| |
| |||||||
Log-Analyse und Auswertung: GVU-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.10.2012, 14:54
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  GVU-Trojaner Das war aber kein CustomScan! Bitte meine Anleitung richtig umsetzen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.10.2012, 15:27
| #17 |
 | GVU-Trojaner Ich habe alles so gemacht wie in der Anleitung bis auf den Punkt das nachdem ich QuickScan gedrückt habe kein OK aufgetaucht ist.
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/4/2012 3:55:38 PM - Run 6 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.98 Gb Total Physical Memory | 2.94 Gb Available Physical Memory | 73.85% Memory free 7.96 Gb Paging File | 6.33 Gb Available in Paging File | 79.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 178.00 Gb Total Space | 124.39 Gb Free Space | 69.88% Space Free | Partition Type: NTFS Drive D: | 265.38 Gb Total Space | 259.44 Gb Free Space | 97.76% Space Free | Partition Type: NTFS Computer Name: *** | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Daniell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics) PRC - C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Psi\Psi.exe () PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll () MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll () MOD - C:\Program Files (x86)\Psi\Psi.exe () MOD - C:\Program Files (x86)\Psi\QtCore4.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Psi\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Psi\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Psi\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Psi\Qt3Support4.dll () MOD - C:\Program Files (x86)\Psi\QtSql4.dll () MOD - C:\Program Files (x86)\Psi\QtGui4.dll () MOD - C:\Program Files (x86)\Psi\QtNetwork4.dll () MOD - C:\Program Files (x86)\Psi\QtXml4.dll () MOD - C:\Program Files (x86)\Psi\gstprovider.dll () MOD - C:\Program Files (x86)\Psi\crypto\qca-gnupg2.dll () MOD - C:\Program Files (x86)\Psi\crypto\qca-ossl2.dll () MOD - C:\Program Files (x86)\Psi\qca2.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstjpeg.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstvorbis.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgsttheora.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstogg.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstvolume.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstvideoscale.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstvideorate.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgsttypefindfunctions.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstaudioresample.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstdecodebin.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstffmpegcolorspace.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstaudioconvert.dll () MOD - C:\Program Files (x86)\Psi\libgstvideo-0.10-0.dll () MOD - C:\Program Files (x86)\Psi\libgstrtp-0.10-0.dll () MOD - C:\Program Files (x86)\Psi\libgstriff-0.10-0.dll () MOD - C:\Program Files (x86)\Psi\libgstpbutils-0.10-0.dll () MOD - C:\Program Files (x86)\Psi\libgstnetbuffer-0.10-0.dll () MOD - C:\Program Files (x86)\Psi\libgstaudio-0.10-0.dll () MOD - C:\Program Files (x86)\Psi\libgsttag-0.10-0.dll () MOD - C:\Program Files (x86)\Psi\libgstinterfaces-0.10-0.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstcoreindexers.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstcoreelements.dll () MOD - C:\Program Files (x86)\Psi\libgstcontroller-0.10-0.dll () MOD - C:\Program Files (x86)\Psi\libgstbase-0.10-0.dll () MOD - C:\Program Files (x86)\Psi\libgstreamer-0.10-0.dll () MOD - C:\Program Files (x86)\Psi\libssl32.dll () MOD - C:\Program Files (x86)\Psi\libeay32.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstspeex.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstrtp.dll () MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstlevel.dll () MOD - C:\Program Files (x86)\Psi\libspeexdsp-1.dll () MOD - C:\Program Files (x86)\Psi\libspeex-1.dll () MOD - C:\Program Files (x86)\Psi\libtheoraenc-1.dll () MOD - C:\Program Files (x86)\Psi\libtheoradec-1.dll () MOD - C:\Program Files (x86)\Psi\libvorbisenc-2.dll () MOD - C:\Program Files (x86)\Psi\libvorbis-0.dll () MOD - C:\Program Files (x86)\Psi\libogg-0.dll () MOD - C:\Program Files (x86)\Psi\liboil-0.3-0.dll () MOD - C:\Program Files (x86)\Psi\mingwm10.dll () MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll () MOD - C:\Program Files (x86)\Psi\aspell-15.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2227393773-79019785-216411548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKU\S-1-5-21-2227393773-79019785-216411548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKU\S-1-5-21-2227393773-79019785-216411548-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2227393773-79019785-216411548-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2227393773-79019785-216411548-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/20 19:10:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/04 12:13:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/20 19:10:24 | 000,000,000 | ---D | M] [2011/06/20 19:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniell\AppData\Roaming\mozilla\Extensions [2012/10/04 00:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniell\AppData\Roaming\mozilla\Firefox\Profiles\y1lljxqp.default\extensions [2012/05/03 04:48:00 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Daniell\AppData\Roaming\mozilla\Firefox\Profiles\y1lljxqp.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012/06/21 13:24:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Daniell\AppData\Roaming\mozilla\Firefox\Profiles\y1lljxqp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/10/04 00:38:07 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Daniell\AppData\Roaming\mozilla\Firefox\Profiles\y1lljxqp.default\extensions\ich@maltegoetz.de [2012/07/29 17:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/11/01 22:56:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/10/04 12:13:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/07/14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/04 12:13:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/07/14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/07/14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/07/14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2227393773-79019785-216411548-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk = C:\Program Files (x86)\Psi\Psi.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Daniell\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Daniell\Desktop\PartyPoker.lnk File not found O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.92.86 62.109.123.7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25B14711-7BDC-4EDA-B0F0-0C5106A5C24F}: DhcpNameServer = 213.191.92.86 62.109.123.7 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/10/04 00:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/10/03 19:30:49 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Daniell\Desktop\esetsmartinstaller_enu.exe [2012/10/03 19:09:45 | 000,000,000 | ---D | C] -- C:\Users\Daniell\AppData\Roaming\Malwarebytes [2012/10/03 19:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/10/03 19:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/10/03 19:09:34 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/10/03 19:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/10/03 19:06:57 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Daniell\Desktop\mbam-setup-1.65.0.1400.exe ========== Files - Modified Within 30 Days ========== [2012/10/04 14:46:23 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Daniell\Desktop\OTL.exe [2012/10/04 14:44:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/10/04 13:39:13 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/04 13:39:13 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/04 13:30:01 | 4273,991,680 | -HS- | M] () -- C:\hiberfil.sys [2012/10/04 12:59:22 | 000,513,501 | ---- | M] () -- C:\Users\Daniell\Desktop\adwcleaner.exe [2012/10/03 19:30:50 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Daniell\Desktop\esetsmartinstaller_enu.exe [2012/10/03 19:09:36 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/10/03 19:09:13 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Daniell\Desktop\mbam-setup-1.65.0.1400.exe [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012/10/04 12:59:22 | 000,513,501 | ---- | C] () -- C:\Users\Daniell\Desktop\adwcleaner.exe [2012/10/03 19:09:36 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/08/27 15:21:34 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2011/06/20 18:59:29 | 000,233,464 | ---- | C] () -- C:\windows\hpoins47.dat [2011/06/17 20:27:55 | 000,142,704 | ---- | C] () -- C:\windows\wiainst64.exe [2011/06/17 20:27:08 | 000,484,656 | ---- | C] () -- C:\windows\ssndii.exe [2011/06/17 20:26:48 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe [2011/03/25 00:46:31 | 000,003,143 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011/03/24 11:56:02 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011/03/24 11:14:38 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011/03/24 09:37:40 | 000,001,898 | ---- | C] () -- C:\windows\HotFixList.ini [2011/01/19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi [2011/01/19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe [2011/01/19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2011/01/19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 15:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 14:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/10/04 13:31:53 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Dropbox [2012/06/21 13:25:16 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\DVDVideoSoft [2011/07/11 18:34:14 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\DVDVideoSoftIEHelpers [2012/03/26 01:22:37 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\MAGIX [2011/06/20 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\OpenOffice.org [2011/12/04 22:17:22 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\phonostar GmbH [2011/06/17 20:29:59 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Samsung [2011/12/04 22:34:38 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\streamWriter [2011/06/17 23:10:12 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\WildTangent ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012/04/03 10:38:43 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Adobe [2012/03/26 21:13:28 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Apple Computer [2011/06/17 20:35:43 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\ATI [2012/02/12 01:32:08 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Avira [2012/03/22 01:46:01 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\CyberLink [2012/01/10 15:30:34 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Download Manager [2012/10/04 13:31:53 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Dropbox [2012/06/21 13:25:16 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\DVDVideoSoft [2011/07/11 18:34:14 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\DVDVideoSoftIEHelpers [2011/06/20 20:06:27 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\HP [2012/08/20 11:45:33 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\HpUpdate [2011/06/17 20:35:00 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Identities [2011/06/17 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\InstallShield [2011/06/20 18:54:15 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Macromedia [2012/03/26 01:22:37 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\MAGIX [2012/10/03 19:09:45 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Malwarebytes [2011/03/25 01:07:00 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Media Center Programs [2012/06/13 14:19:46 | 000,000,000 | --SD | M] -- C:\Users\Daniell\AppData\Roaming\Microsoft [2011/06/20 19:38:18 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Mozilla [2011/12/02 23:40:59 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Mozilla-Cache [2011/06/20 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\OpenOffice.org [2011/12/04 22:17:22 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\phonostar GmbH [2011/06/17 20:29:59 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Samsung [2012/06/22 01:05:59 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\Skype [2011/12/04 22:34:38 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\streamWriter [2011/06/17 23:10:12 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\WildTangent [2011/06/21 14:14:28 | 000,000,000 | ---D | M] -- C:\Users\Daniell\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniell\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012/05/24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniell\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012/05/24 20:39:30 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniell\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012/04/03 10:37:36 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Daniell\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 07:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\drivers\iaStorV.sys [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2010/05/12 10:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_c9199d57075f47a9\iaStorV.sys [2010/05/12 10:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2010/05/12 10:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2010/05/12 10:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys [2010/05/12 10:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010/05/12 10:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\drivers\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\FirewallAPI.dll < End of report > |
|
04.10.2012, 15:43
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner Du hast vorher aber vermutlich nicht den Text aus meiner CODE-Box in das OTL-Fenster reinkopiert, nun ist es aber richtig
__________________Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2227393773-79019785-216411548-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk = C:\Program Files (x86)\Psi\Psi.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Daniell\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Daniell\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe File not found
:Files
C:\ProgramData\*.pad
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
04.10.2012, 16:42
| #19 |
| | GVU-Trojaner So hier ist das Log: Code:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2227393773-79019785-216411548-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Eraser deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk moved successfully.
