Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
iexplorer. exe bis zu 10mal im Tasmanager

iexplorer. exe bis zu 10mal im Tasmanager


Log-Analyse und Auswertung: iexplorer. exe bis zu 10mal im Tasmanager

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.09.2008, 01:32   #1
Pygmalion
 
iexplorer. exe bis zu 10mal im Tasmanager - Standard

iexplorer. exe bis zu 10mal im Tasmanager


Hallo zusammen,

ich hoffe, mir kann jemand helfen. Vorweg, ich bin absoluter Laie! Das Problem: In meinem Taskmanager tauchen zuweilen 10 "iexplore. exe" auf. Dabei benutze ich den Windowsinternetexplorer gar nicht (dazu gehört die doch, oder?). Sämtliche Scans ("Anti-Malwarebytes", "Kasperski", "Spybot") ergaben keine Ergebnisse. Auf das Problem bin ich nur gestoßen, weil mein Internetverkehr über "Firefox" extrem langsam wurde. Nun gestaltet es sich so, dass die "iexplore.exe" nur auftaucht, wenn ich mit "Firefox" im Netz bin; lösche ich sie nicht augenblicklich, dann potenziert sie sich im Minutentakt. Da es hier wohl alle so handhaben, habe ich mal so einen Logfile erstellt - der folgendermaßen aussieht:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:28:46, on 23.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\Internet Explorer\Iexplore.exe
C:\Programme\Internet Explorer\Iexplore.exe
C:\Programme\Internet Explorer\Iexplore.exe
C:\Programme\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Versatel\Versatel.exe
C:\Programme\Internet Explorer\Iexplore.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Internet Explorer\Iexplore.exe
C:\Programme\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Internet Explorer\Iexplore.exe
C:\Programme\Microsoft Office\Office12\WINWORD.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7FE3E1C-A6CD-44AB-94D0-43696B8262DE}: NameServer = 62.220.18.8 89.246.64.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4920 bytes


Mir ist noch aufgefallen - keine Ahnung, ob das wichtig ist -, dass die exe. immer vom System ausgeführt wird, also nicht vom Benutzer. Wenn es sich vermeiden lässt, dann würde ich gerne ein Neuaufsetzen aussparen (hab ich nämlich erst kürzlich), weil das auf meiner Mühle nie so reibungslos funktioniert.

Viele Dank im Voraus,

Pygmalion

Alt 24.09.2008, 11:26   #2
undoreal
/// AVZ-Toolkit Guru
 
iexplorer. exe bis zu 10mal im Tasmanager - Standard

iexplorer. exe bis zu 10mal im Tasmanager


Halli hallo.

Erstelle bitte ein AVZ log:AVZ Anleitung
__________________

__________________
Alt 24.09.2008, 13:02   #3
Pygmalion
 
iexplorer. exe bis zu 10mal im Tasmanager - Standard

iexplorer. exe bis zu 10mal im Tasmanager


Hi,

vielen, vielen Dank dafür, dass du mir helfen willst.
Hier die geforderten Logs:

AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 24.09.2008 13:55:09
Database loaded: signatures - 188307, NN profile(s) - 2, microprograms of healing - 56, signature database released 23.09.2008 23:40
Heuristic microprograms loaded: 370
SPV microprograms loaded: 9
Digital signatures of system files loaded: 73357
Heuristic analyzer mode: Maximum heuristics level
Healing mode: disabled
Windows version: 5.1.2600, Service Pack 3 ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Function kernel32.dll:GetProcAddress (409) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE30->7C884FEC
Function kernel32.dll:LoadLibraryA (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D7B->7C884F9C
Function kernel32.dll:LoadLibraryExA (582) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D53->7C884FB0
Function kernel32.dll:LoadLibraryExW (583) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF5->7C884FD8
Function kernel32.dll:LoadLibraryW (584) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AEDB->7C884FC4
IAT modification detected: LoadLibraryA - 7C884F9C<>7C801D7B
IAT modification detected: GetProcAddress - 7C884FEC<>7C80AE30
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Function user32.dll:RegisterRawInputDevices (546) intercepted, method ProcAddressHijack.GetProcAddress ->7E3BCE0E->7EEA0080
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=083220)
Kernel ntoskrnl.exe found in memory at address 804D7000
SDT = 8055A220
KiST = 804E26A8 (284)
Function NtClose (19) intercepted (805678DD->B2E2A1E0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtConnectPort (1F) intercepted (805879EB->B2E282F0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtCreateKey (29) intercepted (8057065D->B2E1B750), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtCreateProcess (2F) intercepted (805B135A->B2E29F10), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtCreateProcessEx (30) intercepted (8057FC60->B2E2A080), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtCreateSection (32) intercepted (805652B3->B2E2AD00), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtCreateSymbolicLinkObject (34) intercepted (8059F509->B2E2A7B0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtCreateThread (35) intercepted (8058E63F->B2E2B600), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtDeleteKey (3F) intercepted (805952BE->B2E1B860), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtDeleteValueKey (41) intercepted (80592D50->B2E1B8E0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtDuplicateObject (44) intercepted (805715E0->B2E2A380), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtEnumerateKey (47) intercepted (80570D64->B2E1B990), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtEnumerateValueKey (49) intercepted (8059066B->B2E1BA40), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtFlushKey (4F) intercepted (805DC590->B2E1BAF0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtInitializeRegistry (5C) intercepted (805A8064->B2E1BB70), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtLoadDriver (61) intercepted (805A3AF1->B2E27E50), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtLoadKey (62) intercepted (805AED5D->B2E1C590), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtLoadKey2 (63) intercepted (805AEB9A->B2E1BB90), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtNotifyChangeKey (6F) intercepted (8058A68D->B2E1BC70), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtOpenFile (74) intercepted (8056CD5B->F8555030), hook C:\WINDOWS\system32\Drivers\kl1.sys, driver recognized as trusted
Function NtOpenKey (77) intercepted (80568D59->B2E1BD50), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtOpenProcess (7A) intercepted (805717C7->B2E29D00), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtOpenSection (7D) intercepted (80570FD7->B2E2AB20), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtQueryKey (A0) intercepted (80570A6D->B2E1BE30), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtQueryMultipleValueKey (A1) intercepted (8064E320->B2E1BEE0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtQuerySystemInformation (AD) intercepted (8057BC36->B2E2B2B0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtQueryValueKey (B1) intercepted (8056A1F1->B2E1BF90), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtReplaceKey (C1) intercepted (8064F0FA->B2E1C070), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtRequestWaitReplyPort (C8) intercepted (80576CE6->B2E28900), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtRestoreKey (CC) intercepted (8064EC91->B2E1C100), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtResumeThread (CE) intercepted (8058ECB2->B2E2B5B0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtSaveKey (CF) intercepted (8064ED92->B2E1C300), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtSetContextThread (D5) intercepted (8062DCDF->B2E2B940), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtSetInformationFile (E0) intercepted (8057494A->B2E2BF60), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtSetInformationKey (E2) intercepted (8064DE83->B2E1C390), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtSetSecurityObject (ED) intercepted (8059B19B->B2E26A10), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtSetSystemInformation (F0) intercepted (805A7BDD->B2E2A9A0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtSetValueKey (F7) intercepted (80572889->B2E1C430), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtSuspendThread (FE) intercepted (805E045E->B2E2B560), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtSystemDebugControl (FF) intercepted (80649CE3->B2E281B0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtTerminateProcess (101) intercepted (805822E0->B2E2B150), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtUnloadKey (107) intercepted (8064D9FA->B2E1C550), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function NtWriteVirtualMemory (115) intercepted (8057E420->B2E2A240), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function FsRtlCheckLockForReadAccess (80512919) - machine code modification Method of JmpTo. jmp B2E2C380 \??\C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Function IoIsOperationSynchronous (804E875A) - machine code modification Method of JmpTo. jmp B2E2C880 \??\C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
Functions checked: 284, intercepted: 43, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking of IRP handlers
Checking - complete
2. Scanning memory
Number of processes found: 25
Analyzer: process under analysis is 1232 C:\WINDOWS\system32\svchost.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 1440 C:\WINDOWS\system32\svchost.exe
[ES]:Contains network functionality
[ES]:Listens on TCP ports !
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 1600 C:\WINDOWS\System32\svchost.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 1660 C:\WINDOWS\System32\svchost.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
Analyzer: process under analysis is 1828 C:\WINDOWS\System32\svchost.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
Analyzer: process under analysis is 880 C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 1580 C:\WINDOWS\System32\svchost.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
Analyzer: process under analysis is 3548 C:\Programme\Mozilla Firefox\firefox.exe
[ES]:Contains network functionality
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 2852 C:\PROGRA~1\Versatel\Versatel.exe
[ES]:Contains network functionality
[ES]:Trojan.PSW ?
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Number of modules loaded: 378
Scanning memory - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll --> Suspicion for Keylogger or Trojan DLL
C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll>>> Behavioural analysis
Behaviour typical for keyloggers not detected
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Latent loading of libraries through AppInit_DLLs suspected: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Terminaldienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suchdienst)
>> Services: potentially dangerous service allowed: Schedule (Taskplaner)
>> Services: potentially dangerous service allowed: RDSessMgr (Sitzungs-Manager für Remotedesktophilfe)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
Checking - complete
9. Troubleshooting wizard
>> Abnormal REG files association
>> Service termination timeout is out of admissible values
>> HDD autorun are allowed
>> Autorun from network drives are allowed
>> Removable media autorun are allowed
Checking - complete
Files scanned: 403, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 24.09.2008 13:55:48
Time of scanning: 00:00:42
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
System Analysis in progress
System Analysis - complete



