CEFD59C8E5EBFB48165AEF54617F539 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
22:31:08.0479 3920 EpfwLWF - ok
22:31:08.0510 3920 [ 7144A06AC105A2A7302944602E415EC1 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
22:31:08.0526 3920 epfwwfp - ok
22:31:08.0541 3920 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:31:08.0557 3920 ErrDev - ok
22:31:08.0620 3920 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:31:08.0651 3920 EventSystem - ok
22:31:08.0713 3920 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:31:08.0745 3920 exfat - ok
22:31:08.0791 3920 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:31:08.0823 3920 fastfat - ok
22:31:08.0870 3920 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:31:08.0885 3920 Fax - ok
22:31:08.0901 3920 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:31:08.0916 3920 fdc - ok
22:31:08.0948 3920 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:31:08.0979 3920 fdPHost - ok
22:31:08.0995 3920 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:31:09.0026 3920 FDResPub - ok
22:31:09.0057 3920 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:31:09.0073 3920 FileInfo - ok
22:31:09.0088 3920 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:31:09.0135 3920 Filetrace - ok
22:31:09.0135 3920 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:09.0151 3920 flpydisk - ok
22:31:09.0198 3920 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:31:09.0213 3920 FltMgr - ok
22:31:09.0260 3920 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
22:31:09.0291 3920 FontCache - ok
22:31:09.0354 3920 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:31:09.0354 3920 FontCache3.0.0.0 - ok
22:31:09.0385 3920 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:31:09.0401 3920 FsDepends - ok
22:31:09.0448 3920 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:31:09.0448 3920 Fs_Rec - ok
22:31:09.0526 3920 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:31:09.0541 3920 fvevol - ok
22:31:09.0573 3920 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:31:09.0588 3920 gagp30kx - ok
22:31:09.0620 3920 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:31:09.0620 3920 GEARAspiWDM - ok
22:31:09.0666 3920 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:31:09.0713 3920 gpsvc - ok
22:31:09.0745 3920 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:31:09.0760 3920 hcw85cir - ok
22:31:09.0776 3920 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:31:09.0807 3920 HDAudBus - ok
22:31:09.0823 3920 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:31:09.0838 3920 HidBatt - ok
22:31:09.0870 3920 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:31:09.0885 3920 HidBth - ok
22:31:09.0916 3920 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
22:31:09.0932 3920 HidIr - ok
22:31:09.0963 3920 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
22:31:09.0995 3920 hidserv - ok
22:31:10.0041 3920 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:31:10.0057 3920 HidUsb - ok
22:31:10.0088 3920 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:31:10.0120 3920 hkmsvc - ok
22:31:10.0151 3920 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:31:10.0166 3920 HomeGroupListener - ok
22:31:10.0198 3920 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:31:10.0213 3920 HomeGroupProvider - ok
22:31:10.0245 3920 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:31:10.0260 3920 HpSAMD - ok
22:31:10.0307 3920 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:31:10.0338 3920 HTTP - ok
22:31:10.0370 3920 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:31:10.0385 3920 hwpolicy - ok
22:31:10.0416 3920 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:31:10.0432 3920 i8042prt - ok
22:31:10.0463 3920 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:31:10.0495 3920 iaStorV - ok
22:31:10.0541 3920 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:31:10.0573 3920 idsvc - ok
22:31:10.0620 3920 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:31:10.0635 3920 iirsp - ok
22:31:10.0713 3920 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:31:10.0760 3920 IKEEXT - ok
22:31:10.0776 3920 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:31:10.0791 3920 intelide - ok
22:31:10.0838 3920 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
22:31:10.0854 3920 intelppm - ok
22:31:10.0885 3920 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:31:10.0932 3920 IPBusEnum - ok
22:31:10.0948 3920 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:10.0979 3920 IpFilterDriver - ok
22:31:10.0995 3920 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:31:11.0010 3920 IPMIDRV - ok
22:31:11.0041 3920 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:31:11.0073 3920 IPNAT - ok
22:31:11.0120 3920 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:31:11.0151 3920 iPod Service - ok
22:31:11.0182 3920 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:31:11.0198 3920 IRENUM - ok
22:31:11.0229 3920 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:31:11.0245 3920 isapnp - ok
22:31:11.0276 3920 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:31:11.0291 3920 iScsiPrt - ok
22:31:11.0323 3920 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:11.0338 3920 kbdclass - ok
22:31:11.0370 3920 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:11.0385 3920 kbdhid - ok
22:31:11.0416 3920 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:31:11.0432 3920 KeyIso - ok
22:31:11.0463 3920 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:31:11.0479 3920 KSecDD - ok
22:31:11.0495 3920 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:31:11.0510 3920 KSecPkg - ok
22:31:11.0541 3920 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:31:11.0588 3920 KtmRm - ok
22:31:11.0620 3920 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
22:31:11.0651 3920 LanmanServer - ok
22:31:11.0745 3920 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:31:11.0776 3920 LanmanWorkstation - ok