C:\Program Files (x86)\Psi\Psi.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ not found.
========== FILES ==========
C:\ProgramData\ism_0_llatsni.pad moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Daniell\Desktop\cmd.bat deleted successfully.
C:\Users\Daniell\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Daniell
->Temp folder emptied: 14859827 bytes
->Temporary Internet Files folder emptied: 200987423 bytes
->Java cache emptied: 7361539 bytes
->FireFox cache emptied: 1151985694 bytes
->Flash cache emptied: 130110 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1077032 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 39944057 bytes
Total Files Cleaned = 1,351.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.70.2 log created on 10042012_170904
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
04.10.2012, 19:16
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.10.2012, 20:17
| #21 |
| | GVU-Trojaner Danke für die Hilfe! Hier ist das Log: Code:
ATTFilter 21:09:09.0452 4516 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:09:09.0686 4516 ============================================================
21:09:09.0686 4516 Current date / time: 2012/10/04 21:09:09.0686
21:09:09.0686 4516 SystemInfo:
21:09:09.0686 4516
21:09:09.0686 4516 OS Version: 6.1.7601 ServicePack: 1.0
21:09:09.0686 4516 Product type: Workstation
21:09:09.0686 4516 ComputerName: ***
21:09:09.0686 4516 UserName: ***
21:09:09.0686 4516 Windows directory: C:\windows
21:09:09.0686 4516 System windows directory: C:\windows
21:09:09.0686 4516 Running under WOW64
21:09:09.0686 4516 Processor architecture: Intel x64
21:09:09.0686 4516 Number of processors: 2
21:09:09.0686 4516 Page size: 0x1000
21:09:09.0686 4516 Boot type: Normal boot
21:09:09.0686 4516 ============================================================
21:09:10.0669 4516 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:09:10.0669 4516 ============================================================
21:09:10.0669 4516 \Device\Harddisk0\DR0:
21:09:10.0669 4516 MBR partitions:
21:09:10.0669 4516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:09:10.0669 4516 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16400000
21:09:10.0700 4516 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16433000, BlocksNum 0x212C2800
21:09:10.0700 4516 ============================================================
21:09:10.0731 4516 C: <-> \Device\Harddisk0\DR0\Partition2
21:09:10.0762 4516 D: <-> \Device\Harddisk0\DR0\Partition3
21:09:10.0762 4516 ============================================================
21:09:10.0762 4516 Initialize success
21:09:10.0762 4516 ============================================================
21:10:01.0447 3220 ============================================================
21:10:01.0447 3220 Scan started
21:10:01.0447 3220 Mode: Manual;
21:10:01.0447 3220 ============================================================
21:10:02.0289 3220 ================ Scan system memory ========================
21:10:02.0289 3220 System memory - ok
21:10:02.0289 3220 ================ Scan services =============================
21:10:02.0523 3220 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
21:10:02.0539 3220 1394ohci - ok
21:10:02.0586 3220 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
21:10:02.0586 3220 ACPI - ok
21:10:02.0632 3220 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
21:10:02.0632 3220 AcpiPmi - ok
21:10:02.0695 3220 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
21:10:02.0695 3220 adp94xx - ok
21:10:02.0726 3220 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
21:10:02.0726 3220 adpahci - ok
21:10:02.0742 3220 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
21:10:02.0757 3220 adpu320 - ok
21:10:02.0788 3220 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
21:10:02.0788 3220 AeLookupSvc - ok
21:10:02.0835 3220 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\windows\system32\drivers\afd.sys
21:10:02.0835 3220 AFD - ok
21:10:02.0882 3220 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
21:10:02.0898 3220 agp440 - ok
21:10:02.0929 3220 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
21:10:02.0929 3220 ALG - ok
21:10:02.0991 3220 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
21:10:02.0991 3220 aliide - ok
21:10:03.0038 3220 [ 14BD9450992551A5A58580B4BA85DAA1 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
21:10:03.0038 3220 AMD External Events Utility - ok
21:10:03.0085 3220 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
21:10:03.0085 3220 amdide - ok
21:10:03.0116 3220 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
21:10:03.0132 3220 AmdK8 - ok
21:10:03.0350 3220 [ 62B34EE19B5ECDA129FADD10B7D2EA9C ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
21:10:03.0600 3220 amdkmdag - ok
21:10:03.0646 3220 [ 7033CAA5B9550E470C985815382744FF ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
21:10:03.0646 3220 amdkmdap - ok
21:10:03.0678 3220 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
21:10:03.0678 3220 AmdPPM - ok
21:10:03.0740 3220 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\windows\system32\drivers\amdsata.sys
21:10:03.0740 3220 amdsata - ok
21:10:03.0787 3220 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
21:10:03.0787 3220 amdsbs - ok
21:10:03.0818 3220 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\windows\system32\drivers\amdxata.sys
21:10:03.0818 3220 amdxata - ok
21:10:03.0849 3220 [ 80A508D0C7A21BC13C01D4C671541203 ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys
21:10:03.0849 3220 amd_sata - ok
21:10:03.0880 3220 [ 2BE940F3A632A1A301B22B096BF221F1 ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys
21:10:03.0880 3220 amd_xata - ok
21:10:03.0943 3220 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
21:10:03.0943 3220 AppID - ok
21:10:03.0990 3220 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
21:10:03.0990 3220 AppIDSvc - ok
21:10:04.0036 3220 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
21:10:04.0036 3220 Appinfo - ok
21:10:04.0161 3220 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:10:04.0161 3220 Apple Mobile Device - ok
21:10:04.0192 3220 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
21:10:04.0192 3220 arc - ok
21:10:04.0224 3220 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
21:10:04.0224 3220 arcsas - ok
21:10:04.0270 3220 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:10:04.0270 3220 AsyncMac - ok
21:10:04.0302 3220 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
21:10:04.0302 3220 atapi - ok
21:10:04.0380 3220 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\windows\system32\DRIVERS\athrx.sys
21:10:04.0426 3220 athr - ok
21:10:04.0489 3220 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
21:10:04.0489 3220 AtiHDAudioService - ok
21:10:04.0551 3220 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:10:04.0567 3220 AudioEndpointBuilder - ok
21:10:04.0582 3220 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
21:10:04.0598 3220 AudioSrv - ok
21:10:04.0645 3220 avgntflt - ok
21:10:04.0660 3220 avkmgr - ok
21:10:04.0723 3220 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
21:10:04.0723 3220 AxInstSV - ok
21:10:04.0770 3220 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
21:10:04.0770 3220 b06bdrv - ok
21:10:04.0832 3220 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
21:10:04.0832 3220 b57nd60a - ok
21:10:04.0957 3220 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:10:04.0957 3220 BBSvc - ok
21:10:05.0004 3220 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
21:10:05.0004 3220 BDESVC - ok
21:10:05.0050 3220 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
21:10:05.0050 3220 Beep - ok
21:10:05.0128 3220 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
21:10:05.0144 3220 BFE - ok
21:10:05.0191 3220 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
21:10:05.0206 3220 BITS - ok
21:10:05.0253 3220 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
21:10:05.0253 3220 blbdrive - ok
21:10:05.0331 3220 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:10:05.0347 3220 Bonjour Service - ok
21:10:05.0378 3220 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
21:10:05.0394 3220 bowser - ok
21:10:05.0409 3220 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
21:10:05.0409 3220 BrFiltLo - ok
21:10:05.0425 3220 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
21:10:05.0440 3220 BrFiltUp - ok
21:10:05.0487 3220 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
21:10:05.0487 3220 Browser - ok
21:10:05.0503 3220 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
21:10:05.0503 3220 Brserid - ok
21:10:05.0518 3220 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
21:10:05.0518 3220 BrSerWdm - ok
21:10:05.0518 3220 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
21:10:05.0518 3220 BrUsbMdm - ok
21:10:05.0534 3220 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
21:10:05.0534 3220 BrUsbSer - ok
21:10:05.0596 3220 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
21:10:05.0596 3220 BthEnum - ok
21:10:05.0628 3220 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
21:10:05.0628 3220 BTHMODEM - ok
21:10:05.0674 3220 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
21:10:05.0674 3220 BthPan - ok
21:10:05.0721 3220 [ 0D25B6D300BA26A5F2C3B2A8E96B158B ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
21:10:05.0737 3220 BTHPORT - ok
21:10:05.0768 3220 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
21:10:05.0768 3220 bthserv - ok
21:10:05.0830 3220 [ 1F9912F8EC5BFA53432E71E150636A8A ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
21:10:05.0830 3220 BTHUSB - ok
21:10:05.0877 3220 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
21:10:05.0893 3220 cdfs - ok
21:10:05.0940 3220 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
21:10:05.0940 3220 cdrom - ok
21:10:06.0002 3220 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
21:10:06.0002 3220 CertPropSvc - ok
21:10:06.0033 3220 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
21:10:06.0033 3220 circlass - ok
21:10:06.0080 3220 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
21:10:06.0080 3220 CLFS - ok
21:10:06.0158 3220 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:06.0158 3220 clr_optimization_v2.0.50727_32 - ok
21:10:06.0236 3220 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:10:06.0236 3220 clr_optimization_v2.0.50727_64 - ok
21:10:06.0361 3220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:10:06.0361 3220 clr_optimization_v4.0.30319_32 - ok
21:10:06.0408 3220 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:10:06.0423 3220 clr_optimization_v4.0.30319_64 - ok
21:10:06.0470 3220 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
21:10:06.0470 3220 clwvd - ok
21:10:06.0517 3220 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
21:10:06.0517 3220 CmBatt - ok
21:10:06.0548 3220 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
21:10:06.0548 3220 cmdide - ok
21:10:06.0610 3220 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\windows\system32\Drivers\cng.sys
21:10:06.0626 3220 CNG - ok
21:10:06.0657 3220 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
21:10:06.0657 3220 Compbatt - ok
21:10:06.0720 3220 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
21:10:06.0720 3220 CompositeBus - ok
21:10:06.0735 3220 COMSysApp - ok
21:10:06.0766 3220 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
