| |
| |||||||
Log-Analyse und Auswertung: Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren einWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.11.2010, 07:49
| #16 |
 |  Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Hi, hier alle Logs - GMER hat erst gezickt, aber nach langem warten hat es irgendwann irgendwie funktioniert. GMER: Code:
ATTFilter GMER 1.0.15.15477 - h**p://www.gmer.net
Rootkit scan 2010-11-02 19:33:30
Windows 6.1.7600
Running: 5pr8zszx.exe; Driver: C:\Users\*****\AppData\Local\Temp\kgldiuod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C51599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C75F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 82E83135 5 Bytes JMP 8941DC50
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 82E84B5D 5 Bytes JMP 8941DBB0
PAGE ntkrnlpa.exe!NtRequestPort + 2 82E98DC3 5 Bytes JMP 8941DB10
? System32\Drivers\spzp.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91807000, 0x2FBFB8, 0xE8000020]
.text USBPORT.SYS!DllUnload 915D5CA0 5 Bytes JMP 8706C1D8
.text a20x9xs7.SYS 98E34000 12 Bytes [44, 38, 02, 83, EE, 36, 02, ...] {INC ESP; CMP [EDX], AL; SUB ESI, 0x36; ADD AL, [EBX-0x7cfde860]}
.text a20x9xs7.SYS 98E3400D 9 Bytes [17, 02, 83, 48, 3B, 02, 83, ...] {POP SS; ADD AL, [EBX-0x7cfdc4b8]; ADD [EAX], AL}
.text a20x9xs7.SYS 98E34017 170 Bytes [00, DE, 87, 5A, 83, E6, 85, ...]
.text a20x9xs7.SYS 98E340C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a20x9xs7.SYS 98E340CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text autochk.exe 002211D1 2 Bytes [F1, 19]
.text autochk.exe 002211D4 3 Bytes [94, F1, 19]
.text autochk.exe 002211D8 3 Bytes [AC, 5E, 18]
.text autochk.exe 002211DC 1 Byte [03]
.text autochk.exe 002211E0 3 Bytes [7C, EE, 19]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [834AC042] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [834AC6D6] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [834AC800] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [834AC13E] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
---- Devices - GMER 1.0.15 ----
Device \Device\Ide\IdeDeviceP6T0L0-8 -> \??\IDE#DiskSAMSUNG_HD103SJ_________________________1AJ100E4#5&17b185bc&0&4.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0xA9 0xA8 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6B 0x92 0x83 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0xDE 0x8D 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8E 0xFC 0x29 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0xA9 0xA8 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6B 0x92 0x83 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0xDE 0x8D 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8E 0xFC 0x29 0x02 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Pinnacle\Studio 14\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1328d8d3
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x7C 0x04 0x06 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices@AliveDeviceCount 1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices@FunctionalDMRCount 1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\E4-7C-F9-7A-7F-B6@Alive 0
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers@AliveDeviceCount 1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers@FunctionalDMRCount 1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers\592DE09F-959F-69CD-2F8E-FBB9AF9EB41F@Alive 0
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP45-DS3
Logical Drives Mask: 0x0001debd
Kernel Drivers (total 220):
0x82C38000 \SystemRoot\system32\ntkrnlpa.exe
0x82C01000 \SystemRoot\system32\halmacpi.dll
0x86DC5000 \SystemRoot\system32\kdcom.dll
0x83224000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8329C000 \SystemRoot\system32\PSHED.dll
0x832AD000 \SystemRoot\system32\BOOTVID.dll
0x832B5000 \SystemRoot\system32\CLFS.SYS
0x832F7000 \SystemRoot\system32\CI.dll
0x83412000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83483000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83491000 \SystemRoot\System32\Drivers\spag.sys
0x83584000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8358D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x835B3000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83400000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x833A2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x833AD000 \SystemRoot\system32\DRIVERS\pci.sys
0x833D7000 \SystemRoot\System32\drivers\partmgr.sys
0x833E8000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x83638000 \SystemRoot\System32\drivers\volmgrx.sys
0x83683000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8368A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x83698000 \SystemRoot\System32\drivers\mountmgr.sys
0x836AE000 \SystemRoot\system32\DRIVERS\atapi.sys
0x836B7000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x836DA000 \SystemRoot\system32\DRIVERS\msahci.sys
0x836E4000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x836ED000 \SystemRoot\system32\drivers\fltmgr.sys
0x83721000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BE3B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF6A000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BF95000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83732000 \SystemRoot\System32\Drivers\cng.sys
0x8BFA8000 \SystemRoot\System32\drivers\pcw.sys
0x8BFB6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C018000 \SystemRoot\system32\drivers\ndis.sys
0x8C0CF000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C10D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C20B000 \SystemRoot\System32\drivers\tcpip.sys
0x8C354000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C385000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C38E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C3CD000 \SystemRoot\System32\Drivers\spldr.sys
0x8C132000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C3D5000 \SystemRoot\System32\Drivers\mup.sys
0x8C3E5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C15F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C3ED000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C191000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C1DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BFBF000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8C000000 \SystemRoot\System32\Drivers\Null.SYS
0x8C007000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BFE2000 \SystemRoot\System32\drivers\vga.sys
0x8BE00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BE21000 \SystemRoot\System32\drivers\watchdog.sys
0x8C00E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BE2E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BFEE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8378F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8379A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x837A8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x837BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90E1A000 \SystemRoot\system32\drivers\afd.sys
0x90E74000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90EA6000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x90EAF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90EB6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90ED5000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x90EE5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90EF3000 \SystemRoot\system32\DRIVERS\serial.sys
0x90F0D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90F20000 \SystemRoot\system32\drivers\vpcvmm.sys
0x90F67000 \SystemRoot\System32\drivers\truecrypt.sys
0x90F9C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90FAC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90FED000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90E00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90E0A000 \SystemRoot\System32\drivers\discache.sys
0x91608000 \SystemRoot\system32\drivers\csc.sys
0x9166C000 \SystemRoot\System32\Drivers\dfsc.sys
0x91684000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x91692000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x916B3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x916C5000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9A020000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x916F5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9A5BA000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9A000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9A5F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x917AC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x837CA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91C19000 \SystemRoot\system32\drivers\HCW85BDA.sys
0x91D6E000 \SystemRoot\system32\drivers\BdaSup.SYS
0x91D71000 \SystemRoot\system32\drivers\ks.sys
0x91DA5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x91DAB000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x91DD0000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91C00000 \SystemRoot\system32\DRIVERS\fdc.sys
0x91C0B000 \SystemRoot\system32\DRIVERS\serenum.sys
0x837D9000 \SystemRoot\system32\DRIVERS\parport.sys
0x83600000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91C15000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0x83618000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x95409000 \SystemRoot\System32\Drivers\aoczllez.SYS
0x95442000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9544F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x95461000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x95479000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x95484000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x954A6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x954BE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x954D5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x954EC000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x954F6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x95503000 \SystemRoot\system32\DRIVERS\swenum.sys
0x95505000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0x95533000 \SystemRoot\system32\DRIVERS\umbus.sys
0x95541000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x95559000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x95566000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95568000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x9559E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x955E2000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x955EC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x83200000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x81E1D000 \SystemRoot\system32\drivers\portcls.sys
0x81E4C000 \SystemRoot\system32\drivers\drmk.sys
0x81E65000 \SystemRoot\system32\drivers\HdAudio.sys
0x824A0000 \SystemRoot\System32\win32k.sys
0x81EB5000 \SystemRoot\System32\drivers\Dxapi.sys
0x81EBF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x81ECC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x81ED7000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x81EE1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x81EF2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x81F09000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x81F0F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x81F1A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x81F2D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x81F34000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x81F3C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x81F47000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x81F4F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9A604000 \SystemRoot\system32\DRIVERS\snpstd3.sys
0x9AFE8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x81F66000 \SystemRoot\system32\DRIVERS\hxctlflt.sys
0x81F7F000 \SystemRoot\system32\drivers\usbaudio.sys
0x81F93000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82700000 \SystemRoot\System32\TSDDD.dll
0x82730000 \SystemRoot\System32\ATMFD.DLL
0x82780000 \SystemRoot\System32\cdd.dll
0x81F9E000 \SystemRoot\system32\drivers\luafv.sys
0x81FB9000 \SystemRoot\system32\drivers\WudfPf.sys
0x9AFF6000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x9AFFC000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x81FD3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81FE3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9F427000 \SystemRoot\system32\drivers\HTTP.sys
0x9F4AC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9F4C5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9F4D7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F4FA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F535000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F550000 \??\C:\Windows\system32\drivers\hcmon.sys
0x9F55A000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9F561000 \??\C:\Windows\system32\Drivers\vmci.sys
0x9F56D000 \??\C:\Windows\system32\Drivers\VMparport.sys
0xA2A0C000 \??\C:\Windows\system32\Drivers\vmx86.sys
0xA2ADC000 \SystemRoot\system32\drivers\peauth.sys
0xA2B73000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2B7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA2B9E000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
0xA2BBE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2BCB000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0xA2BD0000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9F56F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9FC30000 \SystemRoot\System32\DRIVERS\srv.sys
0x9FCE4000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9FD99000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77450000 \Windows\System32\ntdll.dll
0x48020000 \Windows\System32\smss.exe
0x77690000 \Windows\System32\apisetschema.dll
0x00E00000 \Windows\System32\autochk.exe
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77630000 \Windows\System32\Wldap32.dll
0x77620000 \Windows\System32\lpk.dll
0x77380000 \Windows\System32\user32.dll
0x77610000 \Windows\System32\normaliz.dll
0x77180000 \Windows\System32\iertutil.dll
0x77080000 \Windows\System32\wininet.dll
0x76FE0000 \Windows\System32\advapi32.dll
0x77600000 \Windows\System32\psapi.dll
0x775C0000 \Windows\System32\ws2_32.dll
0x76F80000 \Windows\System32\shlwapi.dll
0x76EF0000 \Windows\System32\oleaut32.dll
0x76E90000 \Windows\System32\difxapi.dll
0x76240000 \Windows\System32\shell32.dll
0x761C0000 \Windows\System32\comdlg32.dll
0x760E0000 \Windows\System32\kernel32.dll