Ohhhhhhh, wo ist denn der erste???? Ich habe ihn gespeichert...und nun ist er weg... Mache ihn nochmal. Momentchen.
__________________
Alt 24.09.2008, 13:10   #4
xonic
 
iexplorer. exe bis zu 10mal im Tasmanager - Standard

iexplorer. exe bis zu 10mal im Tasmanager


Bezüglich HiJacktThis Log:
Zitat:
Kennen Sie die IP oder die Domäne '62.220.18.8 89.246.64.8' nicht, fixen.
Mich würde nach wie vor ein TCP View Log interessieren.

Hört sich nach einem Bot/Botnetz an oder Fremdeinfluss durch einen Trojaner.
Haste in letzter Zeit merkwürdige Datein geöffnet die nicht von seriösen Quellen (Webseiten) kamen?

Suche doch mal mit der Windowssuche nach iexplorer.exe und sage in welchen Verzeichnissen die entsprechenden Funde liegen.

Alt 24.09.2008, 13:58   #5
Pygmalion
 
iexplorer. exe bis zu 10mal im Tasmanager - Standard

iexplorer. exe bis zu 10mal im Tasmanager


Hier der Rest:

AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 24.09.2008 14:21:53
Database loaded: signatures - 188307, NN profile(s) - 2, microprograms of healing - 56, signature database released 23.09.2008 23:40
Heuristic microprograms loaded: 370
SPV microprograms loaded: 9
Digital signatures of system files loaded: 73357
Heuristic analyzer mode: Medium heuristics level
Healing mode: enabled
Windows version: 5.1.2600, Service Pack 3 ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Function kernel32.dll:GetProcAddress (409) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE30->7C884FEC
Hook kernel32.dll:GetProcAddress (409) blocked
Function kernel32.dll:LoadLibraryA (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D7B->7C884F9C
Hook kernel32.dll:LoadLibraryA (581) blocked
>>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
Function kernel32.dll:LoadLibraryExA (582) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D53->7C884FB0
Hook kernel32.dll:LoadLibraryExA (582) blocked
>>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
Function kernel32.dll:LoadLibraryExW (583) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF5->7C884FD8
Hook kernel32.dll:LoadLibraryExW (583) blocked
Function kernel32.dll:LoadLibraryW (584) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AEDB->7C884FC4
Hook kernel32.dll:LoadLibraryW (584) blocked
IAT modification detected: LoadLibraryA - 7C884F9C<>7C801D7B
IAT address restored: LoadLibraryA
IAT modification detected: GetProcAddress - 7C884FEC<>7C80AE30
IAT address restored: GetProcAddress
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Function user32.dll:RegisterRawInputDevices (546) intercepted, method ProcAddressHijack.GetProcAddress ->7E3BCE0E->7EEA0080
Hook user32.dll:RegisterRawInputDevices (546) blocked
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=083220)
Kernel ntoskrnl.exe found in memory at address 804D7000
SDT = 8055A220
KiST = 804E26A8 (284)
Function NtClose (19) intercepted (805678DD->B2E2A1E0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtConnectPort (1F) intercepted (805879EB->B2E282F0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateKey (29) intercepted (8057065D->B2E1B750), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateProcess (2F) intercepted (805B135A->B2E29F10), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateProcessEx (30) intercepted (8057FC60->B2E2A080), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateSection (32) intercepted (805652B3->B2E2AD00), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateSymbolicLinkObject (34) intercepted (8059F509->B2E2A7B0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateThread (35) intercepted (8058E63F->B2E2B600), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteKey (3F) intercepted (805952BE->B2E1B860), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteValueKey (41) intercepted (80592D50->B2E1B8E0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDuplicateObject (44) intercepted (805715E0->B2E2A380), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtEnumerateKey (47) intercepted (80570D64->B2E1B990), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtEnumerateValueKey (49) intercepted (8059066B->B2E1BA40), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtFlushKey (4F) intercepted (805DC590->B2E1BAF0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtInitializeRegistry (5C) intercepted (805A8064->B2E1BB70), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadDriver (61) intercepted (805A3AF1->B2E27E50), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadKey (62) intercepted (805AED5D->B2E1C590), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadKey2 (63) intercepted (805AEB9A->B2E1BB90), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtNotifyChangeKey (6F) intercepted (8058A68D->B2E1BC70), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenFile (74) intercepted (8056CD5B->F8555030), hook C:\WINDOWS\system32\Drivers\kl1.