21:10:06.0766 3220 crcdisk - ok
21:10:06.0813 3220 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\windows\system32\cryptsvc.dll
21:10:06.0813 3220 CryptSvc - ok
21:10:06.0876 3220 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
21:10:06.0876 3220 DcomLaunch - ok
21:10:06.0907 3220 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
21:10:06.0922 3220 defragsvc - ok
21:10:06.0954 3220 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
21:10:06.0954 3220 DfsC - ok
21:10:07.0016 3220 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
21:10:07.0016 3220 Dhcp - ok
21:10:07.0047 3220 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
21:10:07.0047 3220 discache - ok
21:10:07.0078 3220 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
21:10:07.0078 3220 Disk - ok
21:10:07.0110 3220 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
21:10:07.0125 3220 Dnscache - ok
21:10:07.0188 3220 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
21:10:07.0188 3220 dot3svc - ok
21:10:07.0219 3220 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
21:10:07.0219 3220 DPS - ok
21:10:07.0266 3220 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:10:07.0266 3220 drmkaud - ok
21:10:07.0312 3220 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
21:10:07.0328 3220 DXGKrnl - ok
21:10:07.0375 3220 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
21:10:07.0375 3220 EapHost - ok
21:10:07.0484 3220 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
21:10:07.0562 3220 ebdrv - ok
21:10:07.0624 3220 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\windows\System32\lsass.exe
21:10:07.0624 3220 EFS - ok
21:10:07.0718 3220 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
21:10:07.0734 3220 ehRecvr - ok
21:10:07.0765 3220 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
21:10:07.0765 3220 ehSched - ok
21:10:07.0812 3220 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
21:10:07.0812 3220 elxstor - ok
21:10:07.0874 3220 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
21:10:07.0874 3220 ErrDev - ok
21:10:07.0936 3220 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
21:10:07.0936 3220 EventSystem - ok
21:10:07.0983 3220 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
21:10:07.0983 3220 exfat - ok
21:10:08.0046 3220 Fabs - ok
21:10:08.0077 3220 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
21:10:08.0092 3220 fastfat - ok
21:10:08.0139 3220 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
21:10:08.0155 3220 Fax - ok
21:10:08.0186 3220 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
21:10:08.0186 3220 fdc - ok
21:10:08.0217 3220 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
21:10:08.0217 3220 fdPHost - ok
21:10:08.0233 3220 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
21:10:08.0233 3220 FDResPub - ok
21:10:08.0280 3220 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
21:10:08.0280 3220 FileInfo - ok
21:10:08.0295 3220 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
21:10:08.0311 3220 Filetrace - ok
21:10:08.0436 3220 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
21:10:08.0560 3220 FirebirdServerMAGIXInstance - ok
21:10:08.0560 3220 Scan interrupted by user!
21:10:08.0560 3220 ================ Scan global ===============================
21:10:08.0560 3220 Scan interrupted by user!
21:10:08.0560 3220 ================ Scan MBR ==================================
21:10:08.0560 3220 Scan interrupted by user!
21:10:08.0560 3220 ================ Scan VBR ==================================
21:10:08.0560 3220 Scan interrupted by user!
21:10:08.0560 3220 ============================================================
21:10:08.0560 3220 Scan finished
21:10:08.0560 3220 ============================================================
21:10:08.0576 0784 Detected object count: 0
21:10:08.0576 0784 Actual detected object count: 0
21:10:24.0909 2428 ============================================================
21:10:24.0909 2428 Scan started
21:10:24.0909 2428 Mode: Manual; SigCheck; TDLFS;
21:10:24.0909 2428 ============================================================
21:10:25.0143 2428 ================ Scan system memory ========================
21:10:25.0143 2428 System memory - ok
21:10:25.0143 2428 ================ Scan services =============================
21:10:25.0362 2428 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
21:10:25.0471 2428 1394ohci - ok
21:10:25.0502 2428 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
21:10:25.0518 2428 ACPI - ok
21:10:25.0564 2428 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
21:10:25.0627 2428 AcpiPmi - ok
21:10:25.0674 2428 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
21:10:25.0705 2428 adp94xx - ok
21:10:25.0720 2428 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
21:10:25.0736 2428 adpahci - ok
21:10:25.0752 2428 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
21:10:25.0767 2428 adpu320 - ok
21:10:25.0814 2428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
21:10:25.0908 2428 AeLookupSvc - ok
21:10:25.0986 2428 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\windows\system32\drivers\afd.sys
21:10:26.0048 2428 AFD - ok
21:10:26.0079 2428 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
21:10:26.0095 2428 agp440 - ok
21:10:26.0126 2428 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
21:10:26.0157 2428 ALG - ok
21:10:26.0188 2428 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
21:10:26.0204 2428 aliide - ok
21:10:26.0235 2428 [ 14BD9450992551A5A58580B4BA85DAA1 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
21:10:26.0282 2428 AMD External Events Utility - ok
21:10:26.0298 2428 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
21:10:26.0313 2428 amdide - ok
21:10:26.0360 2428 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
21:10:26.0391 2428 AmdK8 - ok
21:10:26.0610 2428 [ 62B34EE19B5ECDA129FADD10B7D2EA9C ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
21:10:26.0875 2428 amdkmdag - ok
21:10:26.0922 2428 [ 7033CAA5B9550E470C985815382744FF ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
21:10:26.0937 2428 amdkmdap - ok
21:10:26.0968 2428 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
21:10:27.0000 2428 AmdPPM - ok
21:10:27.0046 2428 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\windows\system32\drivers\amdsata.sys
21:10:27.0062 2428 amdsata - ok
21:10:27.0093 2428 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
21:10:27.0109 2428 amdsbs - ok
21:10:27.0124 2428 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\windows\system32\drivers\amdxata.sys
21:10:27.0140 2428 amdxata - ok
21:10:27.0187 2428 [ 80A508D0C7A21BC13C01D4C671541203 ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys
21:10:27.0218 2428 amd_sata - ok
21:10:27.0234 2428 [ 2BE940F3A632A1A301B22B096BF221F1 ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys
21:10:27.0249 2428 amd_xata - ok
21:10:27.0296 2428 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
21:10:27.0374 2428 AppID - ok
21:10:27.0390 2428 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
21:10:27.0483 2428 AppIDSvc - ok
21:10:27.0514 2428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
21:10:27.0592 2428 Appinfo - ok
21:10:27.0702 2428 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:10:27.0717 2428 Apple Mobile Device - ok
21:10:27.0748 2428 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
21:10:27.0764 2428 arc - ok
21:10:27.0795 2428 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
21:10:27.0811 2428 arcsas - ok
21:10:27.0858 2428 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:10:27.0951 2428 AsyncMac - ok
21:10:27.0998 2428 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
21:10:28.0029 2428 atapi - ok
21:10:28.0092 2428 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\windows\system32\DRIVERS\athrx.sys
21:10:28.0170 2428 athr - ok
21:10:28.0216 2428 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
21:10:28.0232 2428 AtiHDAudioService - ok
21:10:28.0279 2428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:10:28.0372 2428 AudioEndpointBuilder - ok
21:10:28.0388 2428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
21:10:28.0450 2428 AudioSrv - ok
21:10:28.0466 2428 avgntflt - ok
21:10:28.0482 2428 avkmgr - ok
21:10:28.0528 2428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
21:10:28.0606 2428 AxInstSV - ok
21:10:28.0638 2428 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
21:10:28.0684 2428 b06bdrv - ok
21:10:28.0731 2428 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
21:10:28.0794 2428 b57nd60a - ok
21:10:28.0856 2428 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:10:28.0872 2428 BBSvc - ok
21:10:28.0918 2428 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
21:10:28.0950 2428 BDESVC - ok
21:10:28.0981 2428 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
21:10:29.0090 2428 Beep - ok
21:10:29.0137 2428 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
21:10:29.0230 2428 BFE - ok
21:10:29.0293 2428 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
21:10:29.0386 2428 BITS - ok
21:10:29.0418 2428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
21:10:29.0464 2428 blbdrive - ok
21:10:29.0558 2428 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:10:29.0574 2428 Bonjour Service - ok
21:10:29.0605 2428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
21:10:29.0636 2428 bowser - ok
21:10:29.0667 2428 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
21:10:29.0714 2428 BrFiltLo - ok
21:10:29.0745 2428 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
21:10:29.0776 2428 BrFiltUp - ok
21:10:29.0823 2428 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
21:10:29.0917 2428 Browser - ok
21:10:29.0948 2428 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
21:10:29.0995 2428 Brserid - ok
21:10:29.0995 2428 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
21:10:30.0042 2428 BrSerWdm - ok
21:10:30.0042 2428 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
21:10:30.0088 2428 BrUsbMdm - ok
21:10:30.0088 2428 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
21:10:30.0120 2428 BrUsbSer - ok
21:10:30.0166 2428 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
21:10:30.0213 2428 BthEnum - ok
21:10:30.0213 2428 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
21:10:30.0260 2428 BTHMODEM - ok
21:10:30.0291 2428 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
21:10:30.0322 2428 BthPan - ok
21:10:30.0369 2428 [ 0D25B6D300BA26A5F2C3B2A8E96B158B ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
21:10:30.0432 2428 BTHPORT - ok
21:10:30.0463 2428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
21:10:30.0541 2428 bthserv - ok
21:10:30.0572 2428 [ 1F9912F8EC5BFA53432E71E150636A8A ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
21:10:30.0619 2428 BTHUSB - ok
21:10:30.0650 2428 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
21:10:30.0728 2428 cdfs - ok
21:10:30.0759 2428 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
21:10:30.0806 2428 cdrom - ok
21:10:30.0822 2428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
21:10:30.0915 2428 CertPropSvc - ok
21:10:30.0962 2428 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
21:10:30.0993 2428 circlass - ok
21:10:31.0024 2428 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
21:10:31.0056 2428 CLFS - ok
21:10:31.0134 2428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:31.0165 2428 clr_optimization_v2.0.50727_32 - ok