22:31:11.0838 3920 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:31:11.0870 3920 lltdio - ok
22:31:11.0885 3920 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:31:11.0932 3920 lltdsvc - ok
22:31:11.0948 3920 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:31:11.0979 3920 lmhosts - ok
22:31:12.0026 3920 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:31:12.0026 3920 LSI_FC - ok
22:31:12.0073 3920 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:31:12.0088 3920 LSI_SAS - ok
22:31:12.0120 3920 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:31:12.0135 3920 LSI_SAS2 - ok
22:31:12.0151 3920 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:31:12.0166 3920 LSI_SCSI - ok
22:31:12.0182 3920 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:31:12.0229 3920 luafv - ok
22:31:12.0291 3920 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:31:12.0291 3920 MBAMProtector - ok
22:31:12.0370 3920 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:31:12.0401 3920 MBAMService - ok
22:31:12.0432 3920 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:31:12.0448 3920 Mcx2Svc - ok
22:31:12.0479 3920 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
22:31:12.0479 3920 megasas - ok
22:31:12.0526 3920 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:31:12.0541 3920 MegaSR - ok
22:31:12.0588 3920 Microsoft SharePoint Workspace Audit Service - ok
22:31:12.0620 3920 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:31:12.0651 3920 MMCSS - ok
22:31:12.0729 3920 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:31:12.0745 3920 Modem - ok
22:31:12.0776 3920 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:31:12.0791 3920 monitor - ok
22:31:12.0823 3920 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:31:12.0823 3920 mouclass - ok
22:31:12.0854 3920 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:31:12.0854 3920 mouhid - ok
22:31:12.0901 3920 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:31:12.0901 3920 mountmgr - ok
22:31:12.0979 3920 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:31:12.0995 3920 MozillaMaintenance - ok
22:31:13.0010 3920 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:31:13.0026 3920 mpio - ok
22:31:13.0073 3920 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:31:13.0104 3920 mpsdrv - ok
22:31:13.0120 3920 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:31:13.0135 3920 MRxDAV - ok
22:31:13.0182 3920 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:31:13.0198 3920 mrxsmb - ok
22:31:13.0229 3920 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:31:13.0245 3920 mrxsmb10 - ok
22:31:13.0260 3920 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:31:13.0276 3920 mrxsmb20 - ok
22:31:13.0307 3920 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:31:13.0323 3920 msahci - ok
22:31:13.0338 3920 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:31:13.0354 3920 msdsm - ok
22:31:13.0385 3920 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:31:13.0401 3920 MSDTC - ok
22:31:13.0432 3920 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:31:13.0463 3920 Msfs - ok
22:31:13.0495 3920 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:31:13.0526 3920 mshidkmdf - ok
22:31:13.0541 3920 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:31:13.0557 3920 msisadrv - ok
22:31:13.0604 3920 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:31:13.0635 3920 MSiSCSI - ok
22:31:13.0651 3920 msiserver - ok
22:31:13.0713 3920 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:31:13.0745 3920 MSKSSRV - ok
22:31:13.0823 3920 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:31:13.0854 3920 MSPCLOCK - ok
22:31:13.0885 3920 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:31:13.0916 3920 MSPQM - ok
22:31:13.0948 3920 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:31:13.0963 3920 MsRPC - ok
22:31:13.0995 3920 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:31:13.0995 3920 mssmbios - ok
22:31:14.0041 3920 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:31:14.0073 3920 MSTEE - ok
22:31:14.0104 3920 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:31:14.0120 3920 MTConfig - ok
22:31:14.0135 3920 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:31:14.0151 3920 Mup - ok
22:31:14.0198 3920 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:31:14.0229 3920 napagent - ok
22:31:14.0276 3920 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:31:14.0291 3920 NativeWifiP - ok
22:31:14.0338 3920 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:31:14.0354 3920 NDIS - ok
22:31:14.0401 3920 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:31:14.0432 3920 NdisCap - ok
22:31:14.0463 3920 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:31:14.0495 3920 NdisTapi - ok
22:31:14.0526 3920 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:31:14.0541 3920 Ndisuio - ok
22:31:14.0573 3920 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:31:14.0604 3920 NdisWan - ok
22:31:14.0620 3920 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:31:14.0651 3920 NDProxy - ok
22:31:14.0713 3920 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:31:14.0760 3920 NetBIOS - ok
22:31:14.0776 3920 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:31:14.0807 3920 NetBT - ok
22:31:14.0823 3920 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:31:14.0838 3920 Netlogon - ok
22:31:14.0901 3920 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:31:14.0932 3920 Netman - ok
22:31:14.0948 3920 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:31:14.0995 3920 netprofm - ok
22:31:15.0032 3920 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:31:15.0046 3920 NetTcpPortSharing - ok
22:31:15.0100 3920 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:31:15.0116 3920 nfrd960 - ok
22:31:15.0131 3920 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:31:15.0178 3920 NlaSvc - ok