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenKey (77) intercepted (80568D59->B2E1BD50), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenProcess (7A) intercepted (805717C7->B2E29D00), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenSection (7D) intercepted (80570FD7->B2E2AB20), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryKey (A0) intercepted (80570A6D->B2E1BE30), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryMultipleValueKey (A1) intercepted (8064E320->B2E1BEE0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtQuerySystemInformation (AD) intercepted (8057BC36->B2E2B2B0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryValueKey (B1) intercepted (8056A1F1->B2E1BF90), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtReplaceKey (C1) intercepted (8064F0FA->B2E1C070), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtRequestWaitReplyPort (C8) intercepted (80576CE6->B2E28900), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtRestoreKey (CC) intercepted (8064EC91->B2E1C100), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtResumeThread (CE) intercepted (8058ECB2->B2E2B5B0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSaveKey (CF) intercepted (8064ED92->B2E1C300), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetContextThread (D5) intercepted (8062DCDF->B2E2B940), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetInformationFile (E0) intercepted (8057494A->B2E2BF60), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetInformationKey (E2) intercepted (8064DE83->B2E1C390), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetSecurityObject (ED) intercepted (8059B19B->B2E26A10), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetSystemInformation (F0) intercepted (805A7BDD->B2E2A9A0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetValueKey (F7) intercepted (80572889->B2E1C430), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSuspendThread (FE) intercepted (805E045E->B2E2B560), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSystemDebugControl (FF) intercepted (80649CE3->B2E281B0), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtTerminateProcess (101) intercepted (805822E0->B2E2B150), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtUnloadKey (107) intercepted (8064D9FA->B2E1C550), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtWriteVirtualMemory (115) intercepted (8057E420->B2E2A240), hook C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function FsRtlCheckLockForReadAccess (80512919) - machine code modification Method of JmpTo. jmp B2E2C380 \??\C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
Function IoIsOperationSynchronous (804E875A) - machine code modification Method of JmpTo. jmp B2E2C880 \??\C:\WINDOWS\system32\drivers\klif.sys, driver recognized as trusted
>>> Function restored successfully !
Functions checked: 284, intercepted: 43, restored: 45
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking of IRP handlers
Checking - complete
2. Scanning memory
Number of processes found: 27
Number of modules loaded: 386
Scanning memory - complete
3. Scanning disks
Direct reading C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\~DFDD2.tmp
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll --> Suspicion for Keylogger or Trojan DLL
C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll>>> Behavioural analysis
Behaviour typical for keyloggers not detected
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Latent loading of libraries through AppInit_DLLs suspected: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Terminaldienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suchdienst)
>> Services: potentially dangerous service allowed: Schedule (Taskplaner)
>> Services: potentially dangerous service allowed: RDSessMgr (Sitzungs-Manager für Remotedesktophilfe)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
Checking - complete
9. Troubleshooting wizard
>> Abnormal REG files association
>> Service termination timeout is out of admissible values
>> HDD autorun are allowed
>> Autorun from network drives are allowed
>> Removable media autorun are allowed
Checking - complete
Files scanned: 65277, extracted from archives: 42003, malicious software found 0, suspicions - 0
Scanning finished at 24.09.2008 14:46:58
!!! Attention !!! Recovered 45 KiST functions during Anti-Rootkit operation
This may affect execution of several programs, so it is strongly recommended to reboot
Time of scanning: 00:25:07
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
Creating archive of files from Quarantine
Creating archive of files from Quarantine - complete
System Analysis in progress
System Analysis - complete