21:10:31.0243 2428 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:10:31.0258 2428 clr_optimization_v2.0.50727_64 - ok
21:10:31.0352 2428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:10:31.0368 2428 clr_optimization_v4.0.30319_32 - ok
21:10:31.0430 2428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:10:31.0446 2428 clr_optimization_v4.0.30319_64 - ok
21:10:31.0477 2428 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
21:10:31.0492 2428 clwvd - ok
21:10:31.0524 2428 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
21:10:31.0570 2428 CmBatt - ok
21:10:31.0586 2428 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
21:10:31.0602 2428 cmdide - ok
21:10:31.0648 2428 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\windows\system32\Drivers\cng.sys
21:10:31.0680 2428 CNG - ok
21:10:31.0695 2428 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
21:10:31.0711 2428 Compbatt - ok
21:10:31.0758 2428 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
21:10:31.0789 2428 CompositeBus - ok
21:10:31.0804 2428 COMSysApp - ok
21:10:31.0836 2428 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
21:10:31.0851 2428 crcdisk - ok
21:10:31.0898 2428 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\windows\system32\cryptsvc.dll
21:10:31.0976 2428 CryptSvc - ok
21:10:32.0023 2428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
21:10:32.0116 2428 DcomLaunch - ok
21:10:32.0148 2428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
21:10:32.0241 2428 defragsvc - ok
21:10:32.0257 2428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
21:10:32.0350 2428 DfsC - ok
21:10:32.0382 2428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
21:10:32.0460 2428 Dhcp - ok
21:10:32.0506 2428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
21:10:32.0600 2428 discache - ok
21:10:32.0631 2428 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
21:10:32.0647 2428 Disk - ok
21:10:32.0725 2428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
21:10:32.0772 2428 Dnscache - ok
21:10:32.0818 2428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
21:10:32.0912 2428 dot3svc - ok
21:10:32.0959 2428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
21:10:33.0052 2428 DPS - ok
21:10:33.0099 2428 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:10:33.0130 2428 drmkaud - ok
21:10:33.0224 2428 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
21:10:33.0271 2428 DXGKrnl - ok
21:10:33.0318 2428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
21:10:33.0396 2428 EapHost - ok
21:10:33.0505 2428 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
21:10:33.0598 2428 ebdrv - ok
21:10:33.0645 2428 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\windows\System32\lsass.exe
21:10:33.0661 2428 EFS - ok
21:10:33.0754 2428 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
21:10:33.0801 2428 ehRecvr - ok
21:10:33.0832 2428 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
21:10:33.0864 2428 ehSched - ok
21:10:33.0910 2428 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
21:10:33.0957 2428 elxstor - ok
21:10:33.0973 2428 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
21:10:34.0020 2428 ErrDev - ok
21:10:34.0066 2428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
21:10:34.0144 2428 EventSystem - ok
21:10:34.0176 2428 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
21:10:34.0254 2428 exfat - ok
21:10:34.0300 2428 Fabs - ok
21:10:34.0332 2428 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
21:10:34.0410 2428 fastfat - ok
21:10:34.0456 2428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
21:10:34.0503 2428 Fax - ok
21:10:34.0519 2428 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
21:10:34.0581 2428 fdc - ok
21:10:34.0612 2428 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
21:10:34.0675 2428 fdPHost - ok
21:10:34.0690 2428 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
21:10:34.0768 2428 FDResPub - ok
21:10:34.0800 2428 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
21:10:34.0831 2428 FileInfo - ok
21:10:34.0862 2428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
21:10:34.0924 2428 Filetrace - ok
21:10:35.0034 2428 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
21:10:35.0112 2428 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
21:10:35.0112 2428 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
21:10:35.0143 2428 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
21:10:35.0174 2428 flpydisk - ok
21:10:35.0205 2428 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
21:10:35.0236 2428 FltMgr - ok
21:10:35.0299 2428 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\windows\system32\FntCache.dll
21:10:35.0439 2428 FontCache - ok
21:10:35.0502 2428 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:10:35.0517 2428 FontCache3.0.0.0 - ok
21:10:35.0564 2428 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
21:10:35.0580 2428 FsDepends - ok
21:10:35.0595 2428 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
21:10:35.0611 2428 Fs_Rec - ok
21:10:35.0673 2428 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
21:10:35.0704 2428 fvevol - ok
21:10:35.0720 2428 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
21:10:35.0751 2428 gagp30kx - ok
21:10:35.0814 2428 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
21:10:35.0860 2428 GameConsoleService - ok
21:10:35.0923 2428 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:10:35.0938 2428 GEARAspiWDM - ok
21:10:35.0985 2428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
21:10:36.0079 2428 gpsvc - ok
21:10:36.0126 2428 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
21:10:36.0157 2428 hcw85cir - ok
21:10:36.0219 2428 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
21:10:36.0266 2428 HdAudAddService - ok
21:10:36.0297 2428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
21:10:36.0344 2428 HDAudBus - ok
21:10:36.0375 2428 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
21:10:36.0422 2428 HidBatt - ok
21:10:36.0422 2428 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
21:10:36.0484 2428 HidBth - ok
21:10:36.0516 2428 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
21:10:36.0547 2428 HidIr - ok
21:10:36.0562 2428 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
21:10:36.0640 2428 hidserv - ok
21:10:36.0703 2428 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
21:10:36.0734 2428 HidUsb - ok
21:10:36.0765 2428 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
21:10:36.0859 2428 hkmsvc - ok
21:10:36.0906 2428 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
21:10:36.0952 2428 HomeGroupListener - ok
21:10:36.0984 2428 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
21:10:37.0046 2428 HomeGroupProvider - ok
21:10:37.0155 2428 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:10:37.0686 2428 hpqcxs08 - ok
21:10:37.0701 2428 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:10:37.0717 2428 hpqddsvc - ok
21:10:37.0764 2428 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
21:10:37.0779 2428 HpSAMD - ok
21:10:37.0857 2428 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:10:37.0888 2428 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:10:37.0888 2428 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:10:37.0951 2428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
21:10:38.0044 2428 HTTP - ok
21:10:38.0107 2428 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
21:10:38.0122 2428 hwpolicy - ok
21:10:38.0185 2428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
21:10:38.0200 2428 i8042prt - ok
21:10:38.0247 2428 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\windows\system32\drivers\iaStorV.sys
21:10:38.0263 2428 iaStorV - ok
21:10:38.0341 2428 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:10:38.0388 2428 idsvc - ok
21:10:38.0575 2428 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
21:10:38.0840 2428 igfx - ok
21:10:38.0902 2428 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
21:10:38.0918 2428 iirsp - ok
21:10:38.0965 2428 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
21:10:39.0058 2428 IKEEXT - ok
21:10:39.0183 2428 [ 650D06E28A43E365A01EC4EE0946FC24 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
21:10:39.0261 2428 IntcAzAudAddService - ok
21:10:39.0308 2428 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
21:10:39.0324 2428 intelide - ok
21:10:39.0370 2428 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
21:10:39.0402 2428 intelppm - ok
21:10:39.0448 2428 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
21:10:39.0526 2428 IPBusEnum - ok
21:10:39.0573 2428 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
21:10:39.0651 2428 IpFilterDriver - ok
21:10:39.0714 2428 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
21:10:39.0807 2428 iphlpsvc - ok
21:10:39.0838 2428 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
21:10:39.0870 2428 IPMIDRV - ok
21:10:39.0901 2428 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
21:10:39.0979 2428 IPNAT - ok
21:10:40.0057 2428 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:10:40.0104 2428 iPod Service - ok
21:10:40.0135 2428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
21:10:40.0182 2428 IRENUM - ok
21:10:40.0228 2428 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
21:10:40.0244 2428 isapnp - ok
21:10:40.0275 2428 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
21:10:40.0306 2428 iScsiPrt - ok
21:10:40.0322 2428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
21:10:40.0338 2428 kbdclass - ok
21:10:40.0400 2428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
21:10:40.0447 2428 kbdhid - ok
21:10:40.0478 2428 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\windows\system32\lsass.exe
21:10:40.0509 2428 KeyIso - ok
21:10:40.0556 2428 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
21:10:40.0572 2428 KSecDD - ok
21:10:40.0603 2428 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
21:10:40.0634 2428 KSecPkg - ok
21:10:40.0681 2428 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
21:10:40.0759 2428 ksthunk - ok
21:10:40.0806 2428 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
21:10:40.0868 2428 KtmRm - ok
21:10:40.0915 2428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
21:10:40.0993 2428 LanmanServer - ok
21:10:41.0040 2428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:10:41.0118 2428 LanmanWorkstation - ok
21:10:41.0164 2428 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
21:10:41.0242 2428 lltdio - ok
21:10:41.0289 2428 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
21:10:41.0367 2428 lltdsvc - ok
21:10:41.0414 2428 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
21:10:41.0476 2428 lmhosts - ok
21:10:41.0523 2428 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
21:10:41.0539 2428 LSI_FC - ok
21:10:41.0554 2428 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
21:10:41.0570 2428 LSI_SAS - ok
21:10:41.0601 2428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
21:10:41.0617 2428 LSI_SAS2 - ok
21:10:41.0632 2428 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
21:10:41.0648 2428 LSI_SCSI - ok
21:10:41.0664 2428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
21:10:41.0742 2428 luafv - ok
21:10:41.0788 2428 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
21:10:41.0866 2428 Mcx2Svc - ok
21:10:41.0898 2428 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
21:10:41.0913 2428 megasas - ok