0x77590000 \Windows\System32\imagehlp.dll
0x76040000 \Windows\System32\usp10.dll
0x76020000 \Windows\System32\imm32.dll
0x75E80000 \Windows\System32\setupapi.dll
0x75DF0000 \Windows\System32\clbcatq.dll
0x75D20000 \Windows\System32\msctf.dll
0x75D00000 \Windows\System32\sechost.dll
0x75C50000 \Windows\System32\rpcrt4.dll
0x75BA0000 \Windows\System32\msvcrt.dll
0x75A60000 \Windows\System32\urlmon.dll
0x75900000 \Windows\System32\ole32.dll
0x758F0000 \Windows\System32\nsi.dll
0x758A0000 \Windows\System32\gdi32.dll
0x75810000 \Windows\System32\comctl32.dll
0x757F0000 \Windows\System32\devobj.dll
0x757C0000 \Windows\System32\cfgmgr32.dll
0x75770000 \Windows\System32\KernelBase.dll
0x75650000 \Windows\System32\crypt32.dll
0x75620000 \Windows\System32\wintrust.dll
0x75610000 \Windows\System32\msasn1.dll
Processes (total 76):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
480 csrss.exe
568 C:\Windows\System32\wininit.exe
576 csrss.exe
616 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\svchost.exe
888 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
916 C:\Windows\System32\winlogon.exe
980 C:\Windows\System32\atiesrxx.exe
1048 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\audiodg.exe
1356 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\atieclxx.exe
1696 C:\Windows\System32\spoolsv.exe
1736 C:\Windows\System32\svchost.exe
1900 C:\Windows\System32\svchost.exe
1920 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1956 C:\Program Files\BitKinex\bitkinexsvc.exe
2016 C:\Program Files\Bonjour\mDNSResponder.exe
128 C:\Windows\System32\svchost.exe
360 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
496 C:\Program Files\CDBurnerXP\NMSAccessU.exe
756 C:\Program Files\Sandboxie\SbieSvc.exe
1460 C:\Windows\System32\svchost.exe
1852 C:\Windows\System32\vmnat.exe
1952 C:\Program Files\VMware\VMware Server\tomcat\bin\tomcat6.exe
388 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\conhost.exe
2172 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2300 C:\Program Files\VMware\VMware Server\vmware-authd.exe
2428 C:\Windows\System32\vmnetdhcp.exe
2524 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2716 C:\Program Files\VMware\VMware Server\vmware-hostd.exe
2940 WmiPrvSE.exe
3100 C:\Windows\System32\svchost.exe
3220 WmiPrvSE.exe
3624 C:\Windows\System32\taskhost.exe
3968 C:\Windows\System32\dwm.exe
3992 C:\Windows\explorer.exe
2124 C:\Program Files\Microsoft Security Essentials\msseces.exe
2148 C:\Windows\WindowsMobile\wmdc.exe
2116 C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe
2424 C:\Windows\System32\svchost.exe
2764 C:\Program Files\pdf24\pdf24.exe
2992 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1492 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3212 C:\Program Files\iTunes\iTunesHelper.exe
3888 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3680 C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe
3984 C:\Program Files\Sandboxie\SbieCtrl.exe
3988 C:\Program Files\DAEMON Tools Lite\DTLite.exe
3404 C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
3396 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3288 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4080 C:\Program Files\iPod\bin\iPodService.exe
4396 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
4492 C:\Windows\System32\SearchIndexer.exe
4632 C:\Program Files\Windows Media Player\wmpnetwk.exe
4928 C:\Windows\System32\svchost.exe
5660 C:\Program Files\Mozilla Firefox\firefox.exe
5804 C:\Program Files\Mozilla Firefox\firefox.exe
1576 C:\Windows\System32\wbem\WmiApSrv.exe
3548 C:\Windows\System32\taskmgr.exe
5556 C:\Windows\System32\SearchProtocolHost.exe
5092 C:\Windows\System32\SearchFilterHost.exe
3436 C:\Users\*****\Desktop\MBRCheck.exe
5420 C:\Windows\System32\conhost.exe
3884 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`da500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000007a`18600000 (NTFS)
\\.\O: --> \\.\PhysicalDrive1 at offset 0x00000018`74aece00 (NTFS)
\\.\P: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\Q: --> \\.\PhysicalDrive1 at offset 0x00000009`54921c00 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ100E4
PhysicalDrive1 Model Number: SAMSUNGSP2504C, Rev: VT100-33
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
Und OSAM hängt als zip-File dran, da es in HTML ausgegeben wurde ... Gruß ThePhantom |
|
03.11.2010, 13:43
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren einZitat:
 Naja egal, HTML kann ich auch lesen. Sieht soweit ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ |
|
05.11.2010, 08:49
| #18 |
| | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein So, hier nochmal Lg-Dateien ... es wurder was gefunden (was jedoch mM nicht der Grund des Überls ist :-( ):
__________________SASW Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 11/03/2010 at 10:15 PM
Application Version : 4.45.1000
Core Rules Database Version : 5804
Trace Rules Database Version: 3616
Scan type : Complete Scan
Total Scan Time : 03:48:44
Memory items scanned : 536
Memory threats detected : 0
Registry items scanned : 9076
Registry threats detected : 0
File items scanned : 469398
File threats detected : 824
Adware.Tracking Cookie
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@mediainfo.sourceforge[2].txt
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@mediaarea[1].txt
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@atdmt[1].txt
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@doubleclick[2].txt
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@msnportal.112.2o7[1].txt
media.kyte.tv [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UH7X3QTG ]
media.mtvnservices.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UH7X3QTG ]
secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UH7X3QTG ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adc-serv[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad1.adfarm1.adition[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adecn[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adecn[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserving.ezanga[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91469.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91491.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz3.91469.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz9.91491.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@network.realmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.mlsat02[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.mlsat02[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.quisma[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.quisma[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@unitymedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@unitymedia[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@usenext[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@user.lucidmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@user.lucidmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vinvest.122.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.networkadvertising[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.usenext[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.zanox-affiliate[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.zanox-affiliate[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[3].txt
adserv.quality-channel.de [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
auktion.gesext.de [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
cdn1.eyewonder.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
googleads.g.doubleclick.net [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
img-cdn.mediaplex.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
media1.break.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
objects.tremormedia.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
objects.tremormedia.eu [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
pornoprinzen.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
spe.atdmt.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
static.sexsearchcom.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
static.youporn.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
vidii2.hardsextube.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
www.pornoprinzen.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
www.unitymedia.de [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@12finder[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@12finder[3].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@18pornmovies[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@2o7[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@4shemaleporn[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@a2.adserver01[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@a3.adserver01[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@abyssteens[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.71i[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.ad-srv[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.adition[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.adnet[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.adserver01[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.trackbar[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.yieldmanager[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.zanox[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad2.doublepimp[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adbrite[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adfarm1.adition[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@admarketplace[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adprotraffic[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.ad4game[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.fineadult[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.gays[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.glispa[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.heias[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.mail[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.right-ads[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.sportwerk[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adsby.aim4media[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adserver.hardsextube[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adsrv.admediate[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adsrv1.admediate[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adtech[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adultadworld[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adultfriendfinder[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adultsex-tube[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adultsex[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@advertising[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adviva[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@amateurslutsporn[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@apmebf[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@atdmt[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@atwola[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@bluestreak[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@bridge1.admarketplace[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@bs.serving-sys[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@casalemedia[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@cleoteener[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@click.payserve[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@clicks.pangora[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@content.yieldmanager[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@content.yieldmanager[3].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@conventionbanner[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@corkyteens[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@count.xhit[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@counter11.sextracker[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@counter15.sextracker[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@counter16.sextracker[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@counter4.sextracker[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@counter7.sextracker[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@counter9.sextracker[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@coxyteens[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@crazyhomesex[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@date.ventivmedia[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@dev.hardsextube[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@dirtywivesexposed[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@doubleclick[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@eas.apm.emediate[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ero-advertising[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@eteenvids[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@euros4click[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@exgfnudeporn[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@fastclick[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@fishsexmovies[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@flash-porn[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@fucking-paradise[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@fullsexmovies[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@galleries.adult-empire[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@galleries1.adult-empire[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@gmeurope.112.2o7[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@go.dynamic-tracking[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@greatteengirl[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@hardsextube[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@hisexgirls[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@hotfuckbook[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@im.banner.t-online[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@imrworldwide[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@iporn[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@justxxxvideo[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@livesexlist[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@lovefuckk[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@lucidmedia[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@maturefuckboy[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@media6degrees[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@mediaplex[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@microsoftsto.112.2o7[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@msnportal.112.2o7[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@msnservices.112.2o7[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@myadultclips[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@pinnaclesystems.122.2o7[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@porn-plus[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@porn.vidz[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@pornhub[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@pornorama[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@pornosphere[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@pornteensmovies[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@protraffic[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@questionmarket[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@serving-sys[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sex9[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sexhungrymoms[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sexlist[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sexodirectory[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sexsearchcom[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sextracker[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sexytubesite[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@smartadserver[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@solocunts[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@solocunts[3].