22:31:15.0209 3920 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:31:15.0241 3920 Npfs - ok
22:31:15.0288 3920 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:31:15.0319 3920 nsi - ok
22:31:15.0334 3920 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:31:15.0366 3920 nsiproxy - ok
22:31:15.0444 3920 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:31:15.0475 3920 Ntfs - ok
22:31:15.0506 3920 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:31:15.0538 3920 Null - ok
22:31:15.0569 3920 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:31:15.0584 3920 nvraid - ok
22:31:15.0616 3920 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:31:15.0631 3920 nvstor - ok
22:31:15.0663 3920 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:31:15.0678 3920 nv_agp - ok
22:31:15.0709 3920 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:31:15.0725 3920 ohci1394 - ok
22:31:15.0772 3920 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:31:15.0772 3920 ose - ok
22:31:15.0944 3920 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:31:16.0038 3920 osppsvc - ok
22:31:16.0100 3920 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:31:16.0116 3920 p2pimsvc - ok
22:31:16.0147 3920 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:31:16.0163 3920 p2psvc - ok
22:31:16.0209 3920 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:31:16.0225 3920 Parport - ok
22:31:16.0256 3920 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:31:16.0256 3920 partmgr - ok
22:31:16.0288 3920 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:31:16.0303 3920 Parvdm - ok
22:31:16.0350 3920 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:31:16.0366 3920 PcaSvc - ok
22:31:16.0381 3920 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:31:16.0397 3920 pci - ok
22:31:16.0444 3920 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:31:16.0444 3920 pciide - ok
22:31:16.0475 3920 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:31:16.0491 3920 pcmcia - ok
22:31:16.0506 3920 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:31:16.0522 3920 pcw - ok
22:31:16.0569 3920 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:31:16.0600 3920 PEAUTH - ok
22:31:16.0663 3920 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:31:16.0694 3920 PeerDistSvc - ok
22:31:16.0788 3920 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:31:16.0850 3920 pla - ok
22:31:16.0897 3920 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:31:16.0913 3920 PlugPlay - ok
22:31:16.0944 3920 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:31:16.0959 3920 PNRPAutoReg - ok
22:31:16.0991 3920 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:31:17.0006 3920 PNRPsvc - ok
22:31:17.0038 3920 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:31:17.0084 3920 PolicyAgent - ok
22:31:17.0116 3920 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:31:17.0163 3920 Power - ok
22:31:17.0194 3920 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:31:17.0225 3920 PptpMiniport - ok
22:31:17.0241 3920 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
22:31:17.0256 3920 Processor - ok
22:31:17.0303 3920 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
22:31:17.0319 3920 ProfSvc - ok
22:31:17.0350 3920 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:31:17.0366 3920 ProtectedStorage - ok
22:31:17.0381 3920 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:31:17.0428 3920 Psched - ok
22:31:17.0491 3920 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:31:17.0522 3920 ql2300 - ok
22:31:17.0553 3920 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:31:17.0569 3920 ql40xx - ok
22:31:17.0600 3920 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:31:17.0631 3920 QWAVE - ok
22:31:17.0647 3920 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:31:17.0663 3920 QWAVEdrv - ok
22:31:17.0709 3920 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:31:17.0741 3920 RasAcd - ok
22:31:17.0788 3920 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:31:17.0819 3920 RasAgileVpn - ok
22:31:17.0850 3920 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:31:17.0881 3920 RasAuto - ok
22:31:17.0913 3920 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:31:17.0944 3920 Rasl2tp - ok
22:31:17.0991 3920 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:31:18.0022 3920 RasMan - ok
22:31:18.0038 3920 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:31:18.0069 3920 RasPppoe - ok
22:31:18.0100 3920 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:31:18.0137 3920 RasSstp - ok
22:31:18.0168 3920 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:31:18.0200 3920 rdbss - ok
22:31:18.0231 3920 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:31:18.0247 3920 rdpbus - ok
22:31:18.0262 3920 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:31:18.0293 3920 RDPCDD - ok
22:31:18.0325 3920 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:31:18.0356 3920 RDPDR - ok
22:31:18.0387 3920 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:31:18.0403 3920 RDPENCDD - ok
22:31:18.0434 3920 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:31:18.0465 3920 RDPREFMP - ok
22:31:18.0497 3920 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:31:18.0512 3920 RDPWD - ok
22:31:18.0575 3920 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:31:18.0590 3920 rdyboost - ok
22:31:18.0622 3920 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:31:18.0653 3920 RemoteAccess - ok
22:31:18.0715 3920 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:31:18.0747 3920 RemoteRegistry - ok
22:31:18.0793 3920 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:31:18.0825 3920 RpcEptMapper - ok
22:31:18.0856 3920 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:31:18.0872 3920 RpcLocator - ok
22:31:18.0903 3920 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:31:18.0950 3920 RpcSs - ok
22:31:18.0997 3920 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:31:19.0028 3920 rspndr - ok
22:31:19.0043 3920 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:31:19.0059 3920 s3cap - ok
22:31:19.0075 3920 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:31:19.0090 3920 SamSs - ok
22:31:19.0137 3920 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:31:19.0137 3920 sbp2port - ok
22:31:19.0184 3920 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:31:19.0215 3920 SCardSvr - ok
22:31:19.0247 3920 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:31:19.0262 3920 scfilter - ok
22:31:19.0309 3920 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:31:19.0340 3920 Schedule - ok
22:31:19.0372 3920 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:31:19.0403 3920 SCPolicySvc - ok
22:31:19.0418 3920 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:31:19.0450 3920 SDRSVC - ok
22:31:19.0481 3920 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:31:19.0512 3920 secdrv - ok
22:31:19.0528 3920 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:31:19.0559 3920 seclogon - ok
22:31:19.0606 3920 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
22:31:19.0637 3920 SENS - ok
22:31:19.0700 3920 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:31:19.0715 3920 SensrSvc - ok
22:31:19.0762 3920 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:31:19.0778 3920 Serenum - ok
22:31:19.0793 3920 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:31:19.0809 3920 Serial - ok
22:31:19.0825 3920 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:31:19.0840 3920 sermouse - ok
22:31:19.0903 3920 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:31:19.0934 3920 SessionEnv - ok
22:31:19.0965 3920 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:31:19.0981 3920 sffdisk - ok
22:31:19.0997 3920 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:31:20.0012 3920 sffp_mmc - ok
22:31:20.0043 3920 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:31:20.0059 3920 sffp_sd - ok
22:31:20.0075 3920 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:31:20.0090 3920 sfloppy - ok
22:31:20.0138 3920 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:31:20.0185 3920 ShellHWDetection - ok
22:31:20.0232 3920 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:31:20.0232 3920 SiSRaid2 - ok
22:31:20.0263 3920 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:31:20.0279 3920 SiSRaid4 - ok
22:31:20.0310 3920 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:31:20.0341 3920 Smb - ok
22:31:20.0388 3920 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:31:20.0419 3920 SNMPTRAP - ok
22:31:20.0435 3920 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:31:20.0451 3920 spldr - ok
22:31:20.0498 3920 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
22:31:20.0529 3920 Spooler - ok
22:31:20.0638 3920 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:31:20.0716 3920 sppsvc - ok
22:31:20.0763 3920 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:31:20.0794 3920 sppuinotify - ok
22:31:20.0841 3920 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:31:20.0857 3920 srv - ok
22:31:20.0888 3920 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:31:20.0904 3920 srv2 - ok
22:31:20.0935 3920 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:31:20.0951 3920 srvnet - ok
22:31:20.0982 3920 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:31:21.0013 3920 SSDPSRV - ok
22:31:21.0044 3920 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:31:21.0076 3920 SstpSvc - ok
22:31:21.0107 3920 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:31:21.0123 3920 stexstor - ok
22:31:21.0154 3920 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:31:21.0169 3920 StillCam - ok
22:31:21.0216 3920 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:31:21.0248 3920 StiSvc - ok
22:31:21.0279 3920 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:31:21.0279 3920 storflt - ok
22:31:21.0310 3920 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
22:31:21.0326 3920 StorSvc - ok
22:31:21.0357 3920 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:31:21.0373 3920 storvsc - ok
22:31:21.0404 3920 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:31:21.0419 3920 swenum - ok
22:31:21.0451 3920 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:31:21.0482 3920 swprv - ok
22:31:21.0544 3920 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:31:21.0576 3920 SysMain - ok
22:31:21.0607 3920 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:31:21.0623 3920 TabletInputService - ok
22:31:21.0654 3920 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:31:21.0685 3920 TapiSrv - ok
22:31:21.0732 3920 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:31:21.0763 3920 TBS - ok
22:31:21.0826 3920 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:31:21.0857 3920 Tcpip - ok
22:31:21.0919 3920 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:31:21.0951 3920 TCPIP6 - ok
22:31:21.0998 3920 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:31:22.0029 3920 tcpipreg - ok
22:31:22.0044 3920 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:31:22.0060 3920 TDPIPE - ok
22:31:22.0091 3920 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:31:22.0107 3920 TDTCP - ok
22:31:22.0138 3920 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:31:22.0169 3920 tdx - ok
22:31:22.0201 3920 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:31:22.0216 3920 TermDD - ok
22:31:22.0263 3920 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:31:22.0294 3920 TermService - ok
22:31:22.0310 3920 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:31:22.0341 3920 Themes - ok
22:31:22.0357 3920 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:31:22.0388 3920 THREADORDER - ok
22:31:22.0435 3920 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:31:22.0466 3920 TrkWks - ok
22:31:22.0513 3920 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:31:22.0544 3920 TrustedInstaller - ok