21:10:41.0960 2428 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
21:10:41.0976 2428 MegaSR - ok
21:10:42.0069 2428 Microsoft SharePoint Workspace Audit Service - ok
21:10:42.0100 2428 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
21:10:42.0210 2428 MMCSS - ok
21:10:42.0225 2428 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
21:10:42.0303 2428 Modem - ok
21:10:42.0334 2428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
21:10:42.0366 2428 monitor - ok
21:10:42.0397 2428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
21:10:42.0412 2428 mouclass - ok
21:10:42.0428 2428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
21:10:42.0475 2428 mouhid - ok
21:10:42.0522 2428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
21:10:42.0537 2428 mountmgr - ok
21:10:42.0615 2428 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:10:42.0646 2428 MozillaMaintenance - ok
21:10:42.0662 2428 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
21:10:42.0678 2428 mpio - ok
21:10:42.0709 2428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
21:10:42.0771 2428 mpsdrv - ok
21:10:42.0849 2428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
21:10:42.0943 2428 MpsSvc - ok
21:10:42.0974 2428 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
21:10:43.0021 2428 MRxDAV - ok
21:10:43.0036 2428 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
21:10:43.0083 2428 mrxsmb - ok
21:10:43.0114 2428 [ 2086D463BD371D8A37D153897430916D ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
21:10:43.0192 2428 mrxsmb10 - ok
21:10:43.0224 2428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
21:10:43.0270 2428 mrxsmb20 - ok
21:10:43.0286 2428 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
21:10:43.0302 2428 msahci - ok
21:10:43.0333 2428 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
21:10:43.0348 2428 msdsm - ok
21:10:43.0380 2428 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
21:10:43.0426 2428 MSDTC - ok
21:10:43.0489 2428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
21:10:43.0551 2428 Msfs - ok
21:10:43.0582 2428 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
21:10:43.0660 2428 mshidkmdf - ok
21:10:43.0692 2428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
21:10:43.0707 2428 msisadrv - ok
21:10:43.0738 2428 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
21:10:43.0816 2428 MSiSCSI - ok
21:10:43.0816 2428 msiserver - ok
21:10:43.0848 2428 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
21:10:43.0910 2428 MSKSSRV - ok
21:10:43.0941 2428 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
21:10:44.0019 2428 MSPCLOCK - ok
21:10:44.0035 2428 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
21:10:44.0113 2428 MSPQM - ok
21:10:44.0144 2428 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
21:10:44.0175 2428 MsRPC - ok
21:10:44.0222 2428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
21:10:44.0238 2428 mssmbios - ok
21:10:44.0269 2428 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
21:10:44.0347 2428 MSTEE - ok
21:10:44.0347 2428 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
21:10:44.0378 2428 MTConfig - ok
21:10:44.0409 2428 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
21:10:44.0425 2428 Mup - ok
21:10:44.0472 2428 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
21:10:44.0550 2428 napagent - ok
21:10:44.0596 2428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
21:10:44.0643 2428 NativeWifiP - ok
21:10:44.0690 2428 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\windows\system32\drivers\ndis.sys
21:10:44.0737 2428 NDIS - ok
21:10:44.0752 2428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
21:10:44.0830 2428 NdisCap - ok
21:10:44.0877 2428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
21:10:44.0955 2428 NdisTapi - ok
21:10:45.0002 2428 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
21:10:45.0080 2428 Ndisuio - ok
21:10:45.0096 2428 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
21:10:45.0189 2428 NdisWan - ok
21:10:45.0220 2428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
21:10:45.0283 2428 NDProxy - ok
21:10:45.0345 2428 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:10:45.0345 2428 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:10:45.0345 2428 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:10:45.0392 2428 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
21:10:45.0470 2428 NetBIOS - ok
21:10:45.0517 2428 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
21:10:45.0595 2428 NetBT - ok
21:10:45.0610 2428 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\windows\system32\lsass.exe
21:10:45.0642 2428 Netlogon - ok
21:10:45.0688 2428 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
21:10:45.0798 2428 Netman - ok
21:10:45.0829 2428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
21:10:45.0922 2428 netprofm - ok
21:10:45.0954 2428 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:10:45.0969 2428 NetTcpPortSharing - ok
21:10:46.0016 2428 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
21:10:46.0032 2428 nfrd960 - ok
21:10:46.0094 2428 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
21:10:46.0188 2428 NlaSvc - ok
21:10:46.0219 2428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
21:10:46.0297 2428 Npfs - ok
21:10:46.0328 2428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
21:10:46.0453 2428 nsi - ok
21:10:46.0468 2428 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
21:10:46.0546 2428 nsiproxy - ok
21:10:46.0640 2428 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\windows\system32\drivers\Ntfs.sys
21:10:46.0734 2428 Ntfs - ok
21:10:46.0780 2428 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
21:10:46.0858 2428 Null - ok
21:10:46.0874 2428 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\windows\system32\drivers\nvraid.sys
21:10:46.0890 2428 nvraid - ok
21:10:46.0936 2428 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\windows\system32\drivers\nvstor.sys
21:10:46.0968 2428 nvstor - ok
21:10:46.0999 2428 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
21:10:47.0014 2428 nv_agp - ok
21:10:47.0046 2428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
21:10:47.0077 2428 ohci1394 - ok
21:10:47.0155 2428 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:10:47.0170 2428 ose - ok
21:10:47.0358 2428 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:10:47.0592 2428 osppsvc - ok
21:10:47.0654 2428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
21:10:47.0701 2428 p2pimsvc - ok
21:10:47.0716 2428 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
21:10:47.0779 2428 p2psvc - ok
21:10:47.0826 2428 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
21:10:47.0857 2428 Parport - ok
21:10:47.0904 2428 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\windows\system32\drivers\partmgr.sys
21:10:47.0935 2428 partmgr - ok
21:10:47.0966 2428 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
21:10:48.0028 2428 PcaSvc - ok
21:10:48.0060 2428 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
21:10:48.0106 2428 pci - ok
21:10:48.0122 2428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
21:10:48.0138 2428 pciide - ok
21:10:48.0169 2428 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
21:10:48.0184 2428 pcmcia - ok
21:10:48.0216 2428 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
21:10:48.0231 2428 pcw - ok
21:10:48.0262 2428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
21:10:48.0356 2428 PEAUTH - ok
21:10:48.0496 2428 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
21:10:48.0543 2428 PerfHost - ok
21:10:48.0621 2428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
21:10:48.0730 2428 pla - ok
21:10:48.0793 2428 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\windows\system32\umpnpmgr.dll
21:10:48.0871 2428 PlugPlay - ok
21:10:48.0949 2428 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:10:48.0980 2428 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:10:48.0980 2428 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:10:49.0027 2428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
21:10:49.0058 2428 PNRPAutoReg - ok
21:10:49.0089 2428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
21:10:49.0120 2428 PNRPsvc - ok
21:10:49.0167 2428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
21:10:49.0245 2428 PolicyAgent - ok
21:10:49.0308 2428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
21:10:49.0386 2428 Power - ok
21:10:49.0417 2428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
21:10:49.0479 2428 PptpMiniport - ok
21:10:49.0526 2428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
21:10:49.0557 2428 Processor - ok
21:10:49.0604 2428 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll
21:10:49.0666 2428 ProfSvc - ok
21:10:49.0698 2428 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\windows\system32\lsass.exe
21:10:49.0713 2428 ProtectedStorage - ok
21:10:49.0760 2428 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
21:10:49.0822 2428 Psched - ok
21:10:49.0885 2428 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
21:10:49.0963 2428 ql2300 - ok
21:10:49.0994 2428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
21:10:50.0010 2428 ql40xx - ok
21:10:50.0056 2428 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
21:10:50.0103 2428 QWAVE - ok
21:10:50.0119 2428 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
21:10:50.0166 2428 QWAVEdrv - ok
21:10:50.0197 2428 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
21:10:50.0259 2428 RasAcd - ok
21:10:50.0290 2428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
21:10:50.0368 2428 RasAgileVpn - ok
21:10:50.0400 2428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
21:10:50.0478 2428 RasAuto - ok
21:10:50.0524 2428 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
21:10:50.0602 2428 Rasl2tp - ok
21:10:50.0649 2428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
21:10:50.0727 2428 RasMan - ok
21:10:50.0758 2428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
21:10:50.0821 2428 RasPppoe - ok
21:10:50.0836 2428 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
21:10:50.0930 2428 RasSstp - ok
21:10:50.0961 2428 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
21:10:51.0039 2428 rdbss - ok
21:10:51.0070 2428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
21:10:51.0117 2428 rdpbus - ok
21:10:51.0148 2428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
21:10:51.0226 2428 RDPCDD - ok
21:10:51.0242 2428 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
21:10:51.0320 2428 RDPENCDD - ok
21:10:51.0398 2428 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
21:10:51.0476 2428 RDPREFMP - ok
21:10:51.0523 2428 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
21:10:51.0601 2428 RDPWD - ok
21:10:51.0648 2428 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
21:10:51.0679 2428 rdyboost - ok
21:10:51.0710 2428 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
21:10:51.0788 2428 RemoteAccess - ok
21:10:51.0835 2428 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
21:10:51.0913 2428 RemoteRegistry - ok
21:10:51.0960 2428 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
21:10:51.0991 2428 RFCOMM - ok
21:10:52.0053 2428 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
21:10:52.0100 2428 RichVideo ( UnsignedFile.Multi.Generic ) - warning
21:10:52.0100 2428 RichVideo - detected UnsignedFile.Multi.Generic (1)