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@specificclick[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@statcounter[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@statse.webtrendslive[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tailteens[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@teenburg[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@teeninsun[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@teenorange[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@teenporntale[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@teenselite[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@teensexmovs[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@thefuckingvideos[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@thefuckingvideos[3].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@toplist[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tour.sexsearchcom[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tracking.3gnet[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tracking.mindshare[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tracking.quisma[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tradedoubler[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@traffic-checker[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@trafficholder[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@traffictrack[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tsprotraffic[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tto2.traffictrack[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tube.iporn[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tubepilot[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tubepornsearch[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@unitymedia[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@vidsfucker[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@vipteenies[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@voyeurteentube[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@webmasterplan[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@wt.sexsearchcom[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.18pornmovies[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.18to19teenies[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.18to19teenies[3].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.abysspornstars[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.adultmoviedir[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.amateurslutsporn[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.bananasporn[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.coxyteens[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.easysextv[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.etracker[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.familysex[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.fishsexmovies[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.flash-porn[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.foxxxteens[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.fpctraffic2[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.freepornoteens[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.fuckhardclips[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.fullporn[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.fullsexmovies[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.gladteen[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.googleadservices[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.hardsextube[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.hmporn[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.justfuckingteens[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.maturefuckboy[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.maturefuckboy[3].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.maturesextube[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.maturesexymovie[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.maturesexyvids[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.momspornblog[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.niceyoungteens[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.pornhub[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.pornorama[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.pornosmile[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.realsexcity[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.sexvideohq[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.sexyflics[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.sexyminks[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.sexyrussianbabes[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.teenageselfpics[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.teenageselfpics[3].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.teeniepornotube[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.teeniesmile[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.teenporntale[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.teensbabylon[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.tightamateurteens[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.tightamateurteens[3].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.traffictrack[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.tubepornsearch[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.xxxblackbook[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.xxxgamer[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.zanox-affiliate[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www3.addfreestats[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@xm.xtendmedia[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@xxx-spoof[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@xxxblackbook[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@xxxcounter[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@xxxcreatures[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@yadro[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@yourlustporn[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@zanox-affiliate[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@zanox[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@zedo[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ad.71i[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ad.salebroker[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ad.zanox[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ads.heias[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ads.quartermedia[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@euros4click[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@im.banner.t-online[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@imrworldwide[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@komtrack[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@traffictrack[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@tto2.traffictrack[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@webmasterplan[2].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@xiti[1].txt
P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@zanox-affiliate[1].txt
.doubleclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.zanox-affiliate.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
ad.zanox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.zanox-affiliate.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.zanox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
statse.webtrendslive.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.atdmt.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adfarm1.adition.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
a6.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.apmebf.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.apmebf.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
a6.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.bs.serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
a7.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.mediaplex.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tto2.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adopt.euroclick.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
ad.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
ad.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
ad.zanox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
ad.zanox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.teltarifdeonlineverlaggmbh.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
ad.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.zanox-affiliate.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.zanox-affiliate.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
a7.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.fastclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.fastclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.mediaplex.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adserv.quality-channel.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
adserver.71i.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.mediaplex.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
a7.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.zedo.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.zedo.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tribalfusion.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.fastclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.fastclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.smartadserver.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.smartadserver.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.smartadserver.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.shop.adultshop.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.www.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.im.banner.t-online.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.revsci.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adbrite.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adbrite.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adbrite.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.zedo.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.usenext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ad.adnet.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.mein.gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.advertising.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.advertising.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.advertising.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tacoda.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tacoda.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tacoda.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.mediaplex.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
a6.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.atwola.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.quartermedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.quartermedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.casalemedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.casalemedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.casalemedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ad.adnet.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.xiti.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
zbox.zanox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.advertising.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.advertising.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tracking.3gnet.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.www.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adviva.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adviva.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.trafficmp.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.realmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.realmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.realmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.casalemedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.burstnet.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.www.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adopt.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.burstnet.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.hotelscom.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
rotator.adjuggler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
rotator.adjuggler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
adsrv.admediate.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
adsrv.admediate.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.advertising.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.at.atwola.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.at.atwola.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.fastclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.quartermedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.quartermedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.interclick.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
eas.apm.emediate.eu [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
eas.apm.emediate.eu [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.axelspringer.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.quartermedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
a6.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.smartadserver.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.atdmt.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.atdmt.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.atdmt.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.247realmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.questionmarket.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.realmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
eas.apm.emediate.eu [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.247realmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.zedo.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.collective-media.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tracking.3gnet.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tracking.3gnet.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.trafficmp.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.msnportal.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.clicksor.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.clicksor.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.empornium.us [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.empornium.us [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.empornium.us [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
openx.ventivmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.empornium.us [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.empornium.us [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.quartermedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.overture.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.overture.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.wissende.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.usenext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
mein.gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.cgm.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.at.atwola.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
a3.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.guj.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.burstnet.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.chitika.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.imrworldwide.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.imrworldwide.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.4stats.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.warnerbros.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
track.webtrekk.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.gmeurope.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.skype.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
beacons.hottraffic.nl [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
de.sitestat.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.media6degrees.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.media6degrees.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.media6degrees.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.media6degrees.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.media6degrees.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.interclick.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.trafficmp.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
adserv-new.20six.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.unitymedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.bluestreak.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.insightexpressai.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.insightexpressai.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.insightexpressai.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.insightexpressai.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.insightexpressai.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.track.asus.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.track.asus.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
track.asus.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.revsci.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tracking.mindshare.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.pinnaclesystems.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.torrent-finder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.torrent-finder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.torrent-finder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
torrent-finder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
torrent-finder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
adserver.adreactor.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adbrite.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.kontera.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.kontera.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.kontera.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.crackserialcodes.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.crackserialcodes.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.warez-catalog.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.warez-catalog.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
cdn5.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
cdn5.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.revsci.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
banner.slashcam.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.soundtrack-board.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.soundtrack-board.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.soundtrack-board.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.soundtrack-board.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.soundtrack-board.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.msnservices.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.hotelreservationservice.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.urlaubfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.urlaubfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.cgm.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.cgm.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.cgm.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www7.addfreestats.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ehg.hitbox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ehg.hitbox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ehg-techtarget.hitbox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.hitbox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
adserver.digicamclub.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
advertiser.contextmatters.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.ad.adnet.biz [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.11880.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
tracking.11880.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
webcount.feratel.at [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.dealtime.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
stat.dealtime.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
a2.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
adserver.trafficperformance.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.divx.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
data.coremetrics.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.partypoker.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.partypoker.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.moviepilot.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.moviepilot.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.moviepilot.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
livestat.derstandard.at [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
ww251.smartadserver.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.insightexpressai.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.count.xhit.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
de.sitestat.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
de.sitestat.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.vodafonegroup.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.clickgamer.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.clickapps.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www3.addfreestats.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.4stats.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
adserver.iszene.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.microsoftwindows.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.deutschepostag.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
eas4.emediate.eu [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tele2de.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
de.sitestat.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
adsrv1.admediate.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.questionmarket.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.clickgamer.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.game-advertising-online.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.videoegg.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.server.cpmstar.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.server.cpmstar.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.motricitymobile2daydeprod.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
de.sitestat.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tracking.mindshare.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.revsci.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.revsci.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.content.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adserver.aol.fr [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.de.at.atwola.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
ad.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
ad.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
track.neckermann.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
track.neckermann.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
track.neckermann.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.superstats.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.unitymedia.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.tracking.mindshare.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
eas.apm.emediate.eu [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.yadro.ru [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
a7.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
a7.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.hansenet.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
www.googleadservices.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.fastclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
eas.apm.emediate.eu [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
ad.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.content.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.iacas.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.iacas.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.iacas.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.iacas.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.stat.youku.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.lstat.youku.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
.lstat.youku.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
Trojan.Agent/Gen
C:\32788R22FWJFW\MBR.CFXXE
Trojan.Agent/Gen-Koobface[Bonkers]
O:\DIGITAL VIDEO\DBOX2\TOOLS\CAPI-WATCH\DBOX2ISDN_V1\DBOX2ISDN.EXE
MalwareBytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5046
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
04.11.2010 22:11:41
mbam-log-2010-11-04 (22-11-41).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 364654
Laufzeit: 46 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Was mir auffällt: Wenn ich den Firefox öffnen will, geht das immer nur beim zweiten Klick. Beim ersten mal geht ein Prozess mit 1,8 MB auf, und nix passiert. Erst der zweite Klick öffnete einen weiteren firefox-Prozess, der dann auch den Firefox wirklich öffnet. Und mein Security Essentials lässt sich immer noch nicht aktualisieren :-( Gruß und nochmal danke ThePhantom |
|
05.11.2010, 15:49
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Deinstallier mal bitte Securitry Essentials. Starte den Rechner neu und probier Combofix nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.11.2010, 17:30
| #20 |
| | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Hat leider nichts gebracht - aber ich habe mal im Safe-Mode gestartet. Da gings dann (bringt das was?). Allgemein ist es jedoch wieder sehr schlimm - da ist defnitiv irgendwas im Verborgnenen: - selbst öffnende Webseiten - Blockierung von Updates - Einfrieren des Rechner usw. ... Code:
ATTFilter ComboFix 10-11-07.04 - ****** 07.11.2010 16:59:18.1.4 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3326.2274 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Neuer Wiederherstellungspunkt wurde erstellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-07 bis 2010-11-07 ))))))))))))))))))))))))))))))
.