22:31:22.0576 3920 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:31:22.0591 3920 tssecsrv - ok
22:31:22.0623 3920 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:31:22.0638 3920 TsUsbFlt - ok
22:31:22.0669 3920 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:31:22.0685 3920 TsUsbGD - ok
22:31:22.0732 3920 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:31:22.0779 3920 tunnel - ok
22:31:22.0810 3920 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:31:22.0810 3920 uagp35 - ok
22:31:22.0841 3920 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:31:22.0873 3920 udfs - ok
22:31:22.0919 3920 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:31:22.0935 3920 UI0Detect - ok
22:31:22.0966 3920 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:31:22.0982 3920 uliagpkx - ok
22:31:23.0013 3920 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:31:23.0029 3920 umbus - ok
22:31:23.0044 3920 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
22:31:23.0060 3920 UmPass - ok
22:31:23.0091 3920 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
22:31:23.0107 3920 UmRdpService - ok
22:31:23.0138 3920 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:31:23.0185 3920 upnphost - ok
22:31:23.0216 3920 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:31:23.0216 3920 USBAAPL - ok
22:31:23.0263 3920 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:31:23.0279 3920 usbccgp - ok
22:31:23.0310 3920 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:31:23.0326 3920 usbcir - ok
22:31:23.0341 3920 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:31:23.0357 3920 usbehci - ok
22:31:23.0404 3920 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:31:23.0419 3920 usbhub - ok
22:31:23.0451 3920 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:31:23.0451 3920 usbohci - ok
22:31:23.0482 3920 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:31:23.0513 3920 usbprint - ok
22:31:23.0529 3920 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:31:23.0544 3920 USBSTOR - ok
22:31:23.0576 3920 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:31:23.0591 3920 usbuhci - ok
22:31:23.0623 3920 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:31:23.0654 3920 UxSms - ok
22:31:23.0716 3920 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:31:23.0732 3920 VaultSvc - ok
22:31:23.0826 3920 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:31:23.0841 3920 vdrvroot - ok
22:31:23.0888 3920 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:31:23.0919 3920 vds - ok
22:31:23.0966 3920 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:31:23.0982 3920 vga - ok
22:31:24.0013 3920 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:31:24.0044 3920 VgaSave - ok
22:31:24.0060 3920 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:31:24.0076 3920 vhdmp - ok
22:31:24.0123 3920 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:31:24.0138 3920 viaagp - ok
22:31:24.0169 3920 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:31:24.0185 3920 ViaC7 - ok
22:31:24.0201 3920 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:31:24.0216 3920 viaide - ok
22:31:24.0263 3920 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:31:24.0279 3920 vmbus - ok
22:31:24.0294 3920 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:31:24.0310 3920 VMBusHID - ok
22:31:24.0341 3920 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:31:24.0357 3920 volmgr - ok
22:31:24.0388 3920 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:31:24.0404 3920 volmgrx - ok
22:31:24.0419 3920 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:31:24.0435 3920 volsnap - ok
22:31:24.0466 3920 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:31:24.0482 3920 vsmraid - ok
22:31:24.0529 3920 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:31:24.0576 3920 VSS - ok
22:31:24.0607 3920 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:31:24.0623 3920 vwifibus - ok
22:31:24.0669 3920 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:31:24.0716 3920 W32Time - ok
22:31:24.0763 3920 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:31:24.0779 3920 WacomPen - ok
22:31:24.0810 3920 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:31:24.0841 3920 WANARP - ok
22:31:24.0857 3920 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:31:24.0888 3920 Wanarpv6 - ok
22:31:24.0998 3920 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:31:25.0029 3920 wbengine - ok
22:31:25.0060 3920 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:31:25.0076 3920 WbioSrvc - ok
22:31:25.0123 3920 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:31:25.0138 3920 wcncsvc - ok
22:31:25.0169 3920 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:31:25.0169 3920 WcsPlugInService - ok
22:31:25.0201 3920 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
22:31:25.0216 3920 Wd - ok
22:31:25.0248 3920 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:31:25.0279 3920 Wdf01000 - ok
22:31:25.0294 3920 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:31:25.0310 3920 WdiServiceHost - ok
22:31:25.0326 3920 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:31:25.0357 3920 WdiSystemHost - ok
22:31:25.0388 3920 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:31:25.0404 3920 WebClient - ok
22:31:25.0435 3920 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:31:25.0466 3920 Wecsvc - ok
22:31:25.0498 3920 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:31:25.0529 3920 wercplsupport - ok
22:31:25.0560 3920 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:31:25.0591 3920 WerSvc - ok
22:31:25.0623 3920 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:31:25.0654 3920 WfpLwf - ok
22:31:25.0716 3920 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:31:25.0732 3920 WIMMount - ok
22:31:25.0748 3920 WinHttpAutoProxySvc - ok
22:31:25.0810 3920 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:31:25.0841 3920 Winmgmt - ok
22:31:25.0904 3920 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:31:25.0951 3920 WinRM - ok
22:31:26.0013 3920 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:31:26.0029 3920 WinUsb - ok
22:31:26.0076 3920 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:31:26.0107 3920 Wlansvc - ok
22:31:26.0123 3920 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:31:26.0138 3920 WmiAcpi - ok
22:31:26.0185 3920 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:31:26.0201 3920 wmiApSrv - ok
22:31:26.0279 3920 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:31:26.0310 3920 WMPNetworkSvc - ok
22:31:26.0357 3920 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:31:26.0373 3920 WPCSvc - ok
22:31:26.0388 3920 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:31:26.0404 3920 WPDBusEnum - ok
22:31:26.0435 3920 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:31:26.0466 3920 ws2ifsl - ok
22:31:26.0513 3920 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:31:26.0529 3920 WSDPrintDevice - ok
22:31:26.0544 3920 WSearch - ok
22:31:26.0576 3920 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:31:26.0607 3920 WudfPf - ok
22:31:26.0638 3920 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:31:26.0669 3920 WUDFRd - ok
22:31:26.0732 3920 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:31:26.0763 3920 wudfsvc - ok
22:31:26.0794 3920 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:31:26.0826 3920 WwanSvc - ok
22:31:26.0873 3920 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
22:31:26.0888 3920 yukonw7 - ok
22:31:26.0904 3920 ================ Scan global ===============================
22:31:26.0935 3920 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:31:26.0966 3920 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
22:31:26.0982 3920 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
22:31:27.0013 3920 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:31:27.0044 3920 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:31:27.0044 3920 [Global] - ok
22:31:27.0044 3920 ================ Scan MBR ==================================
22:31:27.0060 3920 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
22:31:27.0107 3920 \Device\Harddisk1\DR1 - ok
22:31:27.0123 3920 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:31:27.0357 3920 \Device\Harddisk0\DR0 - ok
22:31:27.0357 3920 ================ Scan VBR ==================================
22:31:27.0373 3920 [ A6707D11D8A72967E3C58E361DF3035B ] \Device\Harddisk1\DR1\Partition1
22:31:27.0373 3920 \Device\Harddisk1\DR1\Partition1 - ok
22:31:27.0373 3920 [ A8F5E6CCD467797C4BF0E25B94FA0AEC ] \Device\Harddisk1\DR1\Partition2
22:31:27.0388 3920 \Device\Harddisk1\DR1\Partition2 - ok
22:31:27.0419 3920 [ 1FA1CAEB20DF487AE6C1A20CC4BF7F93 ] \Device\Harddisk0\DR0\Partition1
22:31:27.0419 3920 \Device\Harddisk0\DR0\Partition1 - ok
22:31:27.0435 3920 [ 1B9210AF6B2E796194C88F5C8B6A5C98 ] \Device\Harddisk0\DR0\Partition2
22:31:27.0435 3920 \Device\Harddisk0\DR0\Partition2 - ok
22:31:27.0451 3920 ============================================================
22:31:27.0451 3920 Scan finished
22:31:27.0451 3920 ============================================================
22:31:27.0466 3320 Detected object count: 0
22:31:27.0466 3320 Actual detected object count: 0
|
|
13.09.2012, 15:21
| #32 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win32/Sirefef.FC Trojaner Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
13.09.2012, 18:43
| #33 |
| | Win32/Sirefef.FC Trojaner Auch das ist erledigt. Nun ist auch schonmal die Windows Firewall wieder aktiv.
__________________Hier das Log: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-09-13.01 - Coco 13.09.2012 19:06:17.1.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2047.1382 [GMT 2:00]
ausgef¸hrt von:: c:\users\Coco\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal Firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Lˆschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-13 bis 2012-09-13 ))))))))))))))))))))))))))))))
.
.
2012-09-12 20:24 . 2012-09-12 20:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-12 13:15 . 2012-09-12 13:15 -------- d-----w- C:\_OTL
2012-08-31 14:11 . 2012-08-31 14:11 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-31 14:11 . 2012-08-31 14:11 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 20:25 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe
2012-08-31 20:14 . 2012-04-01 13:21 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 20:14 . 2011-12-29 12:48 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 00:41 . 2012-07-20 18:27 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F06415C6-B71B-4D51-A22D-FBBB331FD2FF}\mpengine.dll
2012-07-03 11:46 . 2012-08-02 14:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 14:11 . 2011-12-28 23:38 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Coco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Coco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Coco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Coco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Coco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Coco\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 WSDPrintDevice;WSD-Druckunterst¸tzung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:14]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uStart Page = hxxp://www.hiergehtslos.de
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Coco\AppData\Roaming\Mozilla\Firefox\Profiles\504etxy1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
SafeBoot-29327560.sys
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3896)
c:\users\Coco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-13 19:35:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-13 17:35
.
Vor Suchlauf: 7 Verzeichnis(se), 51.576.725.504 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 51.243.446.272 Bytes frei
.