21:10:52.0131 2428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
21:10:52.0225 2428 RpcEptMapper - ok
21:10:52.0256 2428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
21:10:52.0303 2428 RpcLocator - ok
21:10:52.0334 2428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
21:10:52.0412 2428 RpcSs - ok
21:10:52.0459 2428 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
21:10:52.0537 2428 rspndr - ok
21:10:52.0584 2428 [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
21:10:52.0615 2428 RTL8167 - ok
21:10:52.0662 2428 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\windows\SysWOW64\drivers\rtport.sys
21:10:52.0693 2428 rtport - ok
21:10:52.0724 2428 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
21:10:52.0740 2428 SABI - ok
21:10:52.0755 2428 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\windows\system32\lsass.exe
21:10:52.0786 2428 SamSs - ok
21:10:52.0818 2428 [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe
21:10:52.0833 2428 Samsung UPD Service - ok
21:10:52.0880 2428 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
21:10:52.0896 2428 sbp2port - ok
21:10:52.0927 2428 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
21:10:53.0005 2428 SCardSvr - ok
21:10:53.0036 2428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
21:10:53.0114 2428 scfilter - ok
21:10:53.0161 2428 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
21:10:53.0270 2428 Schedule - ok
21:10:53.0301 2428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
21:10:53.0364 2428 SCPolicySvc - ok
21:10:53.0395 2428 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
21:10:53.0442 2428 SDRSVC - ok
21:10:53.0520 2428 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:10:53.0566 2428 SeaPort - ok
21:10:53.0629 2428 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
21:10:53.0707 2428 secdrv - ok
21:10:53.0754 2428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
21:10:53.0832 2428 seclogon - ok
21:10:53.0863 2428 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
21:10:53.0956 2428 SENS - ok
21:10:53.0972 2428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
21:10:54.0034 2428 SensrSvc - ok
21:10:54.0081 2428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
21:10:54.0112 2428 Serenum - ok
21:10:54.0144 2428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
21:10:54.0175 2428 Serial - ok
21:10:54.0237 2428 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
21:10:54.0300 2428 sermouse - ok
21:10:54.0346 2428 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
21:10:54.0424 2428 SessionEnv - ok
21:10:54.0440 2428 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
21:10:54.0471 2428 sffdisk - ok
21:10:54.0487 2428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
21:10:54.0518 2428 sffp_mmc - ok
21:10:54.0549 2428 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
21:10:54.0580 2428 sffp_sd - ok
21:10:54.0612 2428 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
21:10:54.0627 2428 sfloppy - ok
21:10:54.0674 2428 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
21:10:54.0752 2428 SharedAccess - ok
21:10:54.0799 2428 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:10:54.0877 2428 ShellHWDetection - ok
21:10:54.0908 2428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
21:10:54.0924 2428 SiSRaid2 - ok
21:10:54.0955 2428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
21:10:54.0986 2428 SiSRaid4 - ok
21:10:55.0002 2428 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
21:10:55.0080 2428 Smb - ok
21:10:55.0142 2428 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
21:10:55.0189 2428 SNMPTRAP - ok
21:10:55.0204 2428 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
21:10:55.0220 2428 spldr - ok
21:10:55.0267 2428 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
21:10:55.0329 2428 Spooler - ok
21:10:55.0454 2428 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
21:10:55.0672 2428 sppsvc - ok
21:10:55.0704 2428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
21:10:55.0782 2428 sppuinotify - ok
21:10:55.0828 2428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
21:10:55.0875 2428 srv - ok
21:10:55.0922 2428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
21:10:55.0969 2428 srv2 - ok
21:10:56.0016 2428 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
21:10:56.0047 2428 srvnet - ok
21:10:56.0094 2428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
21:10:56.0172 2428 SSDPSRV - ok
21:10:56.0203 2428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
21:10:56.0265 2428 SstpSvc - ok
21:10:56.0312 2428 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
21:10:56.0328 2428 stexstor - ok
21:10:56.0374 2428 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
21:10:56.0390 2428 StillCam - ok
21:10:56.0452 2428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
21:10:56.0515 2428 stisvc - ok
21:10:56.0546 2428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
21:10:56.0562 2428 swenum - ok
21:10:56.0608 2428 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
21:10:56.0702 2428 swprv - ok
21:10:56.0780 2428 [ 14FEB5052837D9277520088DCE549036 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
21:10:56.0827 2428 SynTP - ok
21:10:56.0905 2428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
21:10:57.0014 2428 SysMain - ok
21:10:57.0061 2428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
21:10:57.0108 2428 TabletInputService - ok
21:10:57.0139 2428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
21:10:57.0217 2428 TapiSrv - ok
21:10:57.0232 2428 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
21:10:57.0342 2428 TBS - ok
21:10:57.0420 2428 [ 92CE29D95AC9DD2D0EE9061D551BA250 ] Tcpip C:\windows\system32\drivers\tcpip.sys
21:10:57.0544 2428 Tcpip - ok
21:10:57.0591 2428 [ 92CE29D95AC9DD2D0EE9061D551BA250 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
21:10:57.0654 2428 TCPIP6 - ok
21:10:57.0685 2428 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
21:10:57.0763 2428 tcpipreg - ok
21:10:57.0810 2428 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
21:10:57.0888 2428 TDPIPE - ok
21:10:57.0888 2428 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
21:10:57.0950 2428 TDTCP - ok
21:10:57.0997 2428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
21:10:58.0075 2428 tdx - ok
21:10:58.0106 2428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
21:10:58.0122 2428 TermDD - ok
21:10:58.0153 2428 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
21:10:58.0246 2428 TermService - ok
21:10:58.0293 2428 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
21:10:58.0324 2428 Themes - ok
21:10:58.0340 2428 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
21:10:58.0402 2428 THREADORDER - ok
21:10:58.0449 2428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
21:10:58.0527 2428 TrkWks - ok
21:10:58.0590 2428 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:10:58.0683 2428 TrustedInstaller - ok
21:10:58.0714 2428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
21:10:58.0792 2428 tssecsrv - ok
21:10:58.0855 2428 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
21:10:58.0870 2428 TsUsbFlt - ok
21:10:58.0933 2428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
21:10:59.0011 2428 tunnel - ok
21:10:59.0042 2428 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
21:10:59.0058 2428 uagp35 - ok
21:10:59.0089 2428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
21:10:59.0167 2428 udfs - ok
21:10:59.0214 2428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
21:10:59.0229 2428 UI0Detect - ok
21:10:59.0260 2428 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
21:10:59.0276 2428 uliagpkx - ok
21:10:59.0307 2428 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
21:10:59.0338 2428 umbus - ok
21:10:59.0385 2428 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
21:10:59.0416 2428 UmPass - ok
21:10:59.0448 2428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
21:10:59.0541 2428 upnphost - ok
21:10:59.0572 2428 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
21:10:59.0588 2428 USBAAPL64 - ok
21:10:59.0635 2428 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\windows\system32\drivers\usbccgp.sys
21:10:59.0682 2428 usbccgp - ok
21:10:59.0728 2428 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
21:10:59.0775 2428 usbcir - ok
21:10:59.0791 2428 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\windows\system32\drivers\usbehci.sys
21:10:59.0838 2428 usbehci - ok
21:10:59.0884 2428 [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys
21:10:59.0900 2428 usbfilter - ok
21:10:59.0962 2428 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\windows\system32\drivers\usbhub.sys
21:10:59.0994 2428 usbhub - ok
21:11:00.0025 2428 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\drivers\usbohci.sys
21:11:00.0056 2428 usbohci - ok
21:11:00.0087 2428 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
21:11:00.0118 2428 usbprint - ok
21:11:00.0165 2428 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
21:11:00.0212 2428 USBSTOR - ok
21:11:00.0243 2428 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
21:11:00.0274 2428 usbuhci - ok
21:11:00.0321 2428 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
21:11:00.0368 2428 usbvideo - ok
21:11:00.0415 2428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
21:11:00.0493 2428 UxSms - ok
21:11:00.0524 2428 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\windows\system32\lsass.exe
21:11:00.0555 2428 VaultSvc - ok
21:11:00.0586 2428 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
21:11:00.0602 2428 vdrvroot - ok
21:11:00.0649 2428 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
21:11:00.0742 2428 vds - ok
21:11:00.0774 2428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
21:11:00.0789 2428 vga - ok
21:11:00.0836 2428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
21:11:00.0914 2428 VgaSave - ok
21:11:00.0945 2428 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
21:11:00.0961 2428 vhdmp - ok
21:11:00.0992 2428 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
21:11:01.0008 2428 viaide - ok
21:11:01.0039 2428 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
21:11:01.0054 2428 volmgr - ok
21:11:01.0101 2428 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
21:11:01.0132 2428 volmgrx - ok
21:11:01.0179 2428 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
21:11:01.0210 2428 volsnap - ok
21:11:01.0257 2428 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
21:11:01.0273 2428 vsmraid - ok
21:11:01.0366 2428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
21:11:01.0507 2428 VSS - ok
21:11:01.0554 2428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
21:11:01.0585 2428 vwifibus - ok
21:11:01.0632 2428 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
21:11:01.0678 2428 vwififlt - ok
21:11:01.0710 2428 [ 49003B357D101CDC474937437ECF5ABC ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
21:11:01.0741 2428 vwifimp - ok
21:11:01.0819 2428 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
21:11:01.0912 2428 W32Time - ok
21:11:01.0959 2428 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
21:11:02.0006 2428 WacomPen - ok
21:11:02.0053 2428 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
21:11:02.0115 2428 WANARP - ok
21:11:02.0131 2428 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
21:11:02.0193 2428 Wanarpv6 - ok
21:11:02.0256 2428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