2010-11-07 16:02 . 2010-11-07 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-07 15:51 . 2010-11-07 15:51 -------- d-----w- C:\TollesProgramm
2010-11-06 09:32 . 2010-10-18 08:41 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05D2C863-039B-41FC-894F-CBC51E9C7058}\mpengine.dll
2010-11-05 17:14 . 2010-10-18 08:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B26C2961-CC2D-4369-8402-B3B92DD5B92A}\mpengine.dll
2010-11-05 17:06 . 2010-11-05 17:06 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-03 17:12 . 2010-11-03 17:12 -------- d-----w- c:\users\*****\AppData\Roaming\SUPERAntiSpyware.com
2010-11-03 17:12 . 2010-11-03 17:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-11-03 17:12 . 2010-11-03 17:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-01 06:51 . 2010-11-01 06:51 -------- d-----w- c:\program files\CCleaner
2010-10-31 21:00 . 2010-10-31 21:00 -------- d-----w- C:\_OTL
2010-10-31 08:55 . 2010-10-31 08:55 -------- d-----w- c:\program files\ESET
2010-10-28 14:41 . 2010-10-31 20:48 -------- d-----w- C:\HiJackThis
2010-10-28 14:05 . 2010-10-28 14:05 -------- d-----w- c:\users\*****\AppData\Roaming\Malwarebytes
2010-10-28 14:05 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 14:05 . 2010-10-28 14:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-28 14:05 . 2010-10-28 14:05 -------- d-----w- c:\programdata\Malwarebytes
2010-10-28 14:05 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 05:36 . 2010-10-28 12:27 -------- d---a-w- C:\DesinfectLogs
2010-10-27 18:25 . 2010-10-30 10:43 -------- d---a-w- C:\INFECTED
2010-10-25 14:11 . 2010-10-26 14:46 -------- d-----w- C:\Converted
2010-10-25 14:11 . 2010-10-25 14:11 -------- d-----w- c:\program files\SoundTaxi Media Suite
2010-10-25 14:10 . 2010-06-15 18:00 245760 ----a-w- c:\windows\system32\snmvtsvc.exe
2010-10-25 14:10 . 2010-06-16 06:53 5688 ----a-w- c:\windows\system32\SndTVideo.sys
2010-10-25 14:10 . 2010-06-16 06:53 14392 ----a-w- c:\windows\system32\SndTVideo.dll
2010-10-25 14:10 . 2010-06-16 06:53 23096 ----a-w- c:\windows\system32\SndTAudio.sys
2010-10-25 14:10 . 2010-06-16 06:53 23096 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2010-10-25 14:10 . 2010-10-25 14:10 -------- d-----w- c:\program files\SoundTaxi
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-10-26 16:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-05-14 17:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-21 05:32 . 2010-09-15 19:11 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-11 18:45 . 2010-08-11 18:45 29184 ----a-r- c:\users\*****\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GMX SMS-Manager"="c:\program files\GMX\GMX SMS-Manager\SMSMngr.exe" [2007-07-19 3539968]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-09-30 387584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"CamserviceOG"="c:\program files\Hercules\Deluxe Optical Glass\XtrCtrl.exe" [2009-10-19 2913576]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-02-22 207504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-6-2 1036464]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-26 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-03-04 12:31 311296 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-02 05:41 1242448 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-29 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-05 172032]
R2 BitKinex;BitKinex File Transfer Service;c:\program files\BitKinex\bitkinexsvc.exe DISPATCH [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-20 54960]
R2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096]
R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-05 5550592]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-05 176128]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-13 1394688]
R3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys [2009-02-09 99968]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-08-28 17408]
R3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2010-06-15 245760]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2010-06-16 23096]
R3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [2010-06-15 348160]
R3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [2009-10-20 22528]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
2010-11-07 c:\windows\Tasks\Funambol Outlook Sync Client - ******.job
- c:\program files\Funambol\Outlook Client\OutlookPlugin.exe [2009-09-03 17:55]
2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 14:38]
2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 14:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download with BitKinex - c:\program files\BitKinex\ieext_cp.htm
IE: &Register in BitKinex - c:\program files\BitKinex\ieext_reg.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Server\vsocklib.dll
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jt9kjgnv.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jt9kjgnv.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, hxxp://www.gmer.net
Windows 6.1.7600 Disk: SAMSUNG_SP2504C rev.VT100-33 -> \Device\Ide\IdeDeviceP3T0L0-5
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP6T0L0-8 -> \??\IDE#DiskSAMSUNG_HD103SJ_________________________1AJ100E4#5&17b185bc&0&4.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Registry trace:
called modules: ntkrnlpa.exe halmacpi.dll
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-11-07 17:03:30
ComboFix-quarantined-files.txt 2010-11-07 16:03
Vor Suchlauf: 19 Verzeichnis(se), 69.865.627.648 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 69.719.048.192 Bytes frei
- - End Of File - - 9D979A1A39914E1AFCCCCE714831AF87
Geändert von ThePhantom79 (07.11.2010 um 18:22 Uhr) |
|
07.11.2010, 23:20
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Bitte Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ --> Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein |
|
08.11.2010, 09:33
| #22 |
| | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Hi, ich habe in der Zwischenzeit aus Verzweifelung noch ein Offline-Scan mit der Desinfec't gemacht, und folgende Viren wurden gefunden (sdb2 ist meine Bootpartition): /media/sdb2/ProgramData/Microsoft/Windows/WER/ReportQueue/Kernel_0_0_15ae5f7d/WER5EE1.tmpatk.kdmp last modified on Date: 2010-11-01 Time: 08:38:40, Size: 122500 bytes ALERT: TR/Agent.8704.76 ; trojan ; Is the Trojan horse TR/Agent.8704.76 /media/sdb2/Windows/System32/config/systemprofile/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/30/2cf4ec9e-55e34edd last modified on Date: 2010-11-02 Time: 17:38:05, Size: 3732 bytes ALERT: bpac/a.class <<< JAVA/Agent.2212 ; virus ; Contains detection pattern of the Java virus JAVA/Agent.2212 /media/sdb2/Windows/System32/config/systemprofile/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/4c865cbe-73e9d9dc last modified on Date: 2010-11-04 Time: 22:44:33, Size: 3732 bytes ALERT: bpac/a.class <<< JAVA/Agent.2212 ; virus ; Contains detection pattern of the Java virus JAVA/Agent.2212 Hier nun die gwünschten Logs: GMER: Code:
ATTFilter GMER 1.0.15.15477 - h**p://www.gmer.net
Rootkit scan 2010-11-02 19:33:30
Windows 6.1.7600
Running: 5pr8zszx.exe; Driver: C:\Users\*****\AppData\Local\Temp\kgldiuod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C51599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C75F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 82E83135 5 Bytes JMP 8941DC50
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 82E84B5D 5 Bytes JMP 8941DBB0
PAGE ntkrnlpa.exe!NtRequestPort + 2 82E98DC3 5 Bytes JMP 8941DB10
? System32\Drivers\spzp.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91807000, 0x2FBFB8, 0xE8000020]
.text USBPORT.SYS!DllUnload 915D5CA0 5 Bytes JMP 8706C1D8
.text a20x9xs7.SYS 98E34000 12 Bytes [44, 38, 02, 83, EE, 36, 02, ...] {INC ESP; CMP [EDX], AL; SUB ESI, 0x36; ADD AL, [EBX-0x7cfde860]}
.text a20x9xs7.SYS 98E3400D 9 Bytes [17, 02, 83, 48, 3B, 02, 83, ...] {POP SS; ADD AL, [EBX-0x7cfdc4b8]; ADD [EAX], AL}
.text a20x9xs7.SYS 98E34017 170 Bytes [00, DE, 87, 5A, 83, E6, 85, ...]