- - End Of File - - F8B33F0A035D87F09116AD991D2BB5FA
|
|
14.09.2012, 12:10
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Sirefef.FC Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.09.2012, 12:22
| #35 |
| | Win32/Sirefef.FC Trojaner Hier alle Logs: GMER: [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-16 12:50:29
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HDS728080PLAT20 rev.PF2OA2AA
Running: ilknhpuc.exe; Driver: C:\Users\Coco\AppData\Local\Temp\kxldqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0x8D41F7F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0x8D41F8B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0x8D41F870]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0x8D41F830]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 828513C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8288AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82891EB8 4 Bytes [F0, F7, 41, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82891FC8 4 Bytes [B0, F8, 41, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 161F 828922D4 4 Bytes [70, F8, 41, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 8289231C 4 Bytes [30, F8, 41, 8D]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9001D000, 0x227A14, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1580] kernel32.dll!SetUnhandledExceptionFilter 7693F4FB 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM: Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-16 13:10:32
-----------------------------
13:10:32.480 OS Version: Windows 6.1.7601 Service Pack 1
13:10:32.480 Number of processors: 1 586 0xF00
13:10:32.480 ComputerName: COCO-PC UserName: Coco
13:10:32.981 Initialize success
13:11:26.883 AVAST engine defs: 12091400
13:12:56.153 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:12:56.153 Disk 0 Vendor: HDS728080PLAT20 PF2OA2AA Size: 78533MB BusType: 3
13:12:56.153 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000060
13:12:56.153 Disk 1 Vendor: SAMSUNG_ VT10 Size: 238475MB BusType: 8
13:12:56.496 Disk 0 MBR read successfully
13:12:56.496 Disk 0 MBR scan
13:12:56.512 Disk 0 Windows 7 default MBR code
13:12:56.543 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:12:56.559 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 78431 MB offset 206848
13:12:56.668 Disk 0 scanning sectors +160833536
13:12:56.715 Disk 0 scanning C:\Windows\system32\drivers
13:13:42.303 Service scanning
13:14:23.778 Modules scanning
13:15:04.246 Disk 0 trace - called modules:
13:15:04.278 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS viaide.sys PCIIDEX.SYS atapi.sys
13:15:04.278 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8581bac8]
13:15:04.293 3 CLASSPNP.SYS[88bd459e] -> nt!IofCallDriver -> [0x848bf958]
13:15:04.293 5 ACPI.sys[886183d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85541610]
13:15:04.309 Scan finished successfully
13:17:22.253 Disk 0 MBR has been saved successfully to "C:\Users\Coco\Desktop\MBR.dat"
13:17:22.253 The log file has been saved successfully to "C:\Users\Coco\Desktop\aswMBR.txt"
|
|
16.09.2012, 18:36
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Sirefef.FC TrojanerCode:
ATTFilter "efavdrv" (efavdrv) - ? - C:\Windows\system32\drivers\efavdrv.sys
__________________ --> Win32/Sirefef.FC Trojaner |
|
16.09.2012, 21:14
| #37 |
| | Win32/Sirefef.FC Trojaner Einen Report nach dem deaktivieren habe ich leider nicht bekommen aber hier das normale Log-File nach Löschung des Eintrags: Code:
ATTFilter OSAM Logfile: |
|
17.09.2012, 11:16
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Sirefef.FC Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 17:25
| #39 |
| | Win32/Sirefef.FC Trojaner Malwarebytes hat leider immernoch etwas gefunden. Glaube aber, dass das nur irgend eine Quarantäne ist. Und bei SUPERAntiSpyware wurde ein Hauf von dubiosen Seiten geloggt. Der Rechner gehört meiner Freundin und ich kann mir beim besten Willen nicht vorstellen, dass sie auf solchen Seiten unterwegs ist, geschweige denn sie weiß, was das für Seiten sind. Wir wurden durch den Trojaner immer auf irgendwelche Seiten geleitet: Können die Einträge daher stammen? Was war es denn jetzt generell für ein Virus/Trojaner? Hat er irgendwas ausgespäht oder so? Naja, siehe selbst. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.17.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Coco :: COCO-PC [Administrator] 17.09.2012 15:22:04 mbam-log-2012-09-17 (16-54-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 262876 Laufzeit: 55 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\TDSSKiller_Quarantine\12.09.2012_22.23.08\zasubsys0000\zafs0000\tsk0000.dta (Trojan.0access) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\09122012_151559\C_Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\09122012_151559\C_Windows\Installer\{b2100a9c-03be-3ad2-b998-e0f85f0d7d62}\U\80000000.@ (Trojan.Small) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/17/2012 at 05:46 PM
Application Version : 5.5.1016
Core Rules Database Version : 9238
Trace Rules Database Version: 7050
Scan type : Complete Scan
Total Scan Time : 00:44:24
Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 662
Memory threats detected : 0
Registry items scanned : 34326
Registry threats detected : 0
File items scanned : 78889
File threats detected : 310
Adware.Tracking Cookie
C:\Users\Coco\AppData\Roaming\Microsoft\Windows\Cookies\FMN3S1QV.txt [ /imrworldwide.com ]
C:\Users\Coco\AppData\Roaming\Microsoft\Windows\Cookies\IAL8CLCU.txt [ /c.atdmt.com ]
C:\Users\Coco\AppData\Roaming\Microsoft\Windows\Cookies\LFDN6433.txt [ /doubleclick.net ]
C:\Users\Coco\AppData\Roaming\Microsoft\Windows\Cookies\VTQ3I0CT.txt [ /atdmt.com ]
C:\Users\Coco\AppData\Roaming\Microsoft\Windows\Cookies\W42P8N8F.txt [ /specificclick.net ]
C:\USERS\COCO\AppData\Roaming\Microsoft\Windows\Cookies\Low\coco@imrworldwide[2].txt [ Cookie:coco@imrworldwide.com/cgi-bin ]
C:\USERS\COCO\AppData\Roaming\Microsoft\Windows\Cookies\Low\coco@ad2.adfarm1.adition[1].txt [ Cookie:coco@ad2.adfarm1.adition.com/ ]
C:\USERS\COCO\AppData\Roaming\Microsoft\Windows\Cookies\Low\coco@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:coco@microsoftinternetexplorer.112.2o7.net/ ]
C:\USERS\COCO\AppData\Roaming\Microsoft\Windows\Cookies\Low\coco@atdmt[1].txt [ Cookie:coco@atdmt.com/ ]
C:\USERS\COCO\AppData\Roaming\Microsoft\Windows\Cookies\Low\coco@specificclick[1].txt [ Cookie:coco@specificclick.net/ ]
C:\USERS\COCO\Cookies\FMN3S1QV.txt [ Cookie:coco@imrworldwide.com/cgi-bin ]
C:\USERS\COCO\Cookies\VTQ3I0CT.txt [ Cookie:coco@atdmt.com/ ]
C:\USERS\COCO\Cookies\W42P8N8F.txt [ Cookie:coco@specificclick.net/ ]
C:\USERS\COCO\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\COCO@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
C:\USERS\COCO\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\COCO@C.ATDMT[2].TXT [ /C.ATDMT ]