21:11:02.0334 2428 wbengine - ok
21:11:02.0380 2428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
21:11:02.0412 2428 WbioSrvc - ok
21:11:02.0458 2428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
21:11:02.0521 2428 wcncsvc - ok
21:11:02.0536 2428 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:11:02.0583 2428 WcsPlugInService - ok
21:11:02.0614 2428 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
21:11:02.0630 2428 Wd - ok
21:11:02.0677 2428 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
21:11:02.0708 2428 Wdf01000 - ok
21:11:02.0724 2428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
21:11:02.0770 2428 WdiServiceHost - ok
21:11:02.0770 2428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
21:11:02.0802 2428 WdiSystemHost - ok
21:11:02.0848 2428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
21:11:02.0895 2428 WebClient - ok
21:11:02.0942 2428 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
21:11:03.0004 2428 Wecsvc - ok
21:11:03.0020 2428 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
21:11:03.0098 2428 wercplsupport - ok
21:11:03.0145 2428 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
21:11:03.0223 2428 WerSvc - ok
21:11:03.0254 2428 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
21:11:03.0316 2428 WfpLwf - ok
21:11:03.0348 2428 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
21:11:03.0363 2428 WIMMount - ok
21:11:03.0379 2428 WinDefend - ok
21:11:03.0394 2428 WinHttpAutoProxySvc - ok
21:11:03.0472 2428 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
21:11:03.0550 2428 Winmgmt - ok
21:11:03.0628 2428 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
21:11:03.0800 2428 WinRM - ok
21:11:03.0909 2428 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
21:11:03.0940 2428 WinUsb - ok
21:11:04.0003 2428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
21:11:04.0065 2428 Wlansvc - ok
21:11:04.0128 2428 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:11:04.0143 2428 wlcrasvc - ok
21:11:04.0206 2428 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:11:04.0315 2428 wlidsvc - ok
21:11:04.0362 2428 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
21:11:04.0393 2428 WmiAcpi - ok
21:11:04.0440 2428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
21:11:04.0486 2428 wmiApSrv - ok
21:11:04.0533 2428 WMPNetworkSvc - ok
21:11:04.0564 2428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
21:11:04.0580 2428 WPCSvc - ok
21:11:04.0611 2428 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
21:11:04.0642 2428 WPDBusEnum - ok
21:11:04.0658 2428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
21:11:04.0736 2428 ws2ifsl - ok
21:11:04.0767 2428 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
21:11:04.0814 2428 wscsvc - ok
21:11:04.0814 2428 WSearch - ok
21:11:04.0908 2428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
21:11:05.0032 2428 wuauserv - ok
21:11:05.0064 2428 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
21:11:05.0142 2428 WudfPf - ok
21:11:05.0173 2428 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
21:11:05.0251 2428 WUDFRd - ok
21:11:05.0298 2428 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
21:11:05.0360 2428 wudfsvc - ok
21:11:05.0391 2428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
21:11:05.0438 2428 WwanSvc - ok
21:11:05.0485 2428 ================ Scan global ===============================
21:11:05.0516 2428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
21:11:05.0547 2428 [ 15822E7206C7A0A893395CB07A63C7E1 ] C:\windows\system32\winsrv.dll
21:11:05.0563 2428 [ 15822E7206C7A0A893395CB07A63C7E1 ] C:\windows\system32\winsrv.dll
21:11:05.0594 2428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
21:11:05.0625 2428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
21:11:05.0641 2428 [Global] - ok
21:11:05.0641 2428 ================ Scan MBR ==================================
21:11:05.0656 2428 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
21:11:06.0327 2428 \Device\Harddisk0\DR0 - ok
21:11:06.0327 2428 ================ Scan VBR ==================================
21:11:06.0327 2428 [ 3C7BA302954B99EE3E6DB8FB11C8A779 ] \Device\Harddisk0\DR0\Partition1
21:11:06.0343 2428 \Device\Harddisk0\DR0\Partition1 - ok
21:11:06.0374 2428 [ BEAF690F1F8A47C7A59972DFB978595C ] \Device\Harddisk0\DR0\Partition2
21:11:06.0390 2428 \Device\Harddisk0\DR0\Partition2 - ok
21:11:06.0405 2428 [ F06A34080A030918A68A16FEBC70D99C ] \Device\Harddisk0\DR0\Partition3
21:11:06.0405 2428 \Device\Harddisk0\DR0\Partition3 - ok
21:11:06.0405 2428 ============================================================
21:11:06.0405 2428 Scan finished
21:11:06.0405 2428 ============================================================
21:11:06.0436 3312 Detected object count: 5
21:11:06.0436 3312 Actual detected object count: 5
21:13:31.0609 3312 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:31.0609 3312 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:13:31.0609 3312 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:31.0609 3312 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:13:31.0624 3312 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:31.0624 3312 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:13:31.0624 3312 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:31.0624 3312 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:13:31.0624 3312 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:31.0624 3312 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.10.2012, 09:50
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.10.2012, 13:44
| #23 |
| | GVU-Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 12-10-04.02 - Daniell 05.10.2012 14:18:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4076.2731 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-05 bis 2012-10-05 ))))))))))))))))))))))))))))))
.
.
2012-10-05 12:26 . 2012-10-05 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 15:09 . 2012-10-04 15:09 -------- d-----w- C:\_OTL
2012-10-04 10:13 . 2012-10-04 10:13 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-03 22:37 . 2012-10-03 22:37 -------- d-----w- c:\program files (x86)\ESET
2012-10-03 17:09 . 2012-10-03 17:09 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-10-03 17:09 . 2012-10-03 17:09 -------- d-----w- c:\programdata\Malwarebytes
2012-10-03 17:09 . 2012-10-03 17:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-03 17:09 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-13 02:09 . 2012-06-13 12:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-13 02:09 . 2011-06-20 18:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-01-19 11:34 . 2011-01-19 11:34 3003392 ----a-w- c:\program files\openofficeorg33.msi
2011-01-19 11:33 . 2011-01-19 11:33 475016 ----a-w- c:\program files\setup.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Daniell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Daniell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Daniell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-26 336384]
"RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
c:\users\Daniell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniell\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-04 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-27 203776]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-27 9079808]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-27 299520]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-18 115216]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Daniell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Daniell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Daniell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Daniell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-19 11779176]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Daniell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.109.123.197 213.191.74.19
FF - ProfilePath - c:\users\Daniell\AppData\Roaming\Mozilla\Firefox\Profiles\y1lljxqp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}]
@DACL=(02 0000)
"ButtonText"="@c:\\Program Files (x86)\\Windows Live\\Writer\\WindowsLiveWriterShortcuts.dll,-1004"
"HotIcon"="c:\\Program Files (x86)\\Windows Live\\Writer\\WriterBrowserExtension.dll,201"
"Icon"="c:\\Program Files (x86)\\Windows Live\\Writer\\WriterBrowserExtension.dll,201"
"Default Visible"="Yes"
"MenuText"="@c:\\Program Files (x86)\\Windows Live\\Writer\\WindowsLiveWriterShortcuts.dll,-1003"
"CLSID"="{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"
"ClsidExtension"="{5F7B1267-94A9-47F5-98DB-E99415F33AEC}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}]
@DACL=(02 0000)
"KeyPath"="Yes"
"ButtonText"="An OneNote senden"
"MenuText"="An OneNote s&enden"
"ToolTip"="An OneNote senden"
"Default Visible"="Yes"
"HotIcon"="c:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll,103"
"Icon"="c:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll,103"
"CLSID"="{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"
"ClsidExtension"="{48E73304-E1D6-4330-914C-F5F514E3486C}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\Extensions\{328ECD19-C167-40eb-A0C7-16FE7634105E}]
@DACL=(02 0000)
"CLSID"="{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"
"ClsidExtension"="{94BB0C4C-B957-479A-85E4-42F53B89F681}"
"ButtonText"="Samsung AnyWeb Print"
"ToolTip"="Samsung AnyWeb Print"
"Icon"="c:\\Program Files\\Samsung AnyWeb Print\\W2PBrowser.dll,300"
"HotIcon"="c:\\Program Files\\Samsung AnyWeb Print\\W2PBrowser.dll,300"
"ImagesPath"="c:\\Program Files\\Samsung AnyWeb Print\\W2PBrowser.dll"
"Default Visible"="Yes"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}]
@DACL=(02 0000)
"KeyPath"="Yes"
"ButtonText"="Verknüpfte &OneNote-Notizen"
"MenuText"="Verknüpfte &OneNote-Notizen"
"ToolTip"="Verknüpfte OneNote-Notizen"
"Default Visible"="Yes"
"HotIcon"="c:\\PROGRA~2\\MICROS~1\\Office14\\ONBTTN~1.DLL,103"
"Icon"="c:\\PROGRA~2\\MICROS~1\\Office14\\ONBTTN~1.DLL,103"
"CLSID"="{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"
"ClsidExtension"="{FFFDC614-B694-4AE6-AB38-5D6374584B52}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
@DACL=(02 0000)
"Default Visible"="yes"
"ButtonText"="Skype Click to Call"
"CLSID"="{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"
"ClsidExtension"="{898EA8C8-E7FF-479B-8935-AEC46303B9E5}"
"Icon"="c:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\icon.ico"
"HotIcon"="c:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\icon.ico"
"MenuText"="Skype Click to Call"
"MenuStatusBar"="Skype Click to Call"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\Extensions\{DDE87865-83C5-48c4-8357-2F5B1AA84522}]
@DACL=(02 0000)
"Icon"="c:\\Program Files (x86)\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_BHO.dll,202"
"HotIcon"="c:\\Program Files (x86)\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_BHO.dll,201"
"Default Visible"="Yes"
"CLSID"="{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"
"ClsidExtension"="{DDE87865-83C5-48c4-8357-2F5B1AA84522}"
"ButtonText"="HP Smart Web Printing ein- oder ausblenden"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\OldTimer Tools\OTL\Files]
@DACL=(02 0000)
"c:\\Users\\***\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-05 14:30:36
ComboFix-quarantined-files.txt 2012-10-05 12:30
.
Vor Suchlauf: 9 Verzeichnis(se), 130.183.966.720 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 129.830.055.936 Bytes frei
.
- - End Of File - - A1A0CD81B2EB949E89392997FD97879E
|
|
05.10.2012, 14:26
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.10.2012, 17:00
| #25 |
| | GVU-Trojaner GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-05 17:27:54
Windows 6.1.7601 Service Pack 1
Running: hf70dgjg.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde6bb2ec
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde6bb2ec (not active ControlSet)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:35:02 on 05.10.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "rtport" (rtport) - "Windows (R) 2003 DDK 3790 provider" - C:\windows\SysWOW64\drivers\rtport.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll {E99987AC-6311-4686-B095-EB30B69F9258} "Samsung AnyWeb Print" - ? - C:\Program Files\Samsung AnyWeb Print\W2PDeskband.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Hidden registry entry, rootkit activity) {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Hidden registry entry, rootkit activity) {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hidden registry entry, rootkit activity) {94BB0C4C-B957-479A-85E4-42F53B89F681} "Samsung AnyWeb Print" - ? - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll (Hidden registry entry, rootkit activity) {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Hidden registry entry, rootkit activity) {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Hidden registry entry, rootkit activity) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {AA609D72-8482-4076-8991-8CDAE5B93BCB} "W2PBrowser Class" - ? - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Daniell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "OpenOffice.org 3.3.lnk" - ? - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "BCSSync" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices "CLMLServer" - "CyberLink" - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "RemoteControl10" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "spd__ Langmon" - ? - C:\windows\system32\spd__l.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Samsung UPD Service" (Samsung UPD Service) - "Samsung Electronics CO., LTD." - C:\windows\System32\SUPDSvc.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-05 18:20:41
-----------------------------
18:20:41.613 OS Version: Windows x64 6.1.7601 Service Pack 1
18:20:41.613 Number of processors: 2 586 0x100
18:20:41.628 ComputerName: *** UserName: ***
18:20:42.674 Initialize success
18:20:55.091 AVAST engine defs: 12100501
18:21:02.439 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
18:21:02.454 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
18:21:02.501 Disk 0 MBR read successfully
18:21:02.517 Disk 0 MBR scan
18:21:02.517 Disk 0 unknown MBR code
18:21:02.532 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:21:02.564 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 182272 MB offset 206848
18:21:02.579 Disk 0 Partition - 00 0F Extended LBA 271750 MB offset 373499904
18:21:02.610 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 22815 MB offset 930043904
18:21:02.642 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 271749 MB offset 373501952
18:21:02.688 Disk 0 scanning C:\windows\system32\drivers
18:21:18.710 Service scanning
18:22:12.561 Modules scanning
18:22:12.592 Disk 0 trace - called modules:
18:22:12.639 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:22:12.639 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047d9060]
18:22:12.655 3 CLASSPNP.SYS[fffff880019c043f] -> nt!IofCallDriver -> [0xfffffa8004681ac0]
18:22:12.655 5 amd_xata.sys[fffff88001130900] -> nt!IofCallDriver -> \Device\00000066[0xfffffa800467d8c0]
18:22:12.670 Scan finished successfully
18:22:20.423 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:22:20.439 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Geändert von jimmyXXX (05.10.2012 um 17:24 Uhr) |
|
05.10.2012, 18:23
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.10.2012, 18:36
| #27 |
| | GVU-TrojanerCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-05 19:30:13
-----------------------------
19:30:13.289 OS Version: Windows x64 6.1.7601 Service Pack 1
19:30:13.289 Number of processors: 2 586 0x100
19:30:13.289 ComputerName: *** UserName: ***
19:30:16.924 Initialize success
19:30:32.743 AVAST engine defs: 12100501
19:30:42.733 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
19:30:42.749 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
19:30:42.765 Disk 0 MBR read successfully
19:30:42.765 Disk 0 MBR scan
19:30:42.796 Disk 0 Windows 7 default MBR code
19:30:42.811 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:30:42.843 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 182272 MB offset 206848
19:30:42.843 Disk 0 Partition - 00 0F Extended LBA 271750 MB offset 373499904
19:30:42.874 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 22815 MB offset 930043904
19:30:42.936 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 271749 MB offset 373501952
19:30:42.967 Disk 0 scanning C:\windows\system32\drivers
19:31:05.804 Service scanning
19:32:03.443 Modules scanning
19:32:03.459 Disk 0 trace - called modules:
19:32:03.490 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
19:32:03.506 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048db060]
19:32:03.506 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800470aac0]
19:32:03.521 5 amd_xata.sys[fffff880010d0900] -> nt!IofCallDriver -> \Device\00000069[0xfffffa80047068a0]
19:32:03.537 Scan finished successfully
19:32:18.343 Disk 0 MBR has been saved successfully to "C:\Users\Daniell\Desktop\MBR.dat"
19:32:18.359 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBRn.txt"
|
|
06.10.2012, 18:31
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 21:14
| #29 |
| | GVU-TrojanerCode:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.07.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Daniell :: *** [Administrator] 07.10.2012 16:54:04 mbam-log-2012-10-07 (16-54-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 371495 Laufzeit: 52 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/07/2012 at 10:02 PM
Application Version : 5.5.1022
Core Rules Database Version : 9354
Trace Rules Database Version: 7166
Scan type : Complete Scan
Total Scan Time : 01:16:56
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 628
Memory threats detected : 0
Registry items scanned : 73176
Registry threats detected : 0
File items scanned : 50486
File threats detected : 461
Adware.Tracking Cookie
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@ad.zanox[1].txt [ /ad.zanox ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@ad1.adfarm1.adition[1].txt [ /ad1.adfarm1.adition ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@ad2.adfarm1.adition[1].txt [ /ad2.adfarm1.adition ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@adfarm1.adition[1].txt [ /adfarm1.adition ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@adform[2].txt [ /adform ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@apmebf[2].txt [ /apmebf ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@atdmt[1].txt [ /atdmt ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@c.atdmt[2].txt [ /c.atdmt ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@doubleclick[1].txt [ /doubleclick ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@fastclick[1].txt [ /fastclick ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@mediaplex[1].txt [ /mediaplex ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@partypoker[2].txt [ /partypoker ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@serving-sys[2].txt [ /serving-sys ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@track.adform[1].txt [ /track.adform ]
C:\Users\Daniell\AppData\Roaming\Microsoft\Windows\Cookies\daniell@zanox[2].txt [ /zanox ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@exoclick[2].txt [ Cookie:daniell@exoclick.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@de.partypoker[2].txt [ Cookie:daniell@de.partypoker.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@youporn[1].txt [ Cookie:daniell@youporn.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@www.zanox-affiliate[2].txt [ Cookie:daniell@www.zanox-affiliate.de/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@get-a-fuck-tonight[1].txt [ Cookie:daniell@get-a-fuck-tonight.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@www.youporn[1].txt [ Cookie:daniell@www.youporn.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@apmebf[1].txt [ Cookie:daniell@apmebf.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@unitymedia[2].txt [ Cookie:daniell@unitymedia.de/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@ad.dyntracker[1].txt [ Cookie:daniell@ad.dyntracker.de/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@adultfriendfinder[2].txt [ Cookie:daniell@adultfriendfinder.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@rts.pgmediaserve[1].txt [ Cookie:daniell@rts.pgmediaserve.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@webmasterplan[2].txt [ Cookie:daniell@webmasterplan.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@tracking.hostgator[1].txt [ Cookie:daniell@tracking.hostgator.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@ru4[1].txt [ Cookie:daniell@ru4.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@adform[1].txt [ Cookie:daniell@adform.net/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@bs.serving-sys[2].txt [ Cookie:daniell@bs.serving-sys.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@doubleclick[2].txt [ Cookie:daniell@doubleclick.net/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@partypoker[2].txt [ Cookie:daniell@partypoker.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@imrworldwide[2].txt [ Cookie:daniell@imrworldwide.com/cgi-bin ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@zedo[2].txt [ Cookie:daniell@zedo.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@ads2.zeusclicks[1].txt [ Cookie:daniell@ads2.zeusclicks.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@mediaplex[2].txt [ Cookie:daniell@mediaplex.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@adbrite[2].txt [ Cookie:daniell@adbrite.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@ad.zanox[1].txt [ Cookie:daniell@ad.zanox.com/ ]
C:\USERS\DANIELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniell@casalemedia[2].txt [ Cookie:daniell@casalemedia.com/ ]
C:\USERS\DANIELL\Cookies\daniell@apmebf[2].txt [ Cookie:daniell@apmebf.com/ ]
C:\USERS\DANIELL\Cookies\daniell@fastclick[1].txt [ Cookie:daniell@fastclick.net/ ]
C:\USERS\DANIELL\Cookies\daniell@adform[2].txt [ Cookie:daniell@adform.net/ ]
C:\USERS\DANIELL\Cookies\daniell@doubleclick[1].txt [ Cookie:daniell@doubleclick.net/ ]
C:\USERS\DANIELL\Cookies\daniell@partypoker[2].txt [ Cookie:daniell@partypoker.com/ ]
C:\USERS\DANIELL\Cookies\daniell@imrworldwide[2].txt [ Cookie:daniell@imrworldwide.com/cgi-bin ]
C:\USERS\DANIELL\Cookies\daniell@mediaplex[1].txt [ Cookie:daniell@mediaplex.com/ ]
C:\USERS\DANIELL\Cookies\daniell@ad1.adfarm1.adition[1].txt [ Cookie:daniell@ad1.adfarm1.adition.com/ ]
C:\USERS\DANIELL\Cookies\daniell@ad.zanox[1].txt [ Cookie:daniell@ad.zanox.com/ ]
C:\USERS\DANIELL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DANIELL@C.ATDMT[2].TXT [ /C.ATDMT ]
.doubleclick.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
s2.netxmedia.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
s2.netxmedia.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
farm1.netxmedia.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.tto2.traffictrack.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.tns-counter.ru [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
tracker.bmtsystem.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.bwincom.122.2o7.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.de.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.indieclick.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.efeducationfirst.112.2o7.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.ad.doubleclick.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cmp.112.2o7.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.mtvn.112.2o7.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
counter2.sexmoney.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.nextag.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.personallifemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.personallifemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.personallifemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
personallifemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.personallifemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
counters.gigya.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
aimfar.solution.weborama.fr [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.weboramapublishertrackinguk2.solution.weborama.fr [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.weboramapublishertrackinguk2.solution.weborama.fr [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.trafficshopsystems.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
7.rotator.trafficbee.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
7.rotator.trafficbee.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.myroitracking.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
7.rotator.trafficbee.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
rotator.hadj7.adjuggler.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.blogads.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.blogads.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
www.moviepilot.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
www.moviepilot.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.gostats.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.gostats.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.ad-emea.doubleclick.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
tomtailor.dyntracker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
targeting.revenuemax.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
adx2.chip.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.revenuemax.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y1LLJXQP.DEFAULT\COOKIES.SQLITE ]
.partyaccount.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
.partyaccount.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
.partyaccount.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
.partyaccount.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
ad.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
earlyexperience.partyaccount.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
ad.yieldmanager.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
secure.partyaccount.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
secure.partyaccount.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
.zedo.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
cashier.partyaccount.com [ C:\USERS\DANIELL\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
|
|
07.10.2012, 21:17
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU-Trojaner |
| application/pdf:, autorun, avira, bho, bingbar, bonjour, converter, diner dash, document, eraser, error, excel, flash player, format, helper, home, install.exe, installation, logfile, mozilla, mp3, object, plug-in, realtek, registry, rundll, scan, security, server, software, svchost.exe, tracker, windows |
Linear-Darstellung