.text a20x9xs7.SYS 98E340C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a20x9xs7.SYS 98E340CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text autochk.exe 002211D1 2 Bytes [F1, 19]
.text autochk.exe 002211D4 3 Bytes [94, F1, 19]
.text autochk.exe 002211D8 3 Bytes [AC, 5E, 18]
.text autochk.exe 002211DC 1 Byte [03]
.text autochk.exe 002211E0 3 Bytes [7C, EE, 19]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [834AC042] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [834AC6D6] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [834AC800] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [834AC13E] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
---- Devices - GMER 1.0.15 ----
Device \Device\Ide\IdeDeviceP6T0L0-8 -> \??\IDE#DiskSAMSUNG_HD103SJ_________________________1AJ100E4#5&17b185bc&0&4.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0xA9 0xA8 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6B 0x92 0x83 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0xDE 0x8D 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8E 0xFC 0x29 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0xA9 0xA8 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6B 0x92 0x83 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0xDE 0x8D 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8E 0xFC 0x29 0x02 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Pinnacle\Studio 14\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1328d8d3
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x7C 0x04 0x06 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices@AliveDeviceCount 1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices@FunctionalDMRCount 1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\E4-7C-F9-7A-7F-B6@Alive 0
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers@AliveDeviceCount 1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers@FunctionalDMRCount 1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers\592DE09F-959F-69CD-2F8E-FBB9AF9EB41F@Alive 0
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR
---- EOF - GMER 1.0.15 ----
OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:08:25 on 08.11.2010 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.12 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Funambol Outlook Sync Client - *****.job" - "Funambol" - C:\Program Files\Funambol\Outlook Client\OutlookPlugin.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aa9lgrmo" (aa9lgrmo) - "Microsoft Corporation" - C:\Windows\system32\drivers\aa9lgrmo.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "Apple Mobile Device Ethernet Service" (Netaapl) - "Apple Inc." - C:\Windows\System32\DRIVERS\netaapl.sys "catchme" (catchme) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys (File not found) "CrystalSysInfo" (CrystalSysInfo) - ? - C:\Program Files\MediaCoder\SysInfo.sys (File found, but it contains no detailed information) "kgldiuod" (kgldiuod) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\kgldiuod.sys (Hidden registry entry, rootkit activity | File not found) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "SbieDrv" (SbieDrv) - "tzuk" - C:\Program Files\Sandboxie\SbieDrv.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys "VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\drivers\hcmon.sys "VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys "VMware vmci" (vmci) - "VMware, Inc." - C:\Windows\system32\Drivers\vmci.sys "VMware VMparport" (VMparport) - "VMware, Inc." - C:\Windows\system32\Drivers\VMparport.sys "VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\Drivers\vmx86.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files\Pinnacle\Studio 14\Programs\BlueShellExt.dll (File found, but it contains no detailed information) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {6567D0AE-32DF-11D7-BC71-00408103CEAF} "ExplExt Class" - "Barad-Dur, LLC." - C:\Program Files\BitKinex\win32\bitkinexwe.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {82774781-8F4E-11D1-AB1C-0000F8773BF0} "DLC Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\grTransferCtrl.dll / https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab {45B69029-F3AB-4204-92DE-D5140C3E8E74} "F5 Networks Auto Update" - "F5 Networks" - C:\Windows\Downloaded Program Files\InstallerControl.dll / C:\Users\CHRIST~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} "F5 Networks Dynamic Application Tunnel Control" - "F5 Networks" - C:\Windows\Downloaded Program Files\TunnelServerX.dll / C:\Users\CHRIST~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab {E0FF21FA-B857-45C5-8621-F120A0C17FF2} "F5 Networks Host Control" - "F5 Networks" - C:\Windows\Downloaded Program Files\urxhost.dll / C:\Users\CHRIST~1\AppData\Local\Temp\f5tmp\urxhost.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab {4A85DBE0-BFB2-4119-8401-186A7C6EB653} "{4A85DBE0-BFB2-4119-8401-186A7C6EB653}" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MJSS.ocx / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {38E51477-DDB4-4aed-9D61-D0C193E10749} "Rip YouTube File" - ? - C:\Program Files\SoundTaxi\YouTubeRipper.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Air Mouse.lnk" - ? - C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "GMX SMS-Manager" - "1&1 Internet AG" - C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe "Messenger (Yahoo!)" - "Yahoo! Inc." - "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet "SandboxieControl" - "tzuk" - "C:\Program Files\Sandboxie\SbieCtrl.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "CamserviceOG" - "Guillemot Corporation S.A." - C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe /startup "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "MSSE" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey "PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "FRITZ!fax Color Monitor" - "AVM Berlin" - C:\Windows\system32\FritzVistaColorMon.dll "FRITZ!fax Port Monitor" - "AVM Berlin" - C:\Windows\system32\FritzVistaMon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "BitKinex File Transfer Service" (BitKinex) - ? - C:\Program Files\BitKinex\bitkinexsvc.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Sandboxie Service" (SbieSvc) - "tzuk" - C:\Program Files\Sandboxie\SbieSvc.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "SMServer" (SMServer) - "SMServer" - C:\Windows\system32\snmvtsvc.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "STSService" (STSService) - ? - C:\Program Files\SoundTaxi Media Suite\STSService.exe (File found, but it contains no detailed information) "VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Program Files\VMware\VMware Server\vmware-authd.exe "VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\Windows\system32\vmnetdhcp.exe "VMware Host Agent" (VMwareHostd) - ? - C:\Program Files\VMware\VMware Server\vmware-hostd.exe (File found, but it contains no detailed information) "VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\Windows\system32\vmnat.exe "VMware Server Web Access" (VMwareServerWebAccess) - "Apache Software Foundation" - C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe "VMware VSS Writer" (vmwriter) - "VMware, Inc." - C:\Program Files\VMware\VMware Server\vmVssWriter.exe "Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "VMCI sockets DGRAM" - "VMware, Inc." - C:\Program Files\VMware\VMware Server\vsocklib.dll "VMCI sockets STREAM" - "VMware, Inc." - C:\Program Files\VMware\VMware Server\vsocklib.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP45-DS3
Logical Drives Mask: 0x0001debd
Kernel Drivers (total 224):
0x82C46000 \SystemRoot\system32\ntkrnlpa.exe
0x82C0F000 \SystemRoot\system32\halmacpi.dll
0x86DD7000 \SystemRoot\system32\kdcom.dll
0x8321A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83292000 \SystemRoot\system32\PSHED.dll
0x832A3000 \SystemRoot\system32\BOOTVID.dll
0x832AB000 \SystemRoot\system32\CLFS.SYS
0x832ED000 \SystemRoot\system32\CI.dll
0x8343F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x834B0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x834BE000 \SystemRoot\System32\Drivers\spir.sys
0x835B1000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x835BA000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x83398000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x835E0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x835E8000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x83400000 \SystemRoot\system32\DRIVERS\pci.sys
0x8342A000 \SystemRoot\System32\drivers\partmgr.sys
0x833E0000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8363C000 \SystemRoot\System32\drivers\volmgrx.sys
0x83687000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8368E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8369C000 \SystemRoot\System32\drivers\mountmgr.sys
0x836B2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x836BB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x836DE000 \SystemRoot\system32\DRIVERS\msahci.sys
0x836E8000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x836F1000 \SystemRoot\system32\drivers\fltmgr.sys
0x83725000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BE22000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF51000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BF7C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BF8F000 \SystemRoot\System32\Drivers\cng.sys
0x8BFEC000 \SystemRoot\System32\drivers\pcw.sys
0x8BE00000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x83736000 \SystemRoot\system32\drivers\ndis.sys
0x8C03F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C07D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C0A2000 \SystemRoot\System32\drivers\tcpip.sys
0x8C000000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C031000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C223000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C262000 \SystemRoot\System32\Drivers\spldr.sys
0x8C26A000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C297000 \SystemRoot\System32\Drivers\mup.sys
0x8C2A7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C2AF000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C2E1000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C2F2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C34A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C369000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8C38C000 \SystemRoot\System32\Drivers\Null.SYS
0x8C393000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C39A000 \SystemRoot\System32\drivers\vga.sys
0x8C3A6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C3C7000 \SystemRoot\System32\drivers\watchdog.sys
0x8C3D4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C3DC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C3E4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C3EC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C200000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BE09000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C20E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90C27000 \SystemRoot\system32\drivers\afd.sys
0x90C81000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90CB3000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x90CBC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90CC3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90CE2000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x90CF2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90D00000 \SystemRoot\system32\DRIVERS\serial.sys
0x90D1A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90D2D000 \SystemRoot\system32\drivers\vpcvmm.sys
0x90D74000 \SystemRoot\System32\drivers\truecrypt.sys
0x90DA9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90DB9000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x90DDB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x91436000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91477000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91481000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9148B000 \SystemRoot\System32\drivers\discache.sys
0x91497000 \SystemRoot\system32\drivers\csc.sys
0x914FB000 \SystemRoot\System32\Drivers\dfsc.sys
0x91513000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x91521000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91542000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91554000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9163A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x95033000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x950EA000 \SystemRoot\System32\drivers\dxgmms1.sys
0x95123000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x95142000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9514D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x95198000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x95411000 \SystemRoot\system32\drivers\HCW85BDA.sys
0x95566000 \SystemRoot\system32\drivers\BdaSup.SYS
0x95569000 \SystemRoot\system32\drivers\ks.sys
0x9559D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x955A3000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x955C8000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x955F4000 \SystemRoot\system32\DRIVERS\fdc.sys
0x95400000 \SystemRoot\system32\DRIVERS\serenum.sys
0x951A7000 \SystemRoot\system32\DRIVERS\parport.sys
0x951BF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9540A000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0x951D7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91600000 \SystemRoot\System32\Drivers\aa9lgrmo.SYS
0x951E4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x95000000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x95012000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x951F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91BD4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91584000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9159C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x915B3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91BF6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x915CA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9540E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91400000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0x915D7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x915E5000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x90DE1000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x951FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x83600000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x95E1E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x95E62000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x95E6C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x95E7D000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x95E9B000 \SystemRoot\system32\drivers\portcls.sys
0x95ECA000 \SystemRoot\system32\drivers\drmk.sys
0x95EE3000 \SystemRoot\system32\drivers\HdAudio.sys
0x82150000 \SystemRoot\System32\win32k.sys
0x95F33000 \SystemRoot\System32\drivers\Dxapi.sys
0x95F3D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95F4A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x95F55000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x95F5F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x95F70000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x95F87000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95F9E000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x95FAC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x95FB7000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x95FBD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95FC8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95FDB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x95FE2000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x95FEA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x95FF5000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x99E0C000 \SystemRoot\system32\DRIVERS\snpstd3.sys
0x9A7F0000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x95E00000 \SystemRoot\system32\DRIVERS\hxctlflt.sys
0x90C00000 \SystemRoot\system32\drivers\usbaudio.sys
0x99E00000 \SystemRoot\system32\DRIVERS\monitor.sys
0x823B0000 \SystemRoot\System32\TSDDD.dll
0x82000000 \SystemRoot\System32\ATMFD.DLL
0x82050000 \SystemRoot\System32\cdd.dll
0x8C317000 \SystemRoot\system32\drivers\luafv.sys
0x83200000 \SystemRoot\system32\drivers\WudfPf.sys
0x9502A000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x95E19000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x90C14000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8C332000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA001E000 \SystemRoot\system32\drivers\HTTP.sys
0xA00A3000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA00BC000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA00CE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA00F1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA012C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0147000 \??\C:\Windows\system32\drivers\hcmon.sys
0xA0151000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA0158000 \??\C:\Windows\system32\Drivers\vmci.sys
0xA0164000 \??\C:\Windows\system32\Drivers\VMparport.sys
0x9FE27000 \??\C:\Windows\system32\Drivers\vmx86.sys
0x9FEF7000 \SystemRoot\system32\drivers\peauth.sys
0x9FF8E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9FF98000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
0x9FFB8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9FFD9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9FFE6000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0xA0166000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3E1A000 \SystemRoot\System32\DRIVERS\srv.sys
0xA3ECE000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA3F83000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA3F8C000 \??\C:\Users\CHRIST~1\AppData\Local\Temp\kgldiuod.sys
0x77670000 \Windows\System32\ntdll.dll
0x479E0000 \Windows\System32\smss.exe
0x778B0000 \Windows\System32\apisetschema.dll
0x00650000 \Windows\System32\autochk.exe
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77890000 \Windows\System32\normaliz.dll
0x77530000 \Windows\System32\urlmon.dll
0x77860000 \Windows\System32\imagehlp.dll
0x77840000 \Windows\System32\sechost.dll
0x77390000 \Windows\System32\setupapi.dll
0x777B0000 \Windows\System32\oleaut32.dll
0x76740000 \Windows\System32\shell32.dll
0x765E0000 \Windows\System32\ole32.dll
0x765D0000 \Windows\System32\psapi.dll
0x76500000 \Windows\System32\msctf.dll
0x764B0000 \Windows\System32\gdi32.dll
0x76420000 \Windows\System32\clbcatq.dll
0x763C0000 \Windows\System32\difxapi.dll
0x761C0000 \Windows\System32\iertutil.dll
0x760C0000 \Windows\System32\wininet.dll
0x760A0000 \Windows\System32\imm32.dll
0x76020000 \Windows\System32\comdlg32.dll
0x75F40000 \Windows\System32\kernel32.dll
0x75F00000 \Windows\System32\ws2_32.dll
0x75EB0000 \Windows\System32\Wldap32.dll
0x75EA0000 \Windows\System32\nsi.dll
0x75E90000 \Windows\System32\lpk.dll
0x75DE0000 \Windows\System32\msvcrt.dll
0x75D80000 \Windows\System32\shlwapi.dll
0x75CB0000 \Windows\System32\user32.dll
0x75C00000 \Windows\System32\rpcrt4.dll
0x75B60000 \Windows\System32\advapi32.dll
0x75AC0000 \Windows\System32\usp10.dll
0x759A0000 \Windows\System32\crypt32.dll
0x75950000 \Windows\System32\KernelBase.dll
0x75920000 \Windows\System32\wintrust.dll
0x75890000 \Windows\System32\comctl32.dll
0x75870000 \Windows\System32\devobj.dll
0x75840000 \Windows\System32\cfgmgr32.dll
0x75830000 \Windows\System32\msasn1.dll
Processes (total 77):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
480 csrss.exe
568 C:\Windows\System32\wininit.exe
576 csrss.exe
616 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\winlogon.exe
924 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1000 C:\Windows\System32\atiesrxx.exe
1060 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\svchost.exe
1572 C:\Windows\System32\atieclxx.exe
1632 C:\Windows\System32\svchost.exe
1856 C:\Windows\System32\spoolsv.exe
1884 C:\Windows\System32\svchost.exe
2040 C:\Windows\System32\svchost.exe
128 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
364 C:\Program Files\BitKinex\bitkinexsvc.exe
416 C:\Program Files\Bonjour\mDNSResponder.exe
388 C:\Windows\System32\svchost.exe
436 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
1620 C:\Program Files\CDBurnerXP\NMSAccessU.exe
1908 C:\Program Files\Sandboxie\SbieSvc.exe
1592 C:\Windows\System32\svchost.exe
2068 C:\Windows\System32\vmnat.exe
2128 C:\Program Files\VMware\VMware Server\tomcat\bin\tomcat6.exe
2168 C:\Windows\System32\svchost.exe
2176 C:\Windows\System32\conhost.exe
2200 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2292 C:\Program Files\VMware\VMware Server\vmware-authd.exe
2380 C:\Windows\System32\vmnetdhcp.exe
2488 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2744 C:\Program Files\VMware\VMware Server\vmware-hostd.exe
3020 WmiPrvSE.exe
3080 C:\Windows\System32\svchost.exe
3912 C:\Windows\System32\taskhost.exe
4016 C:\Windows\System32\dwm.exe
4040 C:\Windows\explorer.exe
2776 C:\Windows\WindowsMobile\wmdc.exe
1972 C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe
3060 C:\Windows\System32\svchost.exe
2996 C:\Program Files\pdf24\pdf24.exe
3088 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1692 C:\Program Files\iTunes\iTunesHelper.exe
3368 C:\Program Files\Microsoft Security Essentials\msseces.exe
3376 C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe
3388 C:\Program Files\Sandboxie\SbieCtrl.exe
3408 C:\Program Files\DAEMON Tools Lite\DTLite.exe
3872 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3708 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3164 C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
1548 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3676 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4280 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
4376 C:\Windows\System32\SearchIndexer.exe
4448 C:\Program Files\iPod\bin\iPodService.exe
4624 C:\Program Files\Windows Media Player\wmpnetwk.exe
5036 C:\Windows\System32\svchost.exe
5580 C:\Program Files\Mozilla Firefox\firefox.exe
3600 C:\Windows\System32\taskmgr.exe
3452 C:\Users\*****\Desktop\5pr8zszx.exe
4124 C:\Windows\System32\audiodg.exe
116 C:\Windows\System32\notepad.exe
3760 C:\Program Files\Mozilla Firefox\firefox.exe
6108 C:\Windows\System32\SearchProtocolHost.exe
5880 C:\Windows\System32\SearchFilterHost.exe
3696 C:\Windows\explorer.exe
2372 C:\Users\*****\Desktop\MBRCheck.exe
4776 C:\Windows\System32\conhost.exe
3140 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`da500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000007a`18600000 (NTFS)
\\.\O: --> \\.\PhysicalDrive1 at offset 0x00000018`74aece00 (NTFS)
\\.\P: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\Q: --> \\.\PhysicalDrive1 at offset 0x00000009`54921c00 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ100E4
PhysicalDrive1 Model Number: SAMSUNGSP2504C, Rev: VT100-33
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
Geändert von ThePhantom79 (08.11.2010 um 10:13 Uhr) |
|
09.11.2010, 00:32
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.11.2010, 08:03
| #24 |
| | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Hallo, vielen Dank für Eure Untertsützung - aber ich habe gestern Abend meine Betriebssystempartition formatiert und neu installiert. Es mochte zwar in den ca. 20 Logs alles immer gut aussehen, aber es wurde immer schlimmer mit den sich öffnenden Popups, Abstürzen, und seltsamen Fehlermeldungen. Jetzt ist er mal wieder alles gut. Also nichts für ungut - Danke für Eure Mühe. Gruß ThePhantom |
|
| Themen zu Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein |
| adobe, bho, bonjour, browser, cdburnerxp, desinfec't, erste mal, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, logfile, microsoft security, microsoft security essentials, nicht mehr öffnen, pdf, plug-in, problem, prozess, prozesse, safer networking, schädling, security, server, software, system, taskmanager, temp, tunnel, usb, windows |
Linear-Darstellung