C:\USERS\COCO\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\COCO@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
.eyewonder.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
int.sitestat.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
int.sitestat.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.bwincom.122.2o7.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.crackberry.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.crackberry.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.crackberry.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.crackberry.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.crackberry.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.forums.crackberry.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ads.247activemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
adserver.adreactor.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
adserver.tattooscout.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
tracking.hostgator.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.rionordgmbh.122.2o7.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.tns-counter.ru [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.nod32-serialkey.blogspot.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.nod32-serialkey.blogspot.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
s04.flagcounter.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
banner.testberichte.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wnk4ugczico.stats.esomniture.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
e2.emediate.se [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediafire.im [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediafire.im [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
mediafire.im [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
mediafire.im [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
mediafire.im [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
mediafire.im [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
mediafire.im [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
mediafire.im [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
mediafire.im [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
mediafire.im [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.warez-load.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.warez-load.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
warez-load.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.ad.yieldmanager.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.ad.yieldmanager.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.aok.122.2o7.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
www7.addfreestats.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
mediasearchstore.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
mediasearchstore.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
mediasearchstore.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.harrenmedianetwork.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
tradefx.advertserve.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.thomascookag.122.2o7.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
tracking.tchibo.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjlicmczcgp.stats.esomniture.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmmyqhdjado.stats.esomniture.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.warez-home.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.warez-home.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.warez-home.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.warez-home.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.warez-home.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.xm.xtendmedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
adx2.chip.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
delivery.atkmedia.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
adserver.gb5.motorpresse.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediafiremp3.co [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adnetwork.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
stat.easydate.biz [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
stat.ed.cupidplc.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.media.detailsofmylife.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.cunda.122.2o7.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.premiumtv.122.2o7.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.myroitracking.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.stat.4u.pl [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
mediafiremp3.co [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediafiremp3.co [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediafiremp3.co [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediatraffic.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediatraffic.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
server.adform.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
server.adform.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
tracking.mlsat02.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ssl-account.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.unister-adservices.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\COCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\504ETXY1.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Sirefef
C:\_OTL\MOVEDFILES\09122012_151559\C_WINDOWS\INSTALLER\{B2100A9C-03BE-3AD2-B998-E0F85F0D7D62}\U\80000032.@
|
|
18.09.2012, 11:08
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Sirefef.FC Trojaner Sieht ok aus, da wurden nur Cookies gefunden. Das andere ist nur Quarantäne. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.09.2012, 13:06
| #41 |
| | Win32/Sirefef.FC Trojaner OK, danke schonmal. Es war also wohl kein schwerwiegender Trojaner, der irgendwas zerstört, ausspäht etc. Kann ich die gefundenen Quarantäne Einträge denn jetzt von z.B. Malwarebytes löschen lassen oder sollte ich sie unberührt lassen. Die ganzen installierten Programme, die ich zum entfernen/auslesen genutzt habe, kann ich nun auch wieder löschen, oder? Ansonsten läuft der Rechner schonmal wieder rund. Keine Fehler zu erkennen. |
|
19.09.2012, 11:37
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Sirefef.FC Trojaner Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.09.2012, 13:21
| #43 |
| | Win32/Sirefef.FC Trojaner Vielen vielen Dank dafür!! Echt n super Typen   |
|
| Themen zu Win32/Sirefef.FC Trojaner |
| 0x8007042, aufsetzen, eset, eset smart security, externe festplatte, festplatte, firewall, formatieren, frage, hängen, hängt, log-file, löschen, musik, netzwerk, neu aufsetzen, neustart, nicht mehr, programme, rechner, router, security, system32, trojaner, warnung, win, win32/sirefef.ez, win32/sirefef.fc, win7, windows |
Linear-Darstellung