Übrigens: Kaspersky meldet permanent den folgenden Befund:"24.09.2008 14:21:11 Die Anwendung IEXPLORE.EXE wurde verändert"


Alt 24.09.2008, 14:01   #6
xonic
 
iexplorer. exe bis zu 10mal im Tasmanager - Standard

iexplorer. exe bis zu 10mal im Tasmanager


Zitat:
Übrigens: Kaspersky meldet permanent den folgenden Befund:"24.09.2008 14:21:11 Die Anwendung IEXPLORE.EXE wurde verändert"
Auch wenn du das Internet zu Testzwecken ausschaltest?

Alt 24.09.2008, 14:03   #7
Pygmalion
 
iexplorer. exe bis zu 10mal im Tasmanager - Standard

iexplorer. exe bis zu 10mal im Tasmanager


Nee, eigentlich hatte ich nichts auf meinem Rechner, d.h. keine komischen, unseriösen Datein. Bin sowieso vorsichtig geworden, weil ich ständig irgendwie befallen bin, obwohl ich nichts aus dem Netz lade... Arbeite kurz die Punkte ab. Ich glaube bei dem Port handelt es sich um versatel; überprüfe das gleich.

Alt 24.09.2008, 14:04   #8
Pygmalion
 
iexplorer. exe bis zu 10mal im Tasmanager - Standard

iexplorer. exe bis zu 10mal im Tasmanager


Nein, nur wenn ich mit Firerfox im Netz bin.

Alt 24.09.2008, 14:05   #9
xonic
 
iexplorer. exe bis zu 10mal im Tasmanager - Standard

iexplorer. exe bis zu 10mal im Tasmanager


Zitat:
Zitat von Pygmalion Beitrag anzeigen
Nee, eigentlich hatte ich nichts auf meinem Rechner, d.h. keine komischen, unseriösen Datein. Bin sowieso vorsichtig geworden, weil ich ständig irgendwie befallen bin, obwohl ich nichts aus dem Netz lade... Arbeite kurz die Punkte ab. Ich glaube bei dem Port handelt es sich um versatel; überprüfe das gleich.
Ist deine Software up2date?
Sicherheitslücken in veralteter Software >>

Alt 30.09.2008, 17:57   #10
undoreal
/// AVZ-Toolkit Guru
 
iexplorer. exe bis zu 10mal im Tasmanager - Standard

iexplorer. exe bis zu 10mal im Tasmanager


Systemanalyse
  • Deaktiviere die Systemwiederherstellung auf allen Laufwerken. Nachdem die Bereinigung KOMPLETT beendet ist kann sie wieder aktiviert werden.
  • Räume mit cCleaner auf. (Punkt 1 & 2)
  • Deaktiviere den Wächter/On-Access-Modul (Echtzeit-Scanner) deines AntiViren Programmes und schließe alle AntiViren Programme komplett!
  • Downloade AVZ und speichere es in einen eigenen Ordner auf dem Desktop.
  • Entpacke es in diesem Ordner und starte die Anwendung durch einen Doppelklick auf die AVZ.exe.
  • Unter File -> Database Update Start drücken.
  • Unter AVZPM -> Install extended monitoring driver wählen. Der Treiber wird installiert.
  • Während des Scans sollte der Rechner weiterhin Verbindung mit dem Internet haben.
  • Danach unter File -> System Analys, die Option Attach System Analysis log to ZIP anhaken und Start drücken. Wähle als Speicherort den von dir erstellten AVZ-Ordner.
  • Nachdem der Scan beendet ist lade die avz_sysinfo.zip bei Rapidshare hoch und poste den Download-Link.
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -
Alt 01.10.2008, 03:15   #11
Pygmalion
 
iexplorer. exe bis zu 10mal im Tasmanager - Standard

iexplorer. exe bis zu 10mal im Tasmanager


Hi, danke für die ganze Hilfe, aber sie hat sich jetzt wohl erledigt...Nachdem mein Kaspersky mich eine Ewigkeit genervt hat, dass es bald abläuft, wollte ich es nun von der Festplatte schmeißen. Gedacht getan... Rechner platt. Nachdem ich es forschriftsmäßig rausgeworfen habe, vollzog der Rechner einen Neustart, nachdem nichts mehr ging: Fast kein Programm ließ sich öffnen und das Design sah plötzlich wie auf einem Atari aus. Jetzt habe ich Vista drauf und bin total unglücklich: Was ist das denn? Tausend Dinge, die wirklich völlig behämmert sind (siehe zum Beispiel sidebar). Ergebnis: ALLES ist langsamer. Dir aber trotzdem aller, aller besten Dank. Werde mich jetz mal an die Arbeit machen und herausbekommen, was und wie ich alles Überflüssige runterschmeißen kann.

Antwort

Themen zu iexplorer. exe bis zu 10mal im Tasmanager
adobe, bho, browser, exe, explorer, extrem langsam, firefox, google, hijack, hijackthis, hkus\s-1-5-18, iexplore.exe, internet explorer, internet security, kaspersky, keine ahnung, langsam, logfile, mozilla, pdf, pop-up-blocker, problem, programme, security, senden, software, system, taskmanager, urlsearchhook, windows xp, windows xp sp3, xp sp3, yahoo


« Warning! Win32/Adware.Virtumode | 100% CPU Auslastung --> Trojaner / Bot ?! »


Ähnliche Themen: iexplorer. exe bis zu 10mal im Tasmanager


  1. Win 7 64bit compatibilitycheck.exe ist laut Taskmanager 10mal geöffnet/ PC spielt einfach Töne ab
    Plagegeister aller Art und deren Bekämpfung - 18.01.2015 (19)
  2. 2x | Plötzlich mehrere Windows Prozesse und Programme im Tasmanager offen
    Mülltonne - 01.01.2014 (1)
  3. iexplorer.exe
    Log-Analyse und Auswertung - 22.01.2010 (3)
  4. 2-3 mal iexplorer.exe
    Log-Analyse und Auswertung - 16.12.2009 (10)
  5. 2 mal iexplorer.exe
    Log-Analyse und Auswertung - 10.07.2009 (10)
  6. Iexplorer.exe ??
    Log-Analyse und Auswertung - 24.02.2009 (0)
  7. 2-mal Iexplorer.exe?
    Mülltonne - 09.03.2008 (1)
  8. 2 mal iexplorer.exe
    Log-Analyse und Auswertung - 09.12.2007 (22)
  9. ich hab iexplore.exe permanent im tasmanager laufen (lässt sich nicht löschen)
    Mülltonne - 05.10.2007 (6)
  10. 2x iexplorer
    Mülltonne - 16.09.2007 (0)
  11. Iexplorer 2x!
    Plagegeister aller Art und deren Bekämpfung - 30.08.2007 (8)
  12. iexplorer.exe
    Plagegeister aller Art und deren Bekämpfung - 24.07.2007 (6)
  13. iexplorer.exe
    Log-Analyse und Auswertung - 07.04.2007 (3)
  14. 2 x iexplorer?
    Plagegeister aller Art und deren Bekämpfung - 19.03.2007 (1)
  15. IEXPLORER.EXE ???? Was ist das ?
    Log-Analyse und Auswertung - 17.02.2007 (10)
  16. 2 iexplorer
    Log-Analyse und Auswertung - 28.12.2006 (19)
  17. 2x iexplorer.exe !!!
    Plagegeister aller Art und deren Bekämpfung - 07.05.2006 (14)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema iexplorer. exe bis zu 10mal im Tasmanager - Hallo zusammen, ich hoffe, mir kann jemand helfen. Vorweg, ich bin absoluter Laie! Das Problem: In meinem Taskmanager tauchen zuweilen 10 "iexplore. exe" auf. Dabei benutze ich den Windowsinternetexplorer gar - iexplorer. exe bis zu 10mal im Tasmanager...
Archiv
Du betrachtest: iexplorer. exe bis zu 10mal im Tasmanager auